Tag Archives: Tony Anscombe

Should all Facebook users follow your example, Mr. Zuckerberg?

Sticky tape – is it really secure by design? Mark Zuckerberg the founder of the high tech company Facebook uses everyday sticky tape to help protect his laptop and identity.

Facebook founder and advocate of social media was recently pictured celebrating reaching the 500 million active users per month milestone for Instagram, a Facebook company. The achievements of Mr. Zuckerberg are indeed remarkable; the way in which the world communicates today would be very different without Facebook.

In the celebratory photo, Mr. Zuckerberg is seated at his desk holding a cutout of Instagram’s feed in Facebook’s Silicon Valley headquarters. Eagle-eyed Twitter user Chris Olson spotted that Mr. Zuckerberg, like many of us, had put tape over the webcam and microphone of his laptop.

We’ve all heard the stories of web cams being turned on in homes by malicious hackers, TVs that listen to us, and toys that record our voices, so it wouldn’t be surprising if many of us already do the same. Protecting devices with physical security helps ensure that if a hacker accesses your device, they do not see or hear much.

You might, however, expect the billionaire founder of Facebook to have a more sophisticated solution though, especially when there has been so much written about Facebook apps asking for permissions that seem somewhat sensitive or intrusive for some users. For example, Facebook asking for permission to access the user’s microphone and camera has generated speculation about whether such access could be used in ways that are not transparent to the user.

There have been several articles written with explanations on why the permissions are needed and assurances by Facebook that it will not abuse them.  So, if all of this is true, why is the CEO and founder of Facebook putting tape over his webcam? Should we also be putting tape over our webcams?

We know that the CEO and Founder of Facebook does, and in a recent interview, James Comey, Director of the FBI also admitted to using this technique. Either they are making a statement or this method actually works. My personal opinion is – it’s the latter.

It might of course be because both of these personalities have such a high public profile that they are more likely to be targets for hackers. Considering malware like the remote access trojan (RAT) that can access a camera, maybe a piece of tape is a practical if not wholly elegant solution. Naturally, having up to date antivirus software and a fully updated/patched machine will make it less likely that such malware will ever reach your machine.

There’s also human error, although I am not sure this has been given an official ‘name’. Have you ever accidently started a video call on your laptop or phone? Most of us know that it is all too easy to click the wrong button to make the call and the next thing you know you are broadcasting video … and let’s hope it’s nothing confidential or embarrassing.

Given the risk of a mistake and the risk of malware, and two high profile examples … on balance, it probably is time to tape over your PC’s camera and microphone to minimize the risk that you share something inadvertently via your camera.

And for the fans of duct tape, that’s probably overkill when covering up a cam, I’d suggest using something a bit more easily removable!

SPF 50 protection for your tech this summer

Make traveling this summer a cool breeze by preparing your tech gadgets for the trip. A few actions prior to leaving will ensure you can enjoy the hard earned vacation.

If your carry-on luggage is like mine, you have a lot of thing that need connecting to the internet.  Between my wife, son and myself it is not unusual for us to carry 3 laptops, 3 phones, an iPad and a gaming tablet – and that doesn’t even include our wearables!  That’s at least 8 devices I need to think about charging and that’s also the first thing I think about when booking a hotel.  I look for those magic words, “unlimited free WiFi”.

Having a safe vacation isn’t just about going online safely but it’s also about securing your finances and your family’s digital life.  And it doesn’t start when you arrive.  See below for my safety tips from start to finish:

Before you go…

  • If you are traveling abroad be sure to let your bank and credit card company know, they look for fraudulent transactions and if your card is used in a different country then it may get blocked until you confirm its actually you. Avoid this with a proactive phone call before you go.
  • If you are bringing a laptop, consider leaving some data at home by removing sensitive documents. In the event someone steals your laptop, then that’s all they get.  This helps safeguard your identity.  Be sure to back-up your data before you leave for the airport.
  • Secure your mobile devices and laptops with strong passwords and if you have not already set up anti-theft software on your smartphone, then download it and register. AVG AntiVirus for Android has this feature.
  • You can avoid running up significant cell phone bills by disabling data roaming. If you don’t want to disable it completely then at least go through your apps and disable it for the non-critical ones. Games and parking apps don’t need to update themselves when you are on the beach!
  • Be cautious not to advertise the fact that you’re away from home by posting your minute-by-minute location on social media sites. You can switch off location services that might automatically check you in somewhere exotic.
  • If you are going to use public wifi, then consider installing a personal VPN product on the devices that you are going to connect. HMA’s VPN products can be installed several devices with a single subscription and they are part of the AVG family of security and privacy apps.
  • Update your security software and applications, this will ensure the latest security patches are installed and reduce the risk of you getting a malware infection. This is more important when traveling as you may not know which sites are reputable when you land in a foreign

Once you’re there…

The minute the plane lands, the mad rush to switch on the phone begins.  What did you miss while flying?  Probably not much.  Airport, coffee shops and hotels are the destinations of choice for those needing a vital connection. How do I stay safe on public WiFi?

  • The first thing to remember may seem obvious but many people don’t think of it. That’s to take a look behind you. Yes, that person behind you on the plane or in the coffee shop has direct visibility of your screen and if you log-in or make a transaction, they may well be watching.
  • When the list of Public WiFi networks is displayed don’t trust them without asking. Make  sure you connect to an official one rather than a fake one that a cyber-criminal may have set up in order to trick you.  If in doubt, ask the manager at the shop.
  • Use a VPN when connected. This encrypts the connection in case any snoopers are watching the data running on a public network and they won’t be able to see what you are doing. Tools to snoop are readily available and easy to use making this a real threat.
  • When possible, leave transactions to the privacy of your hotel room or if I can wait until you get home – that’s the best option. Booking tickets is one task that will not wait, so use a credit card rather than a debit card.  Credit cards have limits and do not give someone access your bank account.

And possibly the best tip of all – disconnect and enjoy your vacation without the interruptions of technology!  Last year, this was forced upon me when we found that the national park we stayed in had no cell service and the nearest WiFi was 50 miles away. It was frustrating to start with, but great once we got used to it.

Receive BIG savings this summer when you download HMA’s VPN  for a limited time only.

Encryption Apps: Smartphone security is a concern to all

A growing number of apps are popping up promising to encrypt your emails, messages and more. There are several places where encryption can play a role on your smartphone device.

A growing number of apps are popping up promising to encrypt your emails, messages and more. There are several places where encryption can play a role on smartphones – securing voice, messages, chat, emails, files and pictures, basically any file or data in transit.  What are the pros and cons of these new features and apps and how do they work?

Let’s take a look at voice encryption, which I know may sound like something from a spy movie. Voice is complex to encrypt because both of the parties talking to each other on the phone would need to have the same app that offers voice encryption.  Voice encryption apps, like Cellcrypt and Guardlock, require the user to register, add or accept an invite from the other party. This extra step can complicate communication for the average user and their motivation to use it is probably around a “I’ll worry about it later or it’s just not important to me” level.

When it comes to encrypting data, if your phone is secured with a PIN and you have not changed the encryption defaults then your data should be safe. If you’ve been following the developments of the Apple vs FBI case surrounding the data on smartphones, you know that newer smartphones are by default encrypted and that it’s difficult to break. But once the phone is unlocked by the user, they are immediately open and the data is then accessible and potentially at risk from theft if the phone is accessed by a third party, even remotely. Think of it as an encryption layer over your entire house, with the downside being that once you get in through the front door, you can move around relatively easily.

Let’s talk about apps that offer encrypted storage. You drop the files in there and lock it with a pin, much like locking away files in a vault.  The benefit here is that you can make a judgement of what data is sensitive and store it accordingly, in the same way you would with physical documents by placing them in a safe. Examples of apps that do this are Vault-Hide and Vault!.

