Every Business Needs a Security Plan

Too many businesses wait until it's too late to think about their company's physical security and cybersecurity issues. That's not good for business, according to Mike Howard, chief security officer for Microsoft. Howard, an ex-CIA officer who handles all physical security for the company's worldwide operations, says that integrating a security team or plan into your company's day-to-day operations is the key to getting the most value from it. "Security is not something that should be thought of as 'break glass only in times of emergency,'" he told BusinessNewsDaily in an exclusive interview. "It affects a brand's reputation, can result in lawsuits, and requires initial investments up front." If you don't want to spend money on security now, you'll surely pay more later, he said. Howard should know. His security team is ultimately responsible for the safety and security of Microsoft's entire executive team, its 90,000 employees, roughly 90,000 contractors, 700 facilities in more than 100 countries worldwide and all of the visitors to those facilities. He's also responsible, of course, for all of their computers and hardware and the information it they contain. [The Man Who Keeps Microsoft Safe and Secure] Howard said it's understandable that businesses may not spend a lot of time focusing on security. "Businesses rightly so are focused on making a profit and that's going to be their natural concentration," he said. "I understand a company's main emphasis is not on security." It's a mistake, however, to underestimate the importance of security issues at a business of any size, Howard said. "Companies don't take the time to understand the role of security in an organization," he said, referring to everything from employee safety to theft to cybersecurity. "When it comes time to carve out funds for security, there's a benign lack of knowledge or interest because there are higher priorities." Howard has made it one of his top priorities to educate Microsoft's senior management about how important security is. "Businesses are a microcosm of society and there is a tendency to be in denial about having a general security awareness. The mindset is, it's never going to happen to us." He said that companies tend to want to spend money on what's most likely to give them a visible and timely return on investment.

10 Simple Tips to Avoid Identity Theft

An unfamiliar bill. A call from a bank asking about unknown charges. Being turned down for a loan or an apartment because of red flags in your credit check. All these are signs your identity may have been stolen. Forms of identity theft include using stolen payment-card information to make a purchase; taking control of existing accounts with banks and online payments platforms such as PayPal; and opening new accounts with online sites such as eBay and Amazon, mobile carriers or utilities. The No. 1 consumer complaint filed with the Federal Trade Commission for the past 14 years, identity theft is on the rise. More than 13 million people were victims of identity theft in 2013, according to the latest report from Pleasanton, Calif.-based Javelin Strategy & Research. It's also big money for the thieves, with Javelin estimating $18 billion in identity theft-related losses in the United States for 2013. MORE: Best Identity-Theft Protection Software "The situation around credit card and identity theft is getting worse, and shows no signs in the near or intermediate term of getting any better," said Christopher Budd, a threat-communications manager at Tokyo-based anti-virus company Trend Micro. Identity theft can happen to anyone — there's no single group that is more or less susceptible to being victimized.

iOS 7 Glitch Kills Find My iPhone Without Password

There's an adage among iPhone owners that you should never update your phone to the last version of iOS that works on it, usually because a newer operating system can slow down an older device. Unfortunately, a different kind of glitch appears to affect iPhone 4 and 4S models running iOS 7. It may be possible to turn off Find My iPhone without a password by simply hitting two buttons at the same time, a bonus for iPhone thieves. MORE:Mobile Security Guide: Everything You Need to Know American iPhone tweaker Miguel Alvarado posted a video on his YouTube page yesterday (April 2) demonstrating how to do this. Alvarado showed that if the virtual toggle switch to disable Find My iPhone and the button to delete the attached iCloud account are pressed at the same time, and then the phone is switched off when the Apple ID password is asked for, the security settings can be overridden.

Facebook Could Go Anonymous

Facebook may be feeling some backlash for its lack of privacy and anonymity, both of which users are enamored with, as evidenced by the rapid popularity of anonymous social apps such as Secret and Whisper. According to a report from Re/code, Secret and Facebook may be in talks about how they can work together. One rumor points to an offer of $100 million from Facebook to buy Secret outright. Facebook has a well-documented history of purchasing buzzy new companies — such as the $19 billion it spent on WhatsApp and the $2 billion for Oculus Rift — so this rumor may not be outside the realm of possibility. However, Re/code does say that representatives from both Facebook and Secret declined to comment. MORE: Secret vs. Whisper: Which Anonymous Sharing App is Best? Also giving credence to this rumor is the fact that the social-networking giant recently started playing with ways to log into some Facebook-owned apps anonymously, including Instagram. In an interview with Bloomberg, CEO Mark Zuckerberg admitted that private Facebook Group messaging was one idea that came out of recent Facebook Creative Labs hackathons. Both of these ideas would be contrary to the always-on, constantly-updating-the-world, real-names-only philosophy that Facebook has operated under since its inception. We look forward to finding out more about how Facebook may update its privacy settings, and roll out new features, at the Facebook F8 developers conference later this month.

