BYOD, or bring your own device, has become the new normal in the corporate workplace. But with this convenience comes impending security concerns. Although BYOD costs companies less, mobile devices are often used without proper security measures in place. This makes it difficult for employers to determine how much access employees should receive to company networks. The more access an employee has to company networks, the more opportunities for not only their personal information becoming vulnerable, but company data as well. With BYOD becoming more prevalent in the workplace, it is vital companies and employees understand the perks and security concerns that are associated with BYOD and take necessary steps to ensure personal devices and company information is protected.
BYOD can offer some really great perks: 1) employers spend less on technology and providing devices to employees thus saving the company money and 2) you get to use your own device(s) with which you are already accustomed to. Your company may already allow BYOD in your office, but do you know the associated security risks? They are complicated. Three looming concerns of BYOD that companies and employees should be addressing are accessibility to company data, lost or stolen devices, and overall maintenance. Let’s delve into why these concerns are the most pressing.
- Accessibility. The overarching question of BYOD is who gets access to company data on their personal devices, when and where? For example, if you are at a meeting, outside of the office and you are on a limited-access BYOD policy with your employer, you would only be able to access work email and contact but nothing stored on the company servers. If your client asks to see a specific document hosted on your company server during the meeting, you won’t be able to access it because it is sensitive and lives on the private severs. This is where BYOD backfires for the employee.
- Lost or stolen devices. A personal device that contains confidential company information poses a huge security threat if it is lost or stolen, and begs the question: who is responsible for retrieving the device and/or data? What is the proper response to this sort of breach? It is your personal device, with both personal and company data, so should it be locked, tracked and retrieved, or completely wiped immediately? There is no clear or correct answer, which is why companies need a clear BYOD policy and culture of security that fits both parties’ needs.
- Maintenance and malware. Frequency of device maintenance, software updates and uniformed app downloads can open the door to a slew of security vulnerabilities. Organizations have a hard-enough time implementing their own software across the corporate network, let alone ensuring all employees are adhering to the required software updates from device operating systems and applications. With the breadth of different phones and tablets being used around the globe, it can be nearly impossible to keep track of employees’ security posture on their personal devices.
Without the right security measures in place, there is the possibility of malware being downloaded through sketchy apps or unpatched versions of software, which could be transferred onto corporate servers depending on the employee’s access level. McAfee Labs detected over 16 million mobile malware infestations in the third quarter of 2017 alone, nearly doubling the number one year previously. This uptick in cyberattacks on mobile devices illustrates the importance of comprehensive cybersecurity policies across the board.
So how do you protect yourself when it comes to using your smartphone or tablet for both business and pleasure? Here are a few tips:
- Practice discretion when alternating between personal and business tasks on your mobile device. Separate the two by using different, verified apps for company and personal uses to maintain safety.
- Avoid downloading apps from third-party vendors that could make your device prone to malware, and always check permissions of any apps before downloading, particularly those that ask for to access to your device’s data.
- Regularly update your device to ensure they are equipped with vital patches that protect against flaws and bugs that cybercriminals can exploit.
- Avoid accessing data-sensitive apps on your device over public Wi-Fi. Cybercriminals could use this as an opportunity to take a look at your mobile data.
- Keep your personal and work information secure with comprehensive mobile security, such as McAfee® Mobile Security, that will not only scan your device for viruses and threats but also help you identify apps that are accessing too much of your valuable personal information.
McAfee is the device-to-cloud cybersecurity company helping to secure data at all levels, on all devices. We’re helping you stop threats and protect your data wherever it resides, from your fingertips to the skies, enabling you to protect what matters on your digital journey.
April 25 – otherwise known as National Telephone Day – rolls around once a year to remind us of the sheer technologic prowess and influence of the phone. What first started as an industrial revolution invention from Alexander Graham Bell, the phone has undergone quite a remarkable evolution over its nearly 150 years of existence. When people say the word ‘phone’ today, the device they’re talking about is widely different. The phone of the past has become the gateway into our digital identities and now holds the keys to all the connected things in our homes. As dependency on our mobile devices continues to grow, potential cyberthreats and need for mobile security does as well.