There are many chat apps that offer encryption in the same way as those encrypting voice encryption– both parties need to have the same app downloaded with a connection to the other person.  This is so that they can send message and files/photos to each other without someone in the middle intercepting them. Some of these also offer the ability to lock the app with a pin, so the beauty of that is even if someone unlocks your phone they are not going to see what you’ve been chatting about in that app.

Beware of apps promising encryption that do not have a pin/password to unlock the app, for the above reason.  If someone can access your phone either physically or remotely while in an unlocked state, then there is potential for them to access the app and see your chat and file transfers. Examples of encrypted chat apps are Whatsapp or Theema; however, Whatsapp does not offer the added protection of a password or pin.

The other place where caution is needed is on WIFI networks at public places such as coffee shops and libraries.  We connect to send and receive data and if we don’t have a VPN installed on the device, then our apps could be sending that private data in plain text to unknown services and would-be thieves.  There are simple and widely available tools that allow for someone to gain access to your data via a public WIFI.  Adding a VPN ensures that when data leaves your device, it’s encrypted and protects all data and app communication, although notes that this protection does not extend to voice. One good VPN to use is Hide My Ass!, part of the AVG family of apps, that obscures your location.

Now, if you want to take the ultimate step towards absolute privacy, you can purchase a Blackphone.  CBS’s 60 Minutes had a good episode that talks about the Blackphone and its ability to do everything I’ve mentioned above.  A “must-have” for anyone wanting to be like a character in a spy movie!

Why It’s Important to Take Your Own Advice

Mark Zuckerberg’s social media accounts on Pinterest and Twitter were hacked by an organization who call themselves OurMine. The hackers cheekily sent Mr. Zuckerberg a message from his account.

 

Mark Zuckerberg’s social media accounts on Pinterest and Twitter were hacked by an organization calling itself OurMine. The hackers cheekily sent Mr. Zuckerberg a message from his account, saying, “We are just testing your security”.

The hackers reportedly gained access through account details exposed by the LinkedIn data breach in 2012 when over 100 million accounts were compromised.

Two questions immediately spring to mind.  Firstly – why hasn’t he activated stronger login protocol using 2 factor authentication through his mobile phone? And secondly – has Mr. Zuckerberg not changed his password since then?

In 2011, Facebook itself introduced ‘Login Approvals’, so that when you login in from an unknown device, it authenticates you through a text message sent to your mobile phone. The blog post on Facebook’s page that announces the feature states:

 

“As more individuals and businesses turn to Facebook to share and connect with others, people are looking to take more control over protecting their account from unauthorized access”

 

You would assume that Mr. Zuckerberg would understand the risks associated with his own social media accounts, having developed a solution for users of his own social media site.

We can all understand that we sometimes use the same password on several sites; we are all guilty of that.  But to not have changed the password on those sites after such a big data breach, such as LinkedIn’s, could be described as naïve – maybe irresponsible.

Let’s not judge too quickly, though, because we have to remember that most celebrities and billionaires don’t Tweet and post content themselves (I do all my own!).  It’s normal to have teams of marketing and public relations people controlling their online presence and identity as part of their overall brand.  These teams likely have access to the same account, maybe using the same login credentials year after year. Securing an account that has shared access requires using Tweetdeck and then every user needs to setup their options authentication. Then each user signs in in with their own twitter account and has access to the shared account, they can manage their own settings and while they can setup 2 factor authentication they also might not and therefore your shared account is as strong as the weakest settings of the shared account users.

There are solutions out there that allow shared access, and Tweetdeck, for example, offers this for Twitter, but it was not released until 2015. The Twitter account of Mr. Zuckerberg has not shown a Tweet since 2012, until it was recently hacked.  An account that is not used to post content is probably not thought to be a risk, which of course is wrong.  And the account may not even be used to consume content.

The moral of the story is that we should:

  • Enable 2 factor authentication, using either the option to validate using a mobile device every time you login or at least to authenticate when a new device is trying to access your account.
  • When there is a data breach that may involve your data, do not sit back and think it will not happen to you, change passwords. If you are using the same password on several accounts, change it on them as well and make them all unique.
  • Delete or suspend inactive accounts that you no longer use; if suspending them, turn on 2 factor authentication so that only you can re-activate them at a later date.

