|
|
5/1/2011
Laptop Security and Stolen LaptopsI watched my doctor come in with his laptop (to my appointment) and I
realized his
system was full of patient data as he began to go over the clinical information at
his finger-tips.
My medical history was completely available to him and he proceeded
to enter additional data based on the answers I gave
to his medical queries as well
as his physical diagnostics. When the appointment was over he even typed out my
scripts
on the system and they were available when I got to the reception counter to
pay. I am aware of multiple situations where
laptops are stolen from locked parked
vehicle trunks, so I went to Google and typed ‘stolen laptop ‘patients’
after I got
home and it returned 791,000 results…
Large Organizations and Corporations have Security Policies that incorporate recovery
options in case of theft.
I use 'LapTop Cop' (which is a great product laptopcopsoftware.com )
but there are many resources helping individuals to be proactive (given the number of laptops
missing monthly).
You can use one of the growing number of recovery software tools that
automatically ‘phone home’ and help
you track down your system.
The Products
First, some products that offer individual
(and business) Laptop LoJack are Absolute
Software's Computrace has an enterprise version called Complete in their LoJack
for
Laptops line, which has tools that offer asset tracking and remote hard disk
destruction, zTrace Technologies'
zTrace Gold, MyLaptopGPS for Windows, and
Brigadoon's PC/Mac PhoneHome products… They all offer quantity pricing
for business
customers, but not much else in terms of added features over their individual
versions. While it
sounds like a great idea, there are several issues with using
these tools.
Central Monitoring
A
second alternative is to look at central monitoring and image automation tools,
such as Symantec's Altiris and Kaseya
that can be used in a stolen laptop situation.
The Federal Government has (for years) been able to use your cell phone
to listen in
on your conversations by activating the microphone (even while your phone is off).
The only way to
defeat this capability is to take the battery out of the phone. This
process also allows them to easily recover independently
stolen laptops by using
remote control features.
They
do not just get an IP address, which is what a typical anti-theft product like
LoJack would provides, but actual physical
addresses, the names of the people
involved, and access to any data processed (i.e. bank accounts), and even turn on
the microphone on the laptop and listen to what individuals are saying while they
are typing. Once all pertinent
information is gathered, (usually within days or
hours) law enforcement is utilized to recover the machines. The forensic
data is
then extracted to guarantee prosecution. This capability is commercially available.
OS-based options
Third, the versions that are offered differ as to features between Mac and Windows,
with the Mac (if it is
supported at all) usually being a poor cousin. If you have a
mixed network, this could be a determining factor as to
which product you end up
deploying. Taking Computrace as an example again, the Mac version doesn't include
the
special embedded BIOS agent that comes with their Windows product. (A list of
supported laptops is available at
www.absolute.com/products-bios-enabled-computers.asp )
Phoenix Technologies offers something similar for its OEM BIOS customers called
FailSafe, but not for the general
public. And GadgetTrak has software for both Mac
and Windows, but prices them differently.
All Around Security
All of these tools are just part of an overall laptop security solution that should
also include disk encryption
and password-protecting your boot drive. If these tools
live on your hard disk and if you haven't enabled a firmware
or disk password, any
intelligent thief can just reformat your hard drive and remove this protection, or
just
remove the hard drive itself. So it makes sense to start by putting password
protection on all of your machines as first
line of defense. Disk encryption is
especially important if you need to protect confidential corporate or business data,
not to mention your own personal data, such as bank account passwords, as well.
Even if your Windows (or other OS) account is password-protected, thieves can still
access your drives and
data using simple tools if they aren’t encrypted. Look no
further than recent headlines to know the damage one
lost or stolen laptop full of
patient or client data can do. If you work with sensitive data, you should consider
using disk encryption to protect your data from physical theft or hacking.
One easily accessible method
of disk encryption for Windows users is BitLocker, a
Windows feature that provides disk encryption. Unfortunately, it
is only available
in the Enterprise and Ultimate editions of Windows Vista and Windows 7, and in
Windows Server
2008. Other Windows users will need to employ a third-party tool,
such as TrueCrypt, a free, open source disk encryption
tool.
TrueCrypt runs on all of the major platforms: Windows XP/Vista/7, Mac OS X, and
Linux. There
are a variety of encryption options, including system drive support
and hidden volumes. TrueCrypt also features real-time
or on-the-fly encryption;
meaning the files within the encrypted volumes aren’t decrypted until absolutely
necessary.