Consumers have been quick to adopt mobile phones, more so than at any point in the telephone’s storied history. It’s estimated that 95% of Americans own a cell phone today. This goes to show that the phone has not only become an instrumental device in today’s society, but it also speaks to how it has evolved beyond its initial capabilities to serve as a device that contains our digital persona. A phone is no longer a convenient piece of equipment but a fundamental element of many people’s lifestyles, so much so that many can’t even unplug while on vacation—only 27% say they’re unwilling to leave their smartphones at home when on vacation. As today’s world becomes more digital and interconnected, our mobile phones are at the heart of this transformation.
Of course, with any device that contains this much power and influence, the mobile phone has also become the target of cybercriminals and hackers, making mobile security a cause for much concern. McAfee Labs detected over 16 million mobile malware infestations in the third quarter of 2017, and new threats continue to emerge around the world, most of which target a consumer’s money. However, according to a recent CES Survey, 52% of respondents are either unsure of or have no idea how to check to see if their mobile devices and apps are secure against these kinds of threats—which is worrisome considering these latest mobile trends:
- More targeted attacks – Following the money, a global spike in banking Trojans has occurred, targeting large multinationals and small regional banks.
- Virtual bank robberies – With the growing interest in cryptocurrencies, cybercriminals are attempting virtual bank robberies by distributing fake mobile wallets and targeting the cryptocurrency industry.
- States using malware – North Korean dissidents and journalists using the popular South Korean chat app KakaoTalk were recently targeted in a State-instigated malware attack, with the aim of implanting spyware on the victim’s device.
- Persistent threats – The increasing proliferation of Internet of Things (IoT) devices are significantly heightening the threat landscape, increasing the number of possible points of attack.
In order to feel safe and secure when you shout “Call me, maybe!”, take some time out of whatever festivities you may have planned for National Telephone Day to consider these tips on how to keep your mobile phones and devices secure:
- Update regularly – Regularly updating your devices helps ensure they are armed with critical patches that protect against bugs or flaws in their operating systems that cybercriminals can leverage. Though it’s very tempting to skip out on these updates, taking a few minutes to download them means you aren’t recklessly leaving your devices open for hackers. This also applies to apps on your phone as well.
- Use a complex password – A complex password is a secure password, so there’s no excuse to skate by with your own birthdate or a “1234” code for your mobile devices anymore. It’s good practice to have distinct passwords for every device, even though it’s a bit more burdensome on you. Still, choosing a safe and secure password is always the priority. Be sure to throw in a mix of numbers and symbols to avoid making it easy for potential hackers.
- Turn off geolocation – When it comes to geolocation or sharing your location with apps and other services on your phone, approach with caution. It’s a good rule of thumb to only activate geolocation permissions when it’s crucial for an app’s ability to work (i.e. Uber, Google Maps, etc.). Otherwise, hackers can start to uncover your exact whereabouts and understand your movement patterns.
- Use security software – Finally, I can’t stress enough how important it is to use comprehensive security software to protect your mobile phones and devices from the inside out.
The post Security Calling: Celebrate National Telephone Day by Securing Your Mobile Devices appeared first on McAfee Blogs.
As spring blossoms into full-force, millions of people will start to shed the heavy baggage and gear that kept them warm during winter by partaking in a tried and true practice: spring cleaning. While whipping yourself into a cleaning frenzy around your home, take a moment to extend your spring cleaning efforts into your digital environments as well. And there’s no better time to kick off a digital spring cleaning than during World Backup Day.
What exactly is World Backup Day? I’m glad you asked.
In today’s day and age, data is basically digital gold. It’s imperative to ensure your information is organized and backed up—not just for peace-of-mind, but to protect yourself against potential malware and ransomware threats. Still, a large number of people have never backed up their files, leaving themselves vulnerable to losing everything. In fact, this has become such a systemic problem that a whole day has been devoted to reversing this trend: World Backup Day. One of the main goals of the World Backup Day initiative is to reach people who have never backed their data up or people who aren’t even aware that data backups are a thing, let alone a crucial security measure.
For those who may not know, a backup is a second copy of all your important files and information, everything from photos and documents to emails and passwords. Storing all of that data in one place, like a personal computer or smartphone, is a woefully unsafe practice. Creating another copy of that data through a backup will ensure that it’s stored and kept safe somewhere else should catastrophe befall your personal mobile devices, or if they’re lost or stolen.