Personally, I use the option to authenticate through my mobile phone.  While this causes some inconvenience when logging in, it does provide me with the confidence that I have the best option to be secure turned on.

Mr. Zuckerberg got lucky this time around as the hackers just wanted the kudos of hacking his account. I can only imagine the chaos this caused his marketing and PR people, running around in panicked circles, vowing to never let this happen ever again.

Ransomware criminals should be “shot at sunrise”

Should be “Shot at sunrise” is the opinion of U.S. politician Michael C.Burgess, the representative for Texas, when talking about the cybercriminals who distribute ransomware that victimizes consumers and businesses.

Ransomware, malicious software designed to block access to a computer system until a sum of money is paid, and the use of exploit kits to distribute it, are adding new challenges to threat detection and protection. And now Angler, an exploit kit, which has been a known Internet threat since 2013, is being used to distribute ransomware. With the sole intent of installing ransomware on victim’s machines.

Our AVG Web Threats team is tracking these widespread ransomware attacks being delivered by the Angler crimeware exploit kit.

The use of exploit kits to distribute ransomware is a new trend – one that could cause widespread ransomware distribution. Exploit kits are software packages readily available for sale and are used by malicious operators to easily create malware that performs a wide variety of malicious functions. The malware is installed on hacked web servers and attacks the machines of visitors to web sites, in many instances, without their knowledge.

There is a common misperception that web users are only at risk if they browse risky sites, however, hacked sites are often brand names and appear safe. Small business sites in particular can be prime targets because they have less security and their visitors typically know the company and trust their brand.

The malware on these sites seeks out vulnerabilities in commonly used tools that improve website experiences, such as Flash, Silverlight and other software that employs Java and PDF-format files. The malware then runs malicious code on the visitors’ machine to install ransomware, backdoors and Spybot clients.

Our AVG Web Threats team has researched a particular instance of a Java exploit commonly found in association with Angler. This threat is detected by AVG, which we’ve been detecting since January. AVG customers who participate in anonymous threat sharing reported 6,123 hacked domains serving Angler in January, 8,260 in February and 4,412 in March.

Angler ransomware installs

TeslaCrypt is the most common type of ransomware installation currently that’s associated with Angler, according to our AVG Web Threats team analysis of this threat. TeslaCrypt encrypts users’ files, including writeable shares, and messages the user to extort payment for recovering the encrypted data. Paying the ransom to unlock files typically does not result in the recovery of the files.

Below are screen shot examples of ransomware attacks that attempt to extort $1,000 USD, payable through the untraceable currency of bitcoins.

Backdoor installs

Our AVG Web Threats team track the Angler-infected host machines have also tracked incidences of downloading malware known as backdoor malcode (commonly Bedep). Backdoor, or Bedep, can snatch passwords and personal confidential data from visitors’ machines.

Protecting your desktop

AVG recommends that consumers and businesses take the following preventive measures:

  • Frequently backup data and important files; do not leave the backup device connected to the machine
  • Ensure that security software, such as AVG, is up to date
  • Ensure that Windows updates are downloaded and installed; doing this automatically is recommended.
  • Update browsers and ensure you are using the latest versions available

Protecting web servers

Malicious code from the Angler exploit kit is initially installed on the web pages of vulnerable servers. For businesses, standard security precautions and monitoring are the basic defense. Researchers find a large number of Angler injections on WordPress and Apache servers – these should be given an extra measure of scrutiny.

  • Ensure all Operating System patches and updates are applied quickly
  • Regularly review and assess the state of 3rd party software running on the server.  For example, vulnerabilities in packages like WordPress are particularly important, as these are common attack vectors
  • Consider removing site content and 3rd party software that is out of date or not being used
  • Keep backups of websites in a safe place (not on a shared directory); offsite backups are best
  • Monitor web pages for unexpected and unauthorized changes
  • Keep antivirus and other security software, such as AVG, updated
  • Consider using intrusion detection applications, such as AVG

/var/www/now.avg.com/18.45.0/wp content/uploads/2016/05/ransom 1

Our AVG Web Threats team continue to monitor and track threats such as Angler, so that we can deliver the security you need to keep your devices and businesses safe.