Which brings me to my last point: Do
you really need a vendor-operated central
monitoring station, or can you set up your own central place where alerts
can be
sent? GadgetTrak, Oribicule’s Undercover for Macs and iPhones, Prey (for Mac,
Windows, and Linux),
and PC/Mac PhoneHome are all tools that don't make use of any
central monitoring station, instead, the software sends
info to your e-mail (and
for GagetTrak, to Flickr) accounts directly. With some of these products, upon
booting
they look for the presence or absence of a special URL that indicates the
laptop has been stolen. If so, they send information,
such as the current IP
address, a snapshot from a Webcam, screenshots, and other details to your e-mail
address.
Recent burglary trends have laptops as a prime target but, anyone who leaves a
laptop in a vehicle is
asking for trouble. I have even observed individuals
leaving smart phones sitting on the dashboard of their parked vehicles.
Products
such as ‘Undercover’ (for laptops) will give investigators screenshots and camera
images
of thieves and allow you (like the Federal Government) to recover a stolen
system within weeks.
While options vary depending on need, OS, and budget, the ideal approach to
protecting your laptop is to cover your bases: use password protection and disk
encryption, and employ a collection
of tools, including a monitoring product with
a corresponding tracking piece on each laptop—and never leave your
laptop in your
car!
4/21/2011
Can access Internet in Safe Mode but not Normal ModeThe Power User
My client ran antimalware software
and removed spyware, adware and a very
stubborne trojan from her system. Since then, she has been trying to get her
computer to work on a wireless network (Using Internet Explorer (IE)) for the
last couple of days. Originally, she
thought it just wasn't working but, then she
noticed that it was downloading updates and that she could ping addresses.
She finally got around to checking safemode and noticed it (IE) was working in
there. She couldn’t figure
out what was keeping her system (IE) from working
in Normal Mode.
She checked the system (all she could think of) with msconfig, making
it match the msconfig in safemode, but
there was still no browser
connectivity. It was not the familiar problem(s) where Norton was
the problem.
She downloaded and used the Norton removal tool and the
system still didn’t work, so that probably wasn't the problem.
She was
not using ZoneAlarm in any form.
The Wireless connection was looking good on the system running Windows
XPs3.
IT Tech Check
1.)
I ran a check with the following: In CMD window ‘ipconfig /all’ …
Here are the
Results;
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\XXXXX>ipconfig
/all Windows IP Configuration Host Name . . . . . . . . . . . . : testpc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . .
: Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :
ec.rr.com Ethernet adapter Local Area Connection: Connection-specific DNS Suffix
. : ec.rr.com
Description . . . . . . . . . . . : Realtek RTL8139/810x Family
Fast Eth
ernet NIC
Physical Address. . . . . . . . . : 00-0C-76-C3-AD-12
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . .
: 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . .
. . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
Lease Obtained. . . . . . . . . . : Wednesday, April 20, 2011
6:41:53 PM Lease
Expires . . . . . . . . . . : Thursday, April 21, 2011 6:41:53 PM
2.) The Default gateway pointed to her routers ip address and …
3.) Her DNS pointed to her routers ip address …
4.) I checked her hosts file, located in \windows\system32\drivers\etc
(The hosts file without any extension normally has only one entry, except the
comment
lines, that points to localhost.
127.0.0.1 localhost)
5.) Everything was ok … so I tried to make a tracert to e.g. google.com
In CMD window
‘tracert google.com’
Here are the Results;
C:\Documents and Settings\XXXXX>tracert google.com Tracing route to google.com [74.125.113.104]
over a maximum of 30 hops: 1 1 ms <1 ms
<1 ms 192.168.1.1
2 453 ms 627 ms 692 ms cpe-065-184-212-001.ec.res.rr.com
[65.184.212.1] 3 609 ms 397 ms
435 ms 24.25.32.101
4 329 ms 322 ms 171 ms 24.93.64.18
5 305 ms 161 ms 230 ms ae-3-0.cr0.dca10.tbone.rr.com [66.109.6.80]
6
492 ms 556 ms 665 ms ae-2-0.pr0.dca10.tbone.rr.com [66.109.6.169]
7
232 ms 593 ms 527 ms 66.109.9.66
8 434 ms 821 ms
748 ms 216.239.48.108
9 308 ms 624 ms 628 ms 209.85.241.222
10 240 ms 227 ms 166 ms 209.85.241.207
11 45
ms 45 ms 238 ms 209.85.243.1
12 401 ms 560 ms
232 ms vw-in-f104.1e100.net [74.125.113.104] Trace complete.
