Tag Archives: data protection

Brazil faces unique cybersecurity challenges

Futurecom is Brazil’s major conference and exhibition for the mobile industry to come together and look at the specific requirements that this unique country and culture need.

I was fortunate enough to be asked to be on a panel of industry experts, which included companies such as Tefonica, TIM, Telebras, Deloitte IBM, KPMG and of course AVG. The discussion was promised to be about cybersecurity with the following questions asked by the moderator through the 1.5 hours to get the discussion going.

  1. How does the advancement of mobile applications and the use of new devices (and any connected “thing”) make even greater challenges for cybersecurity?
  2. What are the most critical aspects which users need to worry about?
  3. How can suppliers, operators and providers contribute to increase the level of protection in these environments?
  4. What are the main trends in cybersecurity compared to mobile and the internet of things which just tend to grow?

Each participant gave a view point, and what interested me was how the entire conversation, regardless of the question, seemed to revolve around two topics: data breaches and consumer privacy. This dominated the answers, yet if the same questions had been asked 3 years ago this would have been about malware and protecting devices, but now the conversation is about us, the consumer.

Brazil has some unique challenges in this area as there is no legislation requiring companies to disclose any data breach, and therefore the consumer never knows if their data has been compromised. The consensus of the panel was that governments need to legislate. While I agree with the need for ‘some’ legislation there is also an opportunity for industry to self-regulate and show a responsible path. Self-regulation in any industry allows companies involved to find innovative ways to provide solutions and allows new business practices that may not have been permitted by the strictness of specific legislation.

The fact that data breaches and consumer privacy topped the agenda is not surprising. If we look at the trend of security stories in the US and Europe you’ll notice that the news coverage is all around these topics and the many data breaches that have taken place.

We, whether knowingly or not, disclose and share more information with companies than any generation has ever done before us: our preferences for food, where we shop, our location — the list of data is endless. It is only when this data falls into the wrong hands do we take time to think about the consequences of having shared it, and then maybe regretting it a little. As consumers we need greater choice and control on what is being collected about us and ultimately how it may be used.

It’s not surprising that in one of the world’s major populations, in which a large number of people moved straight to mobile skipping the PC generation, that mobile applications are used in slightly different ways to the rest of the world.  I recommend watching to see how Brazil handles the challenges of data breaches and consumer privacy, whether legislated or self-regulated.

Protect sensitive documents and data with AVG’s Data Safe

If you need to protect sensitive files or documents on your PC, you’re going to want an extra layer of security. AVG’s Data Safe feature can help.

Data Safe encrypts and stores your valuable documents, pictures or any other files onto a password-protected virtual disk on your PC. You can move files into your Data Safe and open them just like any other disk.

The contents of your AVG Data Safe are protected using AES 256-bit encryption. Once the Data Safe is locked it needs a password to be opened, without the password it’s not possible to access the contents—so your documents will remain protected.

AVG Data Safe is available in:

How to create a Data Safe

 

  • Open AVG.
  • In the AVG interface, click the Computer tab
  • On the Data Safe tab, click Create Safe.
  • Create a name for the Safe
  • Fill in the Password twice—for verification. Make it strong and memorable.
  • Fill in the Password hint. Remember: If you forget your password you will not be able to access your files!
  • Click Next.
  • Select a Location and the Size of the vault, review the other options.
  • When you’re happy with your choices, click Create Safe.

Once the Safe has been created, click the Open Now button. If the safe isn’t already unlocked, fill in your password to unlock the safe for the first time. The safe will now be accessible via the selected drive letter in Windows Explorer.

How to lock your Data Safe

  • Open AVG.
  • In the AVG interface, click the Computer tab, and then click Manage your Safes.
  • Click the Unlocked slider next to the safe you want to lock. The status will change from unlocked to locked, and the Data Safe virtual drive will be disabled.

If you want to try AVG’s Data Safe feature for yourself, download a 30-day trial of AVG Internet Security. If you have multiple PCs and devices, you can protect and mange them all with AVG Protection PRO.

For more great tips on getting the most out of your PC, Mac and mobile devices, follow us on Twitter and Facebook.

Addressing Cybersecurity for Small & Medium Businesses

Perspectives on cybersecurity continue to evolve as our level of ‘connectedness’ and awareness of potential threats increases. According to the U.S. Chamber of Commerce, many security experts believe there are two types of businesses, “…those that have been hacked and know it, and those that have been hacked and don’t know it yet.” While this overstates the situation a bit, it does highlight the urgency to address cybersecurity, even for small businesses. As the U.S. Chamber of Commerce suggests, the question isn’t if, it’s when.

Both Europe and the U.S. have designated October as cybersecurity month, highlighting the importance of this issue to business. One of the governmental organizations addressing the issue is the National Institute of Standards and Technology (NIST). NIST is currently in the revision phase of its report, Small Business Information Security: The Fundamentals, by Richard Kissel and Hyunjeong Moon. In partnership with the Small Business Administration and the FBI, NIST is one of the governmental organizations reaching out to the small business community and providing guidance on how to address cybersecurity.