Data loss isn’t something that only happens to huge conglomerates or to unsuspecting victims in spy movies. Every individual is susceptible to data loss or theft, and backing up that data is an easy, relatively painless step to protect all of your personal information and prevent pesky hackers from truly swiping your stuff.
Think about it—if you’re targeted by a nasty piece of ransomware but have successfully performed a data backup, there’s absolutely no need for you to pay the ransom because you have a second, secure copy of all that data. It’s a simple preventative measure that can pay off big time should worse come to worst. Even the STOP. THINK. CONNECT. campaign, dedicated to increase awareness around cybersecurity and provide information to help digital citizens protect against malware, lists regular data backups as an important security action to safeguard yourself against cybercrime.
There are two main approaches to backing up your data: either in the cloud or on an external hard drive. A cloud-based backup solution is great for people who don’t want to actively back up their devices and data or worry about the space constraints that come with most external hard drives. Simply subscribing to one of these cloud solutions will do the trick—your device’s files and data will automatically be backed up and protected without you having to lift more than a finger. Cloud-based services typically come with a monthly fee, and you’ll need a good internet connection to access them. If your connection is wonky or the site is undergoing maintenance, it can be difficult to access your backed-up data.
With an external hard drive, you can manually back up all your data and files yourself onto a physical device that you have access to anytime, anywhere. These drives are extremely reliable and a great way to achieve data redundancy. An external hard drive doesn’t hinge on internet access like cloud-based services and is an easy fix when transferring data to a new device. However, using external hard drives requires a more hands-on approach when it comes to actually backing up your data. The responsibility falls upon you to regularly perform these backups yourself. Storage space can also pose a problem. Look for an external drive with at least a terabyte of space to accommodate all of your data, which tends to accumulate quickly.
Here are some other digital spring cleaning tips to consider this World Backup Day:
- Play it extra safe and go both routes for a thorough backup by using an external drive and subscribing to a cloud-based solution. After all, it’s better safe than sorry when it comes to your personal data.
- Back up data from your mobile devices onto a central laptop or personal computer for an added layer of security and protection. Then work on backing up these devices with one (or both) of the methods laid out above.
- Have at least one backup of your initial backup as a fail-safe measure.
- Test your ability to restore data from backups regularly to ensure your backups have been performed correctly and that they haven’t been compromised.
- Back up your data with a process and system that’s simple and works best for you—there’s no need to over complicate it!
The post Kick Off Your Digital Spring Cleaning Efforts During World Backup Day appeared first on McAfee Blogs.
The term “mobile” has come to encompass a wide range of devices these days. Mobile devices have become much more than our Androids and iPhones. Wearable watches, tablets, even home devices all fall under the mobile umbrella of IoT and have the ability to impact our lives for better, or for worse.
This rich IoT landscape holds the key to your digital identity, your connected home and potentially, even your kid’s digital future. Gartner predicts that by the year 2020, 20.8 billion connected devices will populate the consumer home. (Current global population is 7.6 billion people.) As these devices continue to increase in presence in our daily lives, it’s important to understand not only the convenience they offer, but the threats they pose as well.
With the dawn of an even more connected era fast approaching, we at McAfee are examining the mobile threats that might be waiting on the horizon. This year’s Mobile Threat Report, takes a deep dive into some significant trends that demonstrate just how these mobile platforms are targeting what’s most sacred to us – our home. Let’s take a look into some of the most common trends in mobile malware, and a few tips on how to protect your home.
Mobile Malware in the IoT Home
According to Gartner, 8.4 billion connected “things” were in use last year, and chances are one or more of these devices is living in your home today. While many of these devices bring convenience and ease to the home, it’s important to note that they also significantly increase the risk of attack. Many of these devices are developed with innovation in mind, and little to no focus on – security. With that being said, everyday users of mobile devices have grown phenomenally, hence the increased need for security as the frequency of mobile attacks continues to grow.
DDoS Causes SOS
IoT attacks such as Mirai and Reaper showed the world just how vulnerable smart homes and connected devices can be to malicious code. These attacks targeted millions of IoT devices with the intent of creating a botnet army from trusted connected items within the household.
The Mirai malware authors, leveraged consumer devices such as IP cameras and home routers to create a botnet army, launching distributed denial of service (DDoS) attacks against popular websites. By taking advantage of the low-levels of security on most home connected devices, this malware was able to seize control of millions of devices. All it had to do was guess the factory default password.