6.) Everything was ok so name resolution was also working.
We Checked the IE Browser LAN Settings
7.) Click on ‘Tools’
8.) Click
on ‘Internet Options’
9.) Click on ‘Connections’
10.) Click on ‘Lan Settings’
11.) Unchecking the proxy settings in the browser properties, using
‘no
proxy’ then connecting directly. Turning on 'no proxy' made it work!
'Over 100 PC hardware diagnosis
tools in one bootable CD to analyze and repair hard drives and boot
problems.'
4/15/2011
Securing the Laptop with TrueCryptTrueCrypt runs on all of the major platforms: Windows XP/Vista/7, Mac OS X, and Linux. There are a variety of encryption options,
including system drive support and hidden volumes. TrueCrypt also features real-time or on-the-fly encryption; meaning the
files within the encrypted volumes aren't decrypted until absolutely necessary.
You can use one or more
of TrueCrypt's three encryption methods:
• File container: This is the easiest option for beginners and essentially makes a virtual drive
that is, of course, encrypted. Though it's a single file, it can contain other files and folders, similar to a zip or compressed
folder. By entering the encryption password, you can mount or assign the file container to a Windows drive letter using TrueCrypt.
Therefore, it will appear just like any other drive or partition when browsing your files in Computer or My Computer. Then
you can copy and/or drag files into the encrypted drive. Once you unmount or restart the computer, the file container is inaccessible
and remains encrypted. Since the file container is like any other file, you can still move, copy, or delete it.
• Non-system partition or drive:
This encrypts an entire secondary partition or drive (where Windows isn't installed),
which can be an internal hard drive, USB flash drive, solid-state drive, or other storage device. This method doesn't really
provide any advantages over the easier method of file containers. However, if you plan to use encrypted drives long-term,
you might just want to secure the entire drive or a partition. As with file containers, you have to mount the encrypted drive
or partition using TrueCrypt before you can access it.
•
System partition or entire drive:
If you want
full protection and privacy of your computer and data, you may want to encrypt the primary partition or drive (where Windows
is installed). This would protect the system files, such as temporary, cache, hibernation, and swap files. This method, however,
is the most complex and may require you to modify your drive partitions.
Each method has a hidden implementation
to provide double-protection. This is useful if you are ever forced to reveal your password and encrypted data; or if someone
finds your initial password. It works by creating a decoy or outer encrypted volume and then placing a hidden encrypted volume
inside. When encrypting the system partition or drive, you can actually create a whole hidden Windows installation.
Setting up an encrypted file container
You can follow these steps if you want to create a standard
file container:
1. Open the main TrueCrypt application and click Create Volume.
2. In the wizard, keep the first option selected and click Next.
3. We're going to create a standard volume, so leave the first option selected and click Next.
4. Click Select File, find a location at which to create the volume,
give it a name, and click Save to return to the wizard.
5. To prevent others from easily seeing the location of this file container from the main TrueCrypt window, select
the Never save history option.
6. Click Next to
continue.
7. If you have a favorite encryption or
hash algorithm, select them here and click Next; otherwise use the default settings. To see how well each encryption algorithm
performs on your PC, click the Benchmark button. After running the test, it will show the speed at which it takes to encrypt
and decrypt with each encryption algorithm, with higher speeds being the best.
8. On the next wizard page, specify the size of the file container you want to create and click Next.
Remember, you can't modify the size later, but you can create additional file containers.
9. On the Volume Password page, enter a password twice, following the security tips given in the wizard.
10. For an extra layer of protection, you can also use keyfiles in conjunction with the password. Therefore, when
you mount the file container as a drive so you can access it, you'd have to enter the password and select the keyfile(s) you've
created. If you prefer, you can actually apply a blank password when using a keyfile. You can pretty much make any file (such
as a doc, mp3, avi, txt, etc.) into a keyfile. You can also specify folders as keyfiles. Keep in mind; you need to choose
files and/or folders that aren't going to be edited or modified. To specify keyfiles, select the Use keyfiles option and click
the Keyfiles button. Then create or select the keyfiles and click OK.
11. Click Next to continue.
12. On the
Volume Format page, if you have a choice between the FAT and NTFS Filesystem, you probably want to choose NTFS. The other
default settings should be fine. Before continuing, help the tool create a highly strong key by moving the mouse around the
screen for at least 30 seconds. When you're done, click Format.