Cybersecurity is not an all-or-nothing effort. NIST recognizes that the appropriate security measures may differ from company to company and that not every company will be able to implement every possible measure quickly. Nonetheless, they have classified a number of cybersecurity practices as ‘absolutely necessary’ and suggest that every small business adopts them to protect their information, systems and networks.

These practices include:

  1. Protecting information/systems/networks from damage by viruses, spyware, and other malicious code
  2. Protecting a company’s Internet connection
  3. Installing and activating software firewalls on all business systems
  4. Patching operating systems and applications
  5. Making backup copies of important business data/information
  6. Training employees in basic security principles

A great starting point for evaluating a businesses security status and potential risk is to use the “AVG Small Business Security Healthcheck” tool that AVG Business provides for free on our website. In just a few minutes a business can generate a cybersecurity profile that can be used internally, or with an IT solution provider that understands the company’s network and business practices, to ensure the right solutions are put in place.

In many cases, security experts will advise, as NIST has, that protecting against viruses and malware and installing firewalls are critical steps. This can be easily accomplished with software solutions including the just updated AVG AntiVirus and AVG Internet Security solutions from AVG Business. With exceptionally easy user interfaces and automated protection features, special knowledge isn’t required to provide protection across an entire business. Making sure that antivirus is in place and firewalls are working are the first and easiest steps a company can take.

Addressing cybersecurity for small and medium businesses has clearly risen to mission-critical status, but that doesn’t mean it has to impact a company’s resources, finances or operations. With a network of more than 10,000 partners, an active channel community, and software solutions that are continuously updated to address changing security needs, AVG Business is certain that every business can establish strong cybersecurity measures and worry less about potential threats. If your company hasn’t yet embarked on a cybersecurity plan, now is a good time to start.

Will your kids ever have privacy?

A study carried out by the Global Privacy Enforcement Network (GPEN), involved over 29 privacy enforcement authorities in 21 countries. It found that only a third of websites had effective control of the information collected on our kids.

Understanding what happens to the personal information of your children needs to be high on the agenda of all parents. I’m not sure it’s understood due to the covert way that the data is being collected. Have you ever tried reading the privacy policy that accompanies websites and apps? if you haven’t then I am fairly certain your kids haven’t.

Imagine someone knocking on your door and asking for your child’s email address and access to their friends contact details. You would be shocked at the audacity of the request and send them away with nothing. When our kids go online or use apps, this very information is being given up without thought about what happens to it.

When something is free, such as an app or web service, it’s not because the company developing it is just being nice. Companies need to make money so that they can fund innovation that will keep us functional and entertained. One of the ways they can do that is by using our data. As consumers, especially when it’s our kids, we need to understand the trade off between free and acceptable data collection and use.

In a recent BBC article about the GPEN findings, Mr Adam Stevens, head of the UK’s Information Commissioner’s Office, said: “The most common concern domestically was a lack of information being provided about how their information would be used.”

The study identified concerns with 41% of the websites examined and that a minority of sites had an accessible way to allow families to delete data.

It’s important that we engage with our kids and teach them the value of their data. They need to understand how apps and services they’re accessing are using their personal data, and we need to guide them on what is acceptable usage.

Data breaches are now common place, and with vast amounts of personal data being collected and stored the consequences for our kids could be significant.

While I would not encourage kids to tell untruths, I might encourage them to have a modified set of data for use online, for example: their place of birth could be anywhere and the day of their birth does not need to be the real one, however their year and month of birth should not differ from reality as the reputable websites and apps deliver content that is age appropriate.

I personally have multiple email addresses: one for my serious stuff like banking and family communication, and an account that I can burn if it becomes compromised or I start getting too much spam. While this maybe a complicated thing for our kids to do, the principal behind this is something worth educating kids about.

Follow me on Twitter @TonyatAVG

#ShredFest helping protect against Identity Theft

It’s no secret that personal data and private information left lying about, either in physical or digital form, can be used by thieves to steal your identity.  The problem is that securely destroying old documents, especially if you have boxes and boxes of them, can be time-consuming and frustrating.

And if you don’t destroy your data securely the consequences of being a victim to identity theft can range from outright theft of money, to unexplained debts, leaving you feeling like somebody else has taken over your life.

But thanks to a growing movement called #ShredFest originally from New York, things might get a little easier. It’s a subsidised program designed to provide secure document destruction free-of-charge. You might already have something similar in your local area, sometimes run by local banks and communities once or twice a year – or perhaps this is your opportunity to make-it-happen!

The statistics on Identity theft are nothing short of shocking. In the United States the Federal Trade Commission reports that in 2014 it received 332,646 complaints making ID theft the number one reported crime for the 15th year in a row. 