The “Reaper” malware strain also took advantage of limited security of many connected home devices. However, these malware authors evolved their tactics by looking for devices with known vulnerabilities to exploit and by implementing a set of hacking tools that showed greater sophistication. The IoT reaper clocked in as many as 2 million infected devices, at nearly ten times the rate as Mirai.
The evolution of the malicious code targeting mobile and IoT devices represents a growing threat to consumers who wish to embrace a culture of connected living. So how can we welcome these devices into our homes without opening the door to cyberthreats? Here are a few tips to consider:
- Protect your devices, protect your home. As we continue to embrace a culture of smart homes and connected devices, it is also important for us to embrace internet security at a network level. With the presence of targeted attacks growing globally, we must remain vigilant in protecting our connected lives by making sure each individual device is secure, especially the home network. The MTR has dubbed 2018 as “The Year of Mobile Malware,” and very tech user should consider using a home gateway with built-in security to ensure every device in their home is protected.
- Download apps with caution and update them regularly. Malware campaigns having been targeting users on the Google Play stores almost since its inception. In fact, McAfee recently discovered Android Grabos, one of the most significant campaigns of this year, found present within 144 apps on Google Play. Stay current on which applications are supported in your application store and update them regularly. If an app is no longer supported in the play store, delete it immediately.
- Invest in comprehensive security. I can’t stress enough how important is to use comprehensive security software to protect your personal devices. Malware is constantly evolving with technology, so ensure your all of your devices are secured with built-in protection.
The post Key Mobile Threat Takeaways from the 2018 Mobile Threat Report appeared first on McAfee Blogs.
Cryptocurrency, a virtual form of currency designed to work as a secure form of exchange, has gained a lot of traction in the world of finance and technology. But for many, the concept of obtaining cryptocurrency, or “crypto-mining,” is obscure. Investopedia defines crypto-mining as, “the process by which transactions are verified and added to the public ledger, known as the blockchain, and also the means through which new currencies such as Bitcoin and Ethereum are released.”
The practice has been around since 2009, and anyone with access to the Internet, the required programs and hardware can participate in mining. In fact, by the end of this month, Forbes Magazine will have published its first “Top Richest” list dedicated to Crypto Millionaires.
With the rise in popularity of digital currency, it’s no surprise that cybercriminals across the globe are leveraging malicious code to obtain it. Hackers would rather develop or utilize mining malware instead of paying the expensive price tag associated with mining machines, which can be upwards of $5000. In China, the ADB Miner malware is spreading and targeting thousands of Android devices for the primary purpose of mining cryptocurrency. The malware is spread through the publicly accessible Android Debug Bridge (abd) on an opened port 5555. This port is typically closed but can be opened by an ADB debug tool. Once infected, a device will look for other devices with the same vulnerability to spread the malware and leverage other Android-based smartphones, tablets, and televisions for crypto-mining.
So why are cybercriminals now targeting Android mobile devices? This could be due to the fact that hackers know they can easily manipulate vulnerabilities in Google Play’s app vetting system. Last year McAfee Mobile Threat Research identified more than 4,000 apps that were removed from Google Play without notification to users. Currently, the app store does not have consistent or centralized reporting available for app purchasers. Even if an app is supported by Google Play at the time of download, it could later be identified as malicious and Android users may be unaware of the fact that they’re harboring a bad app.
Researchers have found over 600 blacklisted malicious cryptocurrency apps across 20 app stores including Apple and Google Play. Google Play was found to have the highest amount of malicious crypto apps, with 272 available for download. In the United States, researchers have found another crypto-mining malware that is so demanding of phone processors, its causing them to implode. Loapi, a newly-discovered Trojan crypto-miner, can cause phone batteries to swell up and burst open the device’s back cover, and has been found in up to 20 mobile apps.
Crypto-mining malware isn’t a new phenomenon. Before the WannaCry attacks last summer, cryptocurrency malware sprung up as another malicious software looking to take advantage of the same Windows vulnerabilities that WannaCry exploited. But, instead of locking down systems with ransomware, these cybercriminals were putting them to work, using a cryptocurrency mining malware called Adylkuzz.