From Cars to Toothbrushes and Everything in Between – MWC 2016

Mobile World Congress is the largest gathering of the mobile industry and takes place at the end of February every year. According to the latest attendance numbers, it was bigger and more attended than any previous congress.  Every possible brand associated with smartphones you can think of was there and even some of the brands you may not know but they provide the stuff to make it all work behind the scenes.

There is a dramatic change afoot in this industry and it’s clear to see at MWC.  The focus of this year’s show is very much about the Internet of Things (IoT). Most of us consider this to mean fitness trackers, a few connected fridges, and maybe for the select few, a car.

IoT is going to affect all of us in ways that we can’t yet imagine — everything will be connected and adding data to a world that will operate based on the analysis of everything around us. This may sound like a science-fiction movie, it’s not. There’s technology on its way that really does mean that there are very few things that won’t be connected.

What was hot at this year’s MWC 2016?

There is a device for tracking everything from fitness to air quality. While they’re exciting toys and gadgets for us to own and play with, the bigger story is how these stepping stones are being placed for a far more connected world. We continually hear about self-driving cars and other cool innovations, but for many of us these are still news stories rather than reality. One such company is Seat’s connected car tech that allows drivers to check the availability of parking spaces, access breakdown services and connect to household appliances.

Seat’s connected car

Do you ever leave home in the morning having missed a tooth when brushing? With Oral-B’s smart toothbrush it will be a thing of the past! A smartphone app connects to the toothbrush and detects which teeth are still dirty.

Visa announced their new payment system, the Visa Ready program, which will allow transactions to be made from any suitable connected device. For anyone traveling through London recently, they may have seen people waving their phones on the tube payment terminals to pay for their trip. With the new service from Visa, this facility will be extended to other devices and use tokens rather than card details. This means that personal data is never transmitted in a similar way that Apple Pay and Android Pay work and should be considered a security enhancement over the current process.

Honda has already signed up to the program to use an in-car fuel app that will be integrated into their vehicles dashboards. Once the car is running low on fuel the driver will be automatically be directed to the nearest gas station. The app will know the exact amount of fuel needed and pay for the fuel and calculate the cost. Of course, this does mean the pump needs to accept wireless payments and you will still need to get out and actually put the fuel hose into the car.

Virtual reality

A technology that has been heard about for years is about to become both affordable and usable, and will soon establish itself as a normal part of our lives. I was lucky enough to get a full hands-on demo of Intel’s RealSense™ virtual reality technology that is being made available to developers in the next few months.

of Intel’s RealSense virtual reality technology

Put the headset on and be immersed in a virtual world where you can actually interact using your hands. Yes, they actually appear in the virtual world allowing you to move objects and to be part of what you are seeing. Or allow the headset to map, in real-time, the environment you are in and to add things to it — you can mix our physical world with a virtual one.  For example using the demo headset I scanned a table and then a cat jumped up onto it. I moved away and the cat jumped off the table. The possibilities for this technology in our normal lives, especially if you are a gamer, are really exciting  and I can’t wait to see them realized.

There is a common concern with all the new IoT devices and cool services that they deliver, that is one of security. With every connected device a new opportunity is created for hackers to attempt to breach the device and access your personal data. While many device manufacturers may create their products using a ‘secure by design’ approach, this may not be the case with the small innovative companies that have the hottest technology.

The concern should not stop with hackers. Devices are collecting data that we may not realize. This raises questions about who has access to our data and what is it being used for — did you read the privacy policy of every connected device you already own, and will you read the privacy policy of all the new ones? Unfortunately, the answer is most likely no. Besides presenting us with new and impressive connected devices, Mobile World Congress has also highlighted the need for us to be aware of the “what” and “who” is holding our data and for what intent.