Stolen identities used in the United States in 2014 were used mostly for Government and benefits related fraud (30%) followed by Credit Card fraud (26%), Phone/Utilities fraud (16%) and Bank fraud (10%).

With the ability for criminals to collude easily on a global scale, it’s not inconceivable that we will see ID theft attempts in the future combine information obtained from the litany of online data breaches (for example, Ashley Madison), along with tidbits obtained through “dumpster diving” right at your own back door.

Fortunately, with a few simple precautions and some dedication to properly destroying the remnants of your online correspondence, and other important paperwork (that you’re no longer required to keep by law), you should be able to reduce the risk of ID theft happening to you.

Destroying Physical Documents

Got boxes of documents that you should be securely destroying? Despite #ShredFest only being available in a small number of locations at the moment, a quick search online reveals many companies that provide shredding services for a small fee.

But weighed up against the risk of ID theft against you at any time, it may well be worth it at any cost; and think of how a quick trip to your local shredding depot with a car-load of documents is not only going to put your mind at ease – but all that storage space you’ll get back at home!

Another alternative is to purchase your own document shredder – something that I have owned for many years and highly recommend – however, those boxes of tax paperwork may still be inescapable, so an annual trip to #ShredFest is likely still needed.

If you do purchase your own shredder, however, consider one that has a “cross-cut” feature (that cuts the paper into smaller pieces) which is considered a little more secure, and also there are models that can shred old CD-ROMS and DVDs which can come in handy.

Shredding Computer Files

Did you know that selecting a file and pressing delete, or simply moving the file to the trash (even after you empty it) isn’t enough to securely remove it?  It’s important to understand how to securely delete digital files on all your devices – not just your PCs, but also Mobile devices.

We’ve covered in the past how easy it is to use features like AVG’s File Shredder which can overwrite your private and personal files multiple times to ensure they cannot be recovered again.

Also if you’re recycling your old PC’s or Mobile devices, including disposing of them permanently, ensure you have taken all reasonable steps to correctly erase the data on them – this sometimes isn’t as easy as a simple factory-reset, particularly with older Android mobile devices.

Lastly, if you have an online email account (such as Gmail, Yahoo or Outlook.com) you’re likely holding on to years worth of old email that could prove to be extremely valuable to an ID thief.  As I suggest in these tips about securing your online email account, make sure you purge all your old and unwanted email too.

Until next time, stay safe out there.

Android’s factory reset may leave data behind

We’ve given tips in the past about what you could do with an older smartphone, and a few of those involved donating it to charity or selling it. A vital step before doing either of these is to perform a factory reset to clear out your data. New research has emerged that says that a factory reset may not be enough to keep your data safe from some more advanced data retrieval techniques.

Researchers at Cambridge University have just released a study outlining several flaws in the way most Android handsets handle factory resets. The issue arises from the way devices store information on flash memory. Reading data has a negligible impact on flash drives, but writing new data to them can cause considerable wear.

To prolong the drive’s health, instead of deleting content directly (“writing off” the data), flash drives will instead designate memory blocks where the data resided as “logically deleted”–meaning they are available to be overwritten.

So when you perform a factory reset, those “logically deleted” content blocks aren’t being overwritten, as they are already considered “empty” by the system. Given enough time and the right tools, the researchers were able to retrieve personal data such as photos and chat logs. They were also able to retrieve the master tokens for automatically signing in to Gmail and other Google apps as well as Facebook apps an alarming 80% of the time.

 

How to protect your data

If you are looking to sell or donate your phone, there are a few things you can do  to help keep your data private. We suggest you do all of these steps:

 

Encrypt your phone before factory resetting your data.

Devices running Android 3+ or above all allow you to encrypt your phone. The option can generally be found in the settings under the Security tab. Encrypting your phone before the reset ensures that any data that survives the factory reset has to be decrypted.

The Cambridge researchers were able to retrieve some encrypted data and run brute strength attacks until they found the right passwords. So make sure you create a long password of over 15 characters, using upper and lower cases, numbers and symbols: a longer, more complex password would take years to crack. Ideally, use a password generator: you don’t have to remember this password, since you’re “erasing this data”. Now complete the factory reset.

 

Remove your device from your Google account

From a browser on a new device, go to myaccount.google.com. Under Sign-in & Security you’ll find the Device activity & notifications section, which allows you to review all the devices currently connected to your account.

Device Activity

Select your old device, and Remove it. This will prevent any automatic sign-ins from your old device.

Remove device

 

Change your account passwords

Changing passwords regularly is simply good digital hygiene, so it makes a lot of sense to change your passwords when changing devices. Even if a hacker were to somehow retrieve your passwords to your Facebook or Google accounts after the factory reset, they would no longer work.

 

Though the risks of your data being exploited this way are relatively low, it pays to take extra precautions. With these three steps, you should be reasonably secure from even a determined criminal.

As always, stay safe out there!