Here are a few tips to ensure your Android-devices are protected from crypto-mining malware:
- Download your apps from a legitimate source. While some malicious apps may slip through the cracks, app stores like Google Play do have security measures in place to protect users, and it’s much safer than downloading from an unknown source.
- Delete any apps that you haven’t used over the past 6-months. An app’s security can change over time; applications that were once supported by an app store can be flagged as malicious and removed from the platform without notification. If an app is no longer supported in the app store, you should delete it immediately.
- Keep all of your software up to date. Many of the more harmful malware attacks we’ve seen, like the Equifax data breach, take advantage of software vulnerabilities in common applications, such as operating systems and browsers. Having the latest software and application versions ensures that any known bugs or exploits are patched, and is one of the best defenses against viruses and malware.
- Double up on your mobile security software. I can’t stress enough how important is to use comprehensive security software to protect your personal devices.
The post Warning: Crypto-Currency Mining is Targeting Your Android appeared first on McAfee Blogs.
I love Valentine’s day, it’s the one day of the year exclusively dedicated to sharing: we share our feelings, our affection, and special gifts with our loved ones. It’s a great time to show the people in our lives just how much they mean to us. Thanks to social media and mobile friendly retailers, giving your loved ones the world is just a few clicks away.
Tech devices have made it so much easier to share our hearts with the people we care about. But, could our emotional vulnerability ultimately leave us vulnerable to cyber-attacks? Historically, Valentine’s day has been a big day for cybercrime. Criminals have found clever ways to take advantage of retail, online dating platforms, and social media to launch attacks against romantic hopefuls. If you’re wondering how to avoid the most common V-day scams, here are a few things to remember when sharing the love online, and some useful tips to keep your precious data safe.
Dating Apps Are a Data Goldmine
Apps like Tinder or Zoosk are very attractive to hackers around this time of year. Considering the amount of intimate details shared on these platforms, dating apps are prime targets for cybercriminals looking to gain access to personal data and even payment information. In fact, online dating has seen a growing number of cyber-threats since 2015.
If you’re wondering “what’s the worst that could happen if my Tinder account is hacked?”, look no further than the hundreds of pages of data that the app keeps stored on its users. This particular dating app doesn’t just match singles looking to spark a connection, it also collects behavioral data, such as how often you connect, when and where you connect, and even your “likes” and posts from other associated accounts. Some of this data might seem trivial to unsuspecting users, but if placed in the wrong hands this information could be detrimental to the security of your identity.
Florist Are a Favorite for Phishing Scams
A bright, beautiful bouquet of roses is my favorite gift to receive when February 14th rolls around. Unsurprisingly, flowers make one of the most common gifts given around Valentine’s Day but, sending and receiving flowers may not be as harmless as it seems. In 2016, cybercriminals leveraged the popularity of flower services to attack unsuspecting vendors through a series of DDoS attacks designed to extort money from them. While these attacks did not result in leaked information, it’s important to be cautious of which vendors you allow to keep your credit card information on file. After all, you’re expecting your florist to deliver an assortment of beautiful flowers, not a bouquet of personal data to cyber criminals!
If an attack on your friendly florist isn’t enough to peak your senses, hackers have also been known to take advantage of admirers looking to send flowers. Cybercriminals prey on the likelihood that you’ve sent flowers to your loved ones to launch phishing scams, using bogus packages and “Failure to Deliver” notices to collect your data.
Social Media Isn’t Always Your “Friend”
Valentine’s day is easily one of the most socially sharable days of the year. With so much love in the air, you can’t help but share pictures and posts about your loved ones with other friends and family online. Although most people associate cyber-attacks with some form of malware, many do not realize how vulnerable they are when sharing personal information on social media. Through social engineering, hackers use the information you share online to exploit you. The more personal information you choose to share on social media, the easier it is to exploit that information. Through social media, hackers can find out information about your job, the places you frequent, and even your mother’s maiden name. But don’t worry, we’ve got a few tips up our sleeve to help you share all of the love you want across social.
Seasonal events, like Valentine’s Day, present an opportunity for cybercriminals to leverage their schemes. But don’t be deterred from sharing the love— here’s how you can connect securely and keep your data safe from hackers:
- Get friendly with your privacy settings on your social media apps. Social platforms like Facebook are making it easier to adjust your privacy settings through a “privacy center” so you can stay on top of the information you share and who you share it with.