13. When formatting is complete, click Exit.
Before you can start moving files into the encrypted
file container, you must mount it to a drive letter:
1. Open TrueCrypt, click Select File, browse
to the file, and click Open.
2. Then select the desired
drive letter and hit Mount.
3. On the prompt, enter
the password you created. If you created a keyfile, click the Keyfiles button and use the pop-up window to add them.
4. If you select the Cache passwords and keyfiles in memory option,
the credentials are saved until you wipe or clear the cache or restart the computer. Until then you can dismount and mount
the file container repeatedly without entering the password and/or keyfiles.
5. When you're ready to mount it, click OK.
Now you can double-click the volume to open it. You can also navigate to it via Computer or My Computer like other
drives. Then you can start saving, copying, or moving files to it.
In the second and final installment, we'll work
with other encrypted methods, discover how to automatically mount volumes, and review other tips.
..................................................................................................................................... Now lets explore complex methods and see how to configure TrueCrypt to
automatically mount.
Encrypting a non-system drive or partition (where Windows is not installed) doesn't
really give you many benefits over the easier file container method. However, if you plan to regularly use drive encryption,
you might consider it.
To create a non-system encrypted drive or partition, follow these steps:
1. Open the main TrueCrypt program and click the Create Volume button.
2. Select the second or middle option and click Next.
3. We're going to create a standard volume, so leave the first option marked and click Next.
4. Click Select Device, select the desired drive or partition on which to
create the volume, and click OK to return to the wizard. If you want to encrypt the entire drive, you might consider selecting
the partition instead of the complete drive, in cases where there is only one partition. If you really apply it to the complete
drive, Windows and other operating systems might cause problems.
5. To prevent others from easily seeing the location of this encrypted volume from the main TrueCrypt window, select the
Never save history option.
6. Click Next to continue.
7. If you want to keep any files or data on the drive or partition, select
the in-place method, or if it's okay to lose any files, keep the format method selected, and then click Next.
8. If you have a favorite encryption or hash algorithm, select them here
and click Next; otherwise use the default settings. To see how well each encryption algorithm performs on your PC, click the
Benchmark button. After running the test, it will show the speed it takes to encrypt and decrypt with each encryption algorithm,
with higher speeds being the best.
9. Verify that the
drive or partition size sounds right and click Next.
10. Enter
a password twice, following the security tips given in the wizard.
11. For an extra layer of protection, you can also use keyfiles in conjunction with the password. Therefore, when you mount
the drive/partition you'd have to enter the password and select the keyfile(s) you've created. If you prefer, you can actually
apply a blank password when using keyfiles. You can pretty much make any file (such as a doc, mp3, avi, txt, etc.) into a
keyfile. You can also specify folders as keyfiles. Keep in mind; you need to choose files and/or folders that aren't going
to be edited or modified. To specify keyfiles, select the Use keyfiles option and click the Keyfiles button. Then create or
select the keyfiles and click OK.
12. Click Next to continue.
13. On the Volume Format page, if you have a choice between the FAT and NTFS
Filesystem, you probably want to choose NTFS. The other default settings should be fine. Before continuing, help the tool
create a highly strong key by moving the mouse around the screen for at least 30 seconds. When you're done, click Format.
14. When formatting is complete, click Exit.
Like with the file
container method, you must mount the device as a drive letter before you can access it:
Open TrueCrypt, click Select
Device, choose the drive or partition, and click OK. For security reasons, encrypted volumes aren't identified from other
regular volumes. Then select the desired drive letter and click Mount.
On the password prompt, enter the password
you created. If you created a keyfile, click the Keyfiles button and use the pop-up window to add them. If you select the
Cache passwords and keyfiles in memory option, the credentials are saved until you wipe or clear the cache or restart the
computer. Until then you can dismount and mount the file container repeatedly without entering the password and/or keyfiles.
When you're ready to mount it, click OK.
Now you can double-click the volume to open it. You can also navigate
to it via Computer or My Computer like other drives. Then you can start saving, copying, or moving files to it.
Encrypting
a system partition or entire drive
As discussed in the first part, encrypting the drive or partition where Windows
is installed and boots from provides the best security. You can encrypt all the system and temporary files, in addition to
your personal documents. Windows won't even boot without entering the correct password. If you need double protection, you
can even create a hidden Windows installation where you can work with the sensitive files and data.