Social Media Security

No matter what you think about Facebook, you have to admit it's a pretty impressive networking tool. Along with other social media websites, Facebook allows people to stay connected with friends and family. However, there's a darker side to this connection as well: Facebook also connects its user to a number of Internet security risks. To celebrate Facebook's tenth anniversary, SecurityCoverage Inc. shared some interesting facts about today's social networking sites and advice on how users can protect their personal information. Within the past five years, social media sites have seen an explosion in their number of users. In 2008, Facebook and Twitter boasted 100 million users and six million users, respectively. Now over one billion people connect over Facebook and Twitter's user base has almost forty times the number it had five years ago. LinkedIn leaped from 33 million to 225 million users, and Instagram from one million to over 150 million users. In fact, in the span of one minute, there are a hundred thousand new tweets and a hundred new LinkedIn accounts made. A Haven For Hackers Unfortunately, just because everyone uses a site doesn't mean your account on it is 100% safe. This past year was one of the worst in data breaches yet with six million Facebook members affected by a bug that sent private information of users to outside sources. Eight million LinkedIn, eHarmony, and Last.fm passwords were stolen and uploaded to a Russian hacker forum, and 250,000 Twitter users' information was hacked. We've all seen the fake tweets by people pretending to be fictional characters, or even imitating celebrities. In just the first months of 2013, 7.2 percent of social media profiles were fake accounts. While hilarious, these phony identities can be shelters for cybercriminals with malicious intentions. One notable scam on Facebook was hackers' attempts to install malware on victims' devices by offering the option of a "dislike" button on the website. Think Before You Click You've heard this a dozen times, but it's still true: once something's online, it doesn't go away. Think before you post pictures or information you don't want everyone to see. Ten percent of respondents in a survey claim that they've regretted posting something, thirty percent include location in their posts, and nearly forty percent of users' profiles are completely or partially public. Take time to look over the privacy and security settings of the social networking sites you use. Sites update their privacy settings every so often, so it's a good idea to keep yourself in the loop to make sure you know what information is available to the public. Over-sharing isn't just annoying for your online friends; it also makes it easy for cybercriminals to steal your identity, access personal data, or even stalk you. Be careful about how much personal information you decide to share on social networking sites. Don't click on suspicious-looking links or advertisements because it could be cybercriminals aiming to compromise your device. More Tips To Keep In Mind Create strong passwords for each of your logins to help prevent your personal information from getting stolen. A password manager is a great tool to use to generate and store hard-to-crack passwords; one of our favorites is Editors' Choice LastPass 3.0. Keep your computer well protected with antivirus software. There are a lot of great options out there; one of them is our Editors' Choice Norton Antivirus (2014). Always back up your data to a remote location just in case your device gets infected or lost. Be smart about how you monitor your personal data; you don't want crooks getting their hands on it.

