Editor’s note: This is the second of a three-part series on spam.

In our last blog entry, we addressed ways to identify spam. Now we will explore ways to prevent spam from flooding your email:

• Don’t volunteer your email address online, as scripts created to search websites can harvest addresses from websites where such addresses are made public. Also others may appropriate your email address to sign up for offers to get free items.
• Find creative ways to write out your email address, such as substituting [at] for @ or [dot] for the period, as these methods can frustrate spambots attempting to steal addresses. Other options include using an image picture of your address or using JavaScript to dynamically set up the display of your email.
• Never make your username, which is almost always public, the same as the front segment of your email address, as it’s not terribly complicated for hackers to guess the correct provider that you’re using. Also avoid chatrooms connected to your address, as those addresses are simple to figure out. Finally don’t post to newsgroups or email lists with your private address, for that same reason.
• Disposable email addresses can stem the flow of spam as well. In addition to your main account, set up separate addresses by topic or type of account. Set all those addresses to forward to your main account. If spam comes through, track it back to that disposable address and eliminate that account.
• Don’t respond to spam. You create more spam when you reply or click “unsubscribe,” as that verifies your address as legitimate.
• Never enter contests, answer free or special offers, or order free e-cards, as these are lures to collect your email address for future spamming.
• If you are a contact for a registered domain, instead of your private email address, use a generic common mailbox for this purpose, such as [email protected] or [email protected].
• For your public email address, set up a free Yahoo or Hotmail account, saving your private email address for select friends and relatives;
• Carefully watch for checkboxes when filling out any form online and uncheck those offering services you don’t want. Also look for any Spam or email sharing disclaimers.
• Consider using a complicated username, as spam programs will try applying a long list of common names to a domain. [email protected] is a lot easier to figure out than [email protected] (not a great business address, however). Still make it something you can remember.
• Be careful about what you forward, as you may inadvertently be helping spam spread to your friends and business associates.

For help with a computer problem, visit http://www.hcp4biz.com/support-request/.

Next: How to block and report spam.

STAY SAFE!

Sensitive consumer and employee data is the lifeblood of many businesses.

That’s why it’s essential that companies properly secure or dispose of such data.

Raising additional compliance concerns would be financial data, personal information from children and material derived from credit reports. Your company also may have legal responsibilities to victims of identity theft.

A great resource on such issues is the Federal Trade Commission’s Bureau of Consumer Protection Business Center (http://business.ftc.gov/).

Among the topics the BCPBC can help with are:

• Children’s privacy: Parents have control over what information websites can collect from their children thanks to the Children’s Online Privacy Protection Act. Any business collecting information from someone under the age of 13 must comply with COPPA’s requirements. (http://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule).
• Consumer privacy: You need to stand by your company’s privacy policy. Reread it to be sure you are honoring the promises you’ve made. Consumers want to be sure that their personal information is secure, and smart businesses must be transparent about what they are doing with such data. (http://business.ftc.gov/privacy-and-security/consumer-privacy)
• Credit reporting: If you use consumer reports or credit reports to evaluate customers or potential employees, you have responsibilities under the Fair Credit Reporting Act and other laws. (http://business.ftc.gov/privacy-and-security/credit-reporting)
• Data security: Sensitive personal information about customers and employees requires a sound security plan. Such a system can help you meet your legal obligations to protect such data. (http://business.ftc.gov/privacy-and-security/data-security)
• Information sharing: The Gramm-Leach-Bliley Act requires that financial institutions explain to customers their information-sharing practices and sensitive-data safeguards. (http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act)
• Identity-theft prevention: Under the Red Flags Rule, companies must put in place a written identity-theft prevention program designed to detect warning signs of identity theft in their operations. (http://business.ftc.gov/privacy-and-security/red-flags-rule)

For more help on keeping data secure submit a request for a free consultaion at http://www.hcp4biz.com/consultation/

Stay safe!