Like the other
methods, to get started encrypting a system drive or partition, click the Create Volume button. Then select the last or bottom
option and click Next. Since this method is more complex, we won't review it. Follow the wizard and its instructions.
Automatically mount volumes when Windows boots
If you've created an encrypted file container or non-system
device, you might want them to automatically mount. Otherwise you'll have to open TrueCrypt after each boot to manually mount
them. Of course this is good if you want them to be as hidden as possible. However, remember they are only mounted and accessible
after someone successfully logs into your Windows account.
One way to configure automatic mounting is to define
your favorite volumes and then tell TrueCrypt to mount your favorite volumes when Windows boots. To do this, mount the desired
file containers and/or devices. Then click Volumes > Save Currently Mounted Volumes as Favorites. Now click Settings >
Preferences. Then in the third section down, mark Mount favorite volumes and click OK.
Points to remember
We covered how drive encryption, and particularly TrueCrypt, can keep our files and data safe from thieves and hackers.
We configured the simplest encryption method using file containers and the more complex entire drive or partition method.
Now here are some final tips to keep in mind:
• Your encrypted volume(s) can be deleted and/or become corrupted.
• Don't forget to secure your back up procedures and backup storage areas.
• If you create a hidden volume,
it's easy to open the hidden volume: just open the regular volume with the hidden volume's password.
• You don't
have to format partitions or lose data when modifying partitions with tools, such as GParted.
Eric Geier is the
Founder and CEO of NoWiresSecurity, which helps businesses easily protect their Wi-Fi with enterprise-level encryption by
offering an outsourced RADIUS/802.1X authentication service. He is also the author of many networking and computing books
for brands like For Dummies and Cisco Press.
4/1/2011
Problems with Windows 7 SP1Microsoft released Windows 7 Service Pack 1 (SP1) late last month, and
I
loaded the final code on February 22. I began encountering fatal errors and
other installation glitches immediately.
This is a frustrating experience. After beta testing
SP1 since last July, (Microsoft
released according to posts on Microsoft's Windows 7 forums) some users have
experienced
installation failures that generate a fatal error.
"Your
computer may freeze or restart to a black screen that has a '0xc0000034'
error message after you install Windows 7 Service
Pack 1," said the message
that accompanies one error.
Another error yields an "Error C000009A applying update operation 119595 of
334565 (\Registry\...) when
loading SP1.
Windows update stops at that error and it
does not say to continue. This
continues service pack one screw ups with Microsoft (Vista).
In late January, Microsoft revealed it had already sold more than 300 million
Windows 7 units in just over a year on the market.
Additionally,
by then 90 percent of enterprises had already begun the migration
to Windows 7, even though SP1 was still a month away.
With that many copies in use, a month into distribution of
Windows 7 SP1, more
glitches might be expected to show up by now.
Indeed, many of the users on Microsoft's forums seem to have found one way or
another to overcome roadblocks
to successful installation.
To their credit, Microsoft
has published a pair of knowledge base articles
presenting ways to overcome some of the problems. Regardless, the
experience has been frustrating.
|
|
Q. How do I avoid rogue antispyware and antivirus software?
A. Make sure you 'Choose Industry Certified "Security Program"
Solutions'!
If your PC is connected to
the internet, uses e-mail, has software of an unknown
origin
installed and comes into contact with recordable media (jump drives, dvd's,
cd's, etc) Antispyware and Antivirus protection is a requirement. They help prevent
attacks through e-mail (and/or attachments sent with e-mail) and surfing the web.
They also help you eradicate infections which are the result
of security holes and
bugs in software. (The e-mail, web surfing
and software holes and bugs result in
the most serious internet
attacks).
One
way to know you're purchasing a trustworthy application is to confirm that
the program
you choose has earned certification from the leading labs.
Industry certification
from ICSA Labs, Virus Bulletin, West Coast Labs, the National
Association
of Specialist Computer Retailers, and others all require antispyware/
antivirus programs to meet stringent requirements to receive certification.
Smartphone and Tablet Tips to create a safe passcode.
Smartphones and tablets open the
door to your Work, friends, family, bank details, etc... No matter which device you use, follow these tips to keep your data secure.
1. Always use a passcode. If someone gets hold of your device, the person has immediate access to your apps and
data.