- Be careful of which accounts you link. Being connected to your online community is great, but linking accounts across platforms only gives cybercriminals easier access to your data. While Tinder does require you to link your Facebook account to sign up, you can turn off Tinder Social so that Tinder won’t be able to post anything to Facebook. And, when possible, avoid linking your dating profiles to other personal accounts.
- Think before you click that link. Hover over it to see if the URL address looks legitimate to avoid phishing scams. If you know you didn’t send flowers, send that scam to your spam.
- Double up on your security software. There are plenty of apps that keep your phone safe from malicious attacks. Consider using a service for your phone that offers web protection and antivirus.
The post Share Your Heart, Not Your Identity: Here’s How You Can Stay Safe on Valentine’s Day appeared first on McAfee Blogs.
The beginning of the new year is always an exciting time for consumer technology enthusiasts. Business leaders, pioneers and forward-thinking companies gather in Las Vegas to showcase their latest devices at The International Consumer Electronics Show (CES), where next-generation innovations take center-stage and the world gets a glimpse into the future of IoT. I had the pleasure of attending CES with my colleagues this year and was blown away by the breadth of technology showcased. While the innovations stretched across many industries, I’d like to focus on the reoccurring themes in home and personal technology and how we can secure ourselves through the gadget-filled year ahead:
Smart Homes Will Become “Smarter”
My favorite devices are the ones designed to enhance the smart home. Companies are striving to advance technology and make our lives easier in the comfort of our homes. From smart thermostats to smart assistants, there is certainly no shortage of household innovation; and companies like Google and Samsung are making strides to contribute to the smart home ecosystem. During CES, Samsung pledged to make all of its devices “smarter” by 2020, linking together all devices via its SmartThings cloud. Meanwhile, Google announced that Google Assistant will now be built in (or compatible) with a range of household products including your smart doorbell and ceiling fan.
As our homes become increasingly connected, the need to secure our internet-connected devices is critical. More IoT devices mean more points of data to attack and leverage for cybercrime. Hackers have the ability to access your personal information through connected home devices, which poses a threat to your identity. Consider using a service with built-in security to ensure every device in your home is well protected― especially the ones that often fly under the radar. Secure routers and gateways can protect all of your connected devices, even the ones without screens.
Smart Technology Will Track Your Sleep
Technology is even changing the way we sleep, with smart sleep solutions for consumers. At CES 2018, Terraillon announced HOMNI, a device designed to help improve a user’s sleep environment. This device tracks the sleeper’s movement, sending your sleep data to a free app so that users can see how well they’ve slept. There’s nothing technology can’t solve for, including a good night’s sleep. However, when it comes to our personal data, it’s wise to be aware of how your data is being tracked or used.
As the use of connected devices in our homes and personal lives grow, so does the need for security beyond your PC or mobile phone. Many of the devices that we welcome into our daily routine aren’t equipped with proper security controls. It’s important to remember that these connected devices often run on our personal information, information such as your name, age, location –and in this case, your sleeping habits. While a sleep tracker may collect your information with the intentions of helping perfect your sleeping patterns, it has the potential to put your information in places that you might not intend. This is another example of why it’s exceedingly important to secure the connection at its source: your home.
“Ask Alexa” Will Live in Your Eyewear
Amazon Alexa has the ability to communicate with just about every connected device, so it’s no wonder that the Alexa Voice Service will have the ability to connect with your glasses soon, too. During CES, Vuzix announced that its latest pair of AR glasses, the Vuzix Blade, can communicate with Amazon Alexa. Blending augmented reality with AI assistant’s functionality, this headset acts as a fully functional computer with the ability to send email and text notifications via Bluetooth through the processing power of Android and unparalleled display.
Amazon Alexa has become a pseudo-family member in many households, offering assistance in the kitchen and even reading bedtime stories to children. To keep Cybercriminals from gaining access to your personal data , be sure you enable an extra measure of security, like setting up a PIN code for your voice command purchases.
Adding an extra layer of security to your smart devices is key to becoming an empowered consumer in today’s day and age. By taking these extra steps you’ll be able to enjoy the benefits of a secured smart home.
The post The Future of IoT: What to Expect From Our Devices This Year appeared first on McAfee Blogs.