Many of you know about the popular website called LinkedIn. It’s a sort of social network for businesses and people looking to make contact with each other. You can post your detailed resume to the site so potential employers can easily see things about you. It also allows you to network with others, which could be beneficial in landing that job that you want.

Well, just as other sites have fallen victim to cyber-attacks recently, it has been brought to light that LinkedIn had been particularly vulnerable from past years till earlier this year and it had been up to the end-user to make it not vulnerable. By default your login had started with an HTTPS connection and ended with a non-HTTPS connection. What this means is if there was someone on your home network, the local coffee shop you like to frequent, or any other open network, wireless or wired, that you had been using, they could have easily grabbed your login name and password without you even knowing.

While no financial data is on your LinkedIn account, a would-be attacker could gather quite a lot of information on you that would be very helpful in breaking into other accounts you have elsewhere.  LinkedIn has stated that all customers in the U.S. and E.U. have been now protected against these types of attacks, called “man in the middle,” starting in February of this year, with HTTPS connections always on by default. What is unclear and why this has been brought to light is that customers from any other area of the world maybe still unprotected with no HTTPS connections by default.

While this is a fairly standard issue in terms of security, it brings up a good point. You should always be checking sites that you log into that store personal information or are otherwise critical always use HTTPS connections, not just when you login. This type of connection encrypts any and all traffic that is sent from your computer browser to the hosting server of the site. You have to make it that much more difficult for attackers to successfully gain access to your information.

To do this on most sites, including LinkedIn (if they don’t use HTTPS already automatically), you simply go to your account and settings looking for the option to enable HTTPS connections. Most sites these days do this automatically but even some that you wouldn’t expect (LinkedIn in this case) still do not and leave this up to you, the end user, to do.  However it is still good to make sure this is working for you.

Stay Safe!

Unfortunately, as discussed in the last blog entry, Cryptolocker and the new variants of it are an encryption-based infection. This type of infection requires a preemptive and proactive approach to keeping your data safe. This is because once you have discovered the infection is on a system or systems, it is already too late in most cases. You may or may not have lost any or all of your files to the infection, depending on how quickly it is found.

This infection and its variants spread through spam emails mostly. It will usually present itself as a link for you to click in an email that has been crafted to look legitimate to an end user.  The file is usually contained in a zip archive either directly in the email or through a cloud storage account such as Dropbox. It is critical to frequently tell your end users the dangers of spam mail and to never click links to files in emails unless you know for sure that it is safe.  A good policy in place would be to disallow any .zip or .exe files to be used at all in company emails, therefore getting rid of one avenue of infection. For some business or end users, this may not work.

Education for these types of infections is key because they rely heavily on successful social engineering. Now even the best-educated users will at times make mistakes and you have to plan for this with these types of encryption infections.

It is only a matter of time before a system or network of systems will get one of these ransomware-type of infections no matter the security in place. Therefore it is absolutely critical to have a backup system in place to retrieve lost data. A variant of the Cryptolocker infection called Cryptowall takes the infection to a new level by deleting what is called the system-restore files in Windows that allow you to take your computer back to an earlier time and date. It also deletes the shadow copies that Windows keeps of files. Again this means you need to have a secure and effective backup system in place for your systems. The most critical thing is you need to know that the backups will work. Regular testing is mandatory to make sure you can get your data back. A good system means nothing if the restore process doesn’t work or work well.

Now one would ask is there more that can be done other than educating users on where this infection comes from and having a good backup system in place. As of right now, the industry is scrambling to come up with good defensive approaches to these types of infections. The regular antivirus scanners have been ineffective so far at stopping the infections or even detecting that it’s on a system.  Once it’s on a system, it’s almost too late.  Here at HCP Computers, we are drafting up a few proactive and on-demand measures to help keep these types of infections from happening in the first place. Contact us and we will schedule a time to discuss these measures. http://www.hcp4biz.com/contact/

First and foremost; educate, educate, educate and backup, backup, backup.

Stay Safe