Breathing fresh air into the Internet of Things, to keep you alive

Here at AVG we have an innovation team (AVG Innovation Labs) that looks at future security risks and how technology can be deployed to manage it.

And when it comes to new IoT devices, special consideration is needed to ensure data is kept personal and private. AVG Innovation Labs undertakes research to allow us to understand how best to provide these services going forward.

The AVG team have been innovating their own IoT devices and applications to get a first-hand experience of the challenges that vendors go through when creating a device for the home.

One of those projects has been looking at air quality and how it can be an issue for many people, whether they suffer from allergies or maybe asthma. Breathing clean and acceptable air can improve our day to day experience, and by extension our personal security.

The device starts with measuring the Air Quality Index (AQI) which provides an overall rating of air quality.  This is obtained by analyzing multiple sensor readings such as relative humidity, temperature, carbon monoxide, ammonia, and many more.

In conjunction with our vision of the future for AVG Zen and Family Graph, we’re demonstrating the importance of location as an impact on the safety of everyday family life.

Now imagine a scenario where we combine some of that future AVG Zen functionality with Air Quality monitoring and other connected devices in the home.

Through location sharing our devices know if we are home, travelling, or even en route from work or school. As we start our travel toward home, our smart connected device that we all carry could automatically connect with the home network to inspect the status of air quality and temperature remotely.

With that information at hand, and making decisions based on our preferences, the technology could automatically open vents or start de-humidification or air-conditioning units to change the air quality, or switch on the heating so that we have a warm house to welcome us home.

The potential for technology to improve our everyday lives and ensure that our environment is the best it could be is remarkable. There is also the life-saving benefit of avoiding toxic conditions caused when a gas powered heating system malfunctions, for example.

When IoT devices bring real value such as this, it’s important that they are not interfered with by hackers, and that the data analyzed remains private and secure. Imagine getting home to find the air quality has been made worse not better, or that the house is too cold or even too hot and you have a large energy bill coming your way.

Through innovation like this, AVG is able to understand the complex challenges of securing devices and services that will one day provide us all with truly connected homes and lives.

AVG‘s Winning Game Plan for “Secure” Bowl Sunday

The biggest football game of the year is a big day for being online – whether you’re traveling to Santa Clara to watch it in-person or heading to a friend’s party (or two).  Either way, it’s important to protect yourself while you’re on your phone, and there is no doubt there will be a lot of social media activity from kickoff to half-time to when the clock reaches zero.

If you’re like the majority of us and don’t have a ticket to the game, you’ll most likely be watching the extravagantly funded commercials and your Twitter or Facebook feed from a friend’s house.  Here are some things to keep in mind while online.

  • Big events are popular among spammers:  Recognize spam as spam; meaning, don’t click on video links or open any attachments from unknown senders.  Only open emails from reputable vendors and people you know.
  • Watch out for fake offers: Don’t think you’re going to buy a last-minute cheap ticket.  They don’t exist!  If you are in the market for a ticket, only buy from a reputable ticket agent.
  • Be a REAL fan:  You only want official NFL gear, right?  Watch out for knock-off or unofficial team merchandise, as it will not look good after the first wash.  Only buy from a retailer you recognize.
  • Phishing for your money: AVG’s Web Threats Team found the top brands misused by scammers in phishing scams are payment systems like PayPal and American Express and logistics companies like UPS / FedEx  -all companies you might expect an email from if you bought tickets or merchandise online. Do NOT reply or send personal data to these fake emails.  They are trying to get your bank and other personal information.  If you have ordered and want to track the package, use the tracking option directly on the retailer’s site.