2. Make your passcode difficult to guess. Codes such as 1234 or 2580 can be cracked in seconds. Go for something that’s
unique but easy for you to remember.
3. Longer is stronger. The longer the passcode, the harder it is to crack. Make yours a minimum of six
digits.
4. Mix numbers and letters. If your device allows, use a passcode that combines numbers, letters and punctuation. Avoid dictionary words and
choose a memorable combination.
5. Make it unique. Don’t use the same passcode for anything else, including other devices,
bank cards or online accounts. That way, if one passcode gets hacked the rest stay secure.
6. Be discreet. Look around and make sure no one is watching you enter your passcode, just as
you would protect your PIN at the ATM machine.
Q. What steps need to be taken to secure
mobile devices (smartphones) for
personal/work phones and
tablets.
A. Follow these steps to secure your mobile
devices.
1. Secure your device
a.
Always lock it
b. Apply a complex passcode
c. Shield your passcode
d. Apply the latest patches
2.
Prevent Malware Infections
a.
Don't click on unsolicited links
b. Think before downloading apps
c. Don't "jailbreak" or "root" your mobile
3.
Be data aware
a.
Be careful what you share
b. Encrypt sensitive data
4. Stay compliant
a. Know and follow your organizations
security
policies
Q. Do you have an example of an Organizational 'Mobile Device Security Policy'
A. Here is EZMobilePC's policy.
1.
Introduction
Mobile devices, such as smartphones and tablet computers, are important tools for the
organization and their use
is supported to achieve business goals.
However, mobile devices
also represent a significant risk to information security and
data security as, if the
appropriate security applications and procedures are not applied,
they can be a conduit for
unauthorized access to the organization’s data and IT
infrastructure.
This can subsequently lead to data leakage and system infection.
EZMoblePC has a requirement to protect its information assets in order to safeguard
its customers, intellectual property and reputation. This document outlines a set of
practices and requirements for the safe use of mobile devices.
2.
Scope
1. All mobile devices, whether owned by EZMoblePC or owned by employees, that have
access to corporate networks, data and systems, not including corporate IT-managed
laptops. This includes smartphones and
tablet computers.
2. Exemptions: Where there is a business need to be exempted from this
policy
(too costly, too complex, adversely impacting other business requirements) a risk
assessment
must be conducted being authorized by security management.
3. Policy - Technical Requirements
1.
Devices must use the following Operating Systems: Android 2.2 or later,
iOS 4.x or later.
2. Devices must store all user-saved passwords in an encrypted password store.
3. Devices must be configured with a secure password that complies with EZMoblePC's
password policy. This password must not be the same as any other credentials used
within the organization.
4.
With the exception of those devices managed by IT, devices are not allowed to be
connected directly to the internal corporate network.
3.1 User Requirements
1.
Users must only load data essential to their role onto
their mobile device(s).
2.
Users must report all lost or stolen devices to EZMoblePC
IT immediately.
3.
If a user suspects that unauthorized access to company
data has taken place
via a mobile device, they must report the incident in alignment
with EZMoblePC’s
incident handling process.
4. Devices must not be “jailbroken”* or have any software/firmware installed
which
is designed to gain access to functionality not intended to be
exposed to the user.
5.
Users must not load pirated software or illegal content
onto their devices.
6.
Applications must only be installed from official platform-owner
approved sources.
Installation of code from un-trusted sources is forbidden.
If you are unsure if an
application is from an approved source contact EZMoblePC IT.
7. Devices must be kept up to date with manufacturer or network provided patches.
As a minimum patches should be checked for weekly
and applied at least once a month.
8.
Devices must not be connected to a PC which does not
have up to date and enabled
anti-malware protection and which does not comply with corporate
policy.
9.
Devices must be encrypted in line with EZMoblePC’s
compliance standards.
10.
Users may must be cautious about the merging of personal
and work email accounts on
their devices. They must take particular care
to ensure that company data is only sent
through the corporate email
system. If a user suspects that company data has been sent
from a personal email account, either in body text or as an attachment, they must notify
EZMoblePC IT immediately.
11.
(If applicable to your organization) Users must not
use corporate workstations to backup
or synchronize device content such as media files, unless such content is required
for
legitimate business purposes.
*To jailbreak a mobile device is to remove the limitations imposed by the manufacturer.
This gives access to the operating system, thereby unlocking all its features and enabling
the installation of unauthorized software.
Q. What is the first thing I should
do when I turn on my computer.