Security Think Tank: ISF’s top security threats for 2014

The top security threats global businesses will face in 2014 include bring your own device (BYOD) trends in the workplace, data privacy in the cloud, brand reputational damage, privacy and regulation, cyber crime and the continued expansion of ever-present technology. As we move into 2014, attacks will continue to become more innovative and sophisticated. Unfortunately, while organisations are developing new security mechanisms, cyber criminals are cultivating new techniques to circumvent them. Businesses of all sizes must prepare for the unknown so they have the flexibility to withstand unexpected, high-impact security events. The top six threats identified by the Information Security Forum (ISF) are not the only threats that will emerge in 2014. Nor are they mutually exclusive and can combine to create even greater threat profiles. 1. BYOD trends in the workplace As the trend of employees bringing mobile devices into the workplace grows, businesses of all sizes continue to see information security risks being exploited. These risks stem from both internal and external threats, including mismanagement of the device itself, external manipulation of software vulnerabilities and the deployment of poorly tested, unreliable business applications. If the BYOD risks are too high for your organisation today, stay abreast of developments. If the risks are acceptable, ensure your BYOD programme is in place and well structured. Keep in mind that a poorly implemented personal device strategy in the workplace could face accidental disclosures due to loss of boundary between work and personal data and more business information being held in unprotected manner on consumer devices. 2. Data privacy in the cloud While the cost and efficiency benefits of cloud computing services are clear, organisations cannot afford to delay getting to grips with their information security implications. In moving their sensitive data to the cloud, all organisations must know whether the information they are holding about an individual is personally identifiable information (PII) and therefore needs adequate protection. Most governments have already created, or are in the process of developing, regulations that impose conditions on the protection and use of PII, with penalties for businesses that fail to adequately protect it. As a result, organisations need to treat privacy as both a compliance and business risk issue to reduce regulatory sanctions and commercial impacts. 3. Reputational damage Attackers have become more organised, attacks have become more sophisticated, and all threats are more dangerous, and pose more risks, to an organisation's reputation. With the speed and complexity of the threat landscape changing on a daily basis, all too often businesses are being left behind, sometimes in the wake of reputational and financial damage. Organisations need to ensure they are fully prepared and engaged to deal with these ever-emerging challenges. 4. Privacy and regulation Most governments have already created, or are in the process of creating, regulations that impose conditions on the safeguard and use of PII, with penalties for organisations that fail to sufficiently protect it. As a result, organisations need to treat privacy as both a compliance and business risk issue to reduce regulatory sanctions and commercial impacts, such as reputational damage and loss of customers due to privacy breaches. Different countries’ regulations impose different requirements on whether PII can be transferred across borders. Some have no additional requirements; others have detailed requirements. To determine what cross-border transfers will occur with a particular cloud-based system, an organisation needs to work with its cloud provider to determine where the information will be stored and processed. 5. Cyber crime Cyber space is an increasingly attractive hunting ground for criminals, activists and terrorists motivated to make money, get noticed, cause disruption or even bring down corporations and governments through online attacks. Organisations must be prepared for the unpredictable, so they have the resilience to withstand unforeseen, high-impact events. Cyber crime, along with the increase in online causes (hacktivism), the increase in cost of compliance to deal with the uptick in regulatory requirements, coupled with the relentless advances in technology against a backdrop of under-investment in security departments, can all combine to cause the perfect threat. Organisations that identify what the business relies on most will be well placed to quantify the business case to invest in resilience, therefore minimising the impact of the unforeseen. 6. The internet of things Organisations’ dependence on the internet and technology has continued to grow over the years. The rise of objects that connect themselves to the internet is releasing a surge of new opportunities for data gathering, predictive analytics and IT automation. As increased interest in setting security standards for the internet of things (IoT) escalates, it should be up to the companies themselves to continue to build security through communication and interoperability. The security threats of the IoT are broad and potentially devastating, so organisations must ensure that technology for both consumers and companies adheres to high standards of safety and security. You cannot avoid every serious incident, and while many businesses are good at incident management, few have a mature, structured approach for analysing what went wrong. As a result, they are incurring unnecessary costs and accepting inappropriate risks. By adopting a realistic, broad-based, collaborative approach to cyber security and resilience, government departments, regulators, senior business managers and information security professionals will be better able to understand the true nature of cyber threats and respond quickly and appropriately.

Malwarebytes Anti-Malware 1.70

By Neil J. Rubenking When a Trojan or other malware gets a foothold in your PC's innards, clearing it out can be tough. The nastiest ones fight back, interfering with your attempts to install antivirus software. When that happens, who ya gonna call? In many cases the answer is Malwarebytes. Even tech support agents for other companies may turn to the free Malwarebytes Anti-Malware 1.70 when their own product won't install. And the latest edition is better than ever. You may notice one thing's missing—that pesky apostrophe. Yes, the program name used to be Malwarebytes', a fact that's confused many a copy editor. They also dropped "Free" from the name, and spiffed up the program icon a bit. Really, though, it doesn't look a lot different. Malwarebytes is all business, and its business is scraping out persistent malware. There's no home screen or status page. Launch it and it goes straight to the scanner page. As for settings, there aren't many, and they come pre-configured for maximum protection. Speedy, Hassle-Free Install Sadly, I'm accustomed to needing a full day or more to get antivirus products installed on my twelve malware-infested test systems. When the malware fights back, I have to either engage in email back-and-forth with tech support or sit around while tech support deals with the problem via remote assistance. I do appreciate that support, but I'd appreciate not needing it even more. I had absolutely no trouble installing Malwarebytes on those same systems. The installation is super-quick, and doesn't require a reboot. The update process failed on one system, probably due to a glitch in the connection. A second try succeeded. I installed Malwarebytes on all twelve systems in less than an hour. Fantastic! No Lab Results In general I like to check my test results against results from the independent testing labs. However, getting tested can actually cost money, so many of the free antivirus tools limit their participation in testing. There are exceptions. For example, AVG always submits AVG Anti-Virus FREE 2013 for testing, demonstrating that its free product is just as powerful as its commercial versions.