For the lucky ones who were able to get a ticket to the big game, you’re going to be in one of the most high-tech stadiums in the country!  It is Silicon Valley, right? Did you know that there are 1200 access points for WiFi at Levi Stadium?  That’s 1 WiFi point for every 100 seats!  Plenty of connection points for posting all those selfies!   Here are some tips for staying safe in the crowd: 

  • Turn off your phone and watch the game! You paid a lot of money for that ticket, so why do you want to watch it on a small screen?
  • Encrypt personal data: Access points at Levi Stadium are public but how do you know the access point you’re connecting to isn’t a criminal faking the WiFi name?  Download a free VPN like Hide My Ass! and encrypt your data.
  • Don’t advertise where you are to strangers: If you must post on social media, make sure you have your location settings turned off on your photos (geotagging) and don’t display your location.  You don’t want a burglar in your neighborhood knowing you’re at the game.  Your friends and family will know where you are when they see your photos. Just go to your phone “Settings”, find your camera app and turn off the location setting.
  • In case you lose your phone: Before you head to the big game, make sure you download anti-theft software, like AVG AntiVirus Pro for Android or make sure your anti-theft settings on your iPhone are active.  That way if you lose your phone or get pick-pocketed you’ll be able to disable, locate, or wipe it.

Stay safe at the game and have a great Sunday!!

Six things to think about in the new year

Here are six things to think about for this year, with business security strategy top of mind…

1. Artificial Intelligence keeping us safe online
Artificial intelligence and machine learning isn’t just about robot dogs and self-driving cars. The latest AVG Business anti-malware products contain a number of sophisticated neural learning and cloud-data collection techniques designed to catch malware earlier and more often. Expect to hear more through 2016 about how artificial intelligence will help transform security solutions to help keep malware at bay.

2. Certificate Authorities: beginning of the end
SSL continued to be a big talking point in 2015 with further vulnerabilities being disclosed. This year the debate will continue around certification, development of new open standards and easier choices for website owners. Every news story about certificate mismanagement, security mishaps, and data breaches puts Certificate Authorities under increasing scrutiny. For many small businesses, the website owners paying a Certificate Authority and submitting themselves to what can sometimes be an arduous verification and checking process, is cumbersome and unnecessary.

This is where technical alternatives like Let’s Encrypt (currently in beta) are bound to flourish.

Additionally, Google’s Certificate Transparency project will continue to identify rogue SSL Certificates through detections built into modern day web browsers, as Google continues to hold Certificate Authorities to account – helping keep us all safer.Lastly, with the promise of other solutions such as the Internet Society’s proposed DANE protocol, offering the ability for any website owner to validate their own SSL certificate and therefore bypass a Certificate Authority altogether, 2016 will be an interesting year to watch!

3. Malvertising, Ad Networks: shape up, or ship out
Malvertising is what happens when malware is served up to innocent web site visitors; it’s happening all too frequently and is caused by questionable third party relationships and the poor security of some online advertising networks. At the root of this problem is the “attack surface” of ever-growing, ever-complex advertising and tracking “scripts” provided by ad networks and included by publishers (often blindly) on their websites. The scripts are slowing the browsing experience and anyone who has installed an ad blocker recently will tell you they can’t believe how fast their favourite websites are now loading. Research conducted by The New York Times showed that for many popular mobile news websites, more than half of the bandwidth used comes from serving up ads. That’s more data from loading the ads, scripts and tracking codes, than the content you can see and read on the page!

Whatever the solution, one thing is for certain, Ad Networks need to shape up and address their security, otherwise 2016 may well be remembered as the year of Malvertising.

4. Augmenting passwords with extra security steps in 2016
The need for strong passwords isn’t going anywhere in 2016. There were reminders in 2015 that even having the world’s longest smartphone passcode doesn’t mean someone can’t figure it out.

This year, there will be growing use of extra steps to make accessing data safer. In 2015, Yahoo announced a security solution using mobile devices rather than a password for access, and we even saw Google include Smart Lock features that can use the presence of other nearby devices to unlock your smartphone. Two-factor authentication – using two steps and ‘something you have and something you know’ to verify someone’s identity – will continue to be popular for use by many cloud-based providers looking to avoid data breaches.

5. The Internet of Things needs security by design
Every device seems to be getting smart – in the home and in the office. You’re likely going to be using your smartphone as a “lifestyle remote” to control a growing array of devices. Being able to set the office temperature remotely, or turn on the kettle in the communal kitchen without leaving your desk may sound helpful, but the devices have the potential to give up WiFi keys. Every unprotected device that is connected to a network is open to hacking. Cyber criminals are probing hardware, scanning the airwaves, and harvesting passwords and other personal identity data from wherever they can. So the advice is simple: every connected innovation needs to be included in your business-wide security.

6. Update and upgrade or face the financial and legal consequences?
Upgrading and updating all your software, devices, gadgets and equipment remains a vital business issue. The Internet of Things is raising new questions about who is responsible for what in a legal sense. Who owns data? What happens when machines take “autonomous” decisions? Who is liable if something goes wrong? To take one extreme example, a police officer pulled over one of Google’s driverless cars in November for causing a traffic jam on one Californian highway by driving too slowly. Again, the lesson is clear. The simple rule this year is to ensure that your business software and systems are always using the latest update. Your life may not depend on it, but your livelihood might.

So these are my six “thinking points” as we head into 2016.

Here at AVG, we look forward to helping you keep security front and center for your business this year. For more information on AVG Business security solutions that keep devices, data and people protected every day, across the globe, visit http://www.avg.com/internet-security-business.

Five things to learn from 2015

Here are my five things we discovered in the last 12 months.

  1. Big brands being hacked grabs headlines – but the story can start with a small business.
    The hack and release of personal data from the adult dating site Ashley Madison probably got the most media attention of all the security breaches in 2015, but it was far from the only one. The list of familiar brands and organizations that suffered confidential data breaches ranged from VTech the children’s toy manufacturer, to the US Internal Revenue Service, to the UK’s phone and broadband internet provider, Talk Talk. There was even a “live demo” of a Chrysler-Jeep being hacked on the highway. How do hackers get in? A common tactic is via employees innocently clicking bogus links in emails or bringing malware-infected personal devices into the workplace. Crucially, hackers can find their way into big brands via small company suppliers where security may be weaker. The message is simple: all businesses need to ensure their online defences are as strong as possible.
  1. New payment methods: faster transactions but new threats
    2015 was the year that new payment methods really seemed to take off. On the one hand, “contactless” bank cards allowed consumers to make payments by tapping a card against a terminal without having to swipe and enter a PIN. But this use of RFID technology also gives cybercriminals a new opportunity to steal data – if they can get close enough.Likewise, smartphone payments – such as Apple Pay and Android Pay – are turning phones into wallets. That means thinking about your phone’s physical and cyber security. So is your business taking every possible step to keep its data – and customers’ data – as safe as possible in this new world of faster and mobile payments?
  1. Bring your own device can allow hackers through the office door
    How many of your employees bring their own mobile devices to work and use them to check and send work-related emails, access spreadsheets or other company data? So don’t forget to protect mobile devices in business, they are as vulnerable as desktop devices and carry business critical data. Two mobile hacks in 2015 reminded us all of how vulnerable smartphones can be: the MMS messages with a hidden sting, and the Stagefright 2.0 vulnerabilities in the Android operating system.
  1. Don’t think your Mac device is a safe bet!
    Part of the Apple myth is that its devices are always malware free; indeed, remember those old “I’m a Mac, I’m a PC” ads from the late 90s with the actor representing the PC catching a terrible cold versus the healthy young Mac? That myth was truly tested in 2015 when fake developer tools that were used to create iOS apps containing malicious code known as “XcodeGhost” made their way onto the Apple App Store. The moral of the story? If you’re using Apple tech, make sure you’re taking security seriously … you can still catch a cold.
  1. We’re only human!
    An error this year by an individual at the UK holiday firm Thomson was a timely reminder that however tight your online security, human beings make mistakes. Data about the name, home address, telephone number and flight information of 458 people were attached in error to an email. The simple lesson? Everyone should take a moment to think twice before attaching documents to an email and hitting send. Just ask the question: what I am sending and should this be shared in this way?

So there we are: five lessons from the outgoing year to remind us of the critical need to keep business security top of mind.

For more tips, insights and product information to keep your business protected, check out our web site at http://www.avg.com/internet-security-business. We look forward to helping keep you and your business safe as we head into the 2016!