A. Back up important files
If you follow these tips, you're more likely to be free of interference from
hackers,
viruses,
and spammers. But no system is completely secure. If you have important
files stored on your computer, copy them onto a removable disc or
an external
hard
drive, and store it in a safe place.
Q. How do I protect my password?
A. Protect your passwords
Keep your passwords in a secure place, and out of plain sight. Don't share them
on the Internet, over email, or on the phone. Your Internet Service Provider (ISP)
should never ask for your password. In addition, hackers
may try to figure out your
passwords to gain access to your computer. To make it tougher for
them:
Use passwords that have at least eight characters and include numbers or symbols.
The longer the password,
the tougher it is to crack. A 12-character password is
stronger than one with eight characters.
Avoid common word: some hackers
use programs that can try every word in the
dictionary.
Don't use your personal information, your login name, or adjacent keys on the
keyboard as passwords.
Change your passwords regularly (at a minimum, every 90 days).
Don't use the same password for each online account you access.
Q. What steps need to be taken when
setting up Wireless Home Network Security.
1) Change Default Administrator Passwords (and Usernames)
Changing the default password is important because everyone
that purchases the same
Wireless access device, knows your password.
2) Turn on (Compatible) WPA / WEP Encryption
By default, your Wireless device comes
without the encryption enables. WPA / WEP are
security programs that forced your computer to provide
an encrypted password before
you are allowed access
to the wireless access point.
3) Change the Default SSID
SSID is the network name of your wireless network;
most people leave the default name,
such as, Linksys or NetGear. By changing the name, intruders have a more difficult time
identifying your system and use known vulnerabilities. (And
of course, use the unchanged
default password.) One
mistake people make is naming their home network their family
name and or address. When cruising a neighborhood of wireless devices, its always
scary to see Bobsnet444.
4) Disable SSID Broadcast
In Wi-Fi networking, the access point or router typically broadcasts
the network name
(SSID) over the air at
regular intervals. This feature was designed for businesses and
mobile hotspots where Wi-Fi clients may come and go. In the home, this feature is
unnecessary, and
it increases the likelihood an unwelcome neighbor or hacker will try
to
log in to your home network.
5) Assign Static IP Addresses to Devices
Most home networkers gravitate toward using dynamic IP addresses.
This means that
the IP Address, (the IP
Address is needed to participate on a network.) is typically
assigned automatically. A dynamic IP address on an unsecure system can also supply
a hacker with a IP Address.
6) Enable MAC Address Filtering
Each piece of Wi-Fi gear possesses a unique identifier called the "physical address"
or "MAC address." Access points and routers keep
track of the MAC addresses of all
devices that connect to them. Many such products offer the owner an option to key in the
MAC addresses of
their home equipment that restricts the network to only allow
connections from those devices. Do this, but also know that the feature is not so powerful
as it may seem. Hacker software programs
can fake MAC addresses easily.
7) Turn Off the Network During Extended Periods of Non-Use
The ultimate in security measures for any wireless network
is to shut down, or turn office
your wireless access point
when you are not using. You are the most vulnerable at work
or asleep, and mischief minded people know it.
8) Position the Router or Access Point Safely
Wi-Fi signals normally reach to the exterior of a home. A small amount
of "leakage"
outdoors is not a problem,
but the further this signal reaches, the easier it is for others
to detect and exploit. Wi-Fi signals often reach across streets and through neighboring
homes. When installing a wireless home network, the position
of the access point or
router determines it's reach. Try to position these devices near the center of the home
rather than near windows to minimize
this leakage.
Q: What are the first security steps I should take before I connect my computer to the internet?
A: Practices Before You Connect a New Computer to the Internet
We advise home users to download and install software patches
as soon as possible after connecting a
new computer to the
Internet. However, since the background intruder scanning activity
is constant, it may not be possible for the user to complete the
download and installation of software
patches before the vulner-
abilities they are trying to fix are exploited. We recommend the
following actions 'before' connecting computers to the Internet
so
that
users can complete the patching process without incident.
Q. Where do I report
Hacking or Malware activity?
A. Here is where to report:
Hacking or a Computer Virus
Alert the appropriate authorities by contacting: Your ISP and the hacker's ISP (if you can tell what it is). You can
usually find an ISP's email
address on its website. Include information on the
incident from your firewall's log file. By alerting the ISP to the
problem on its system,
you can help it prevent similar problems in the future. The FBI at www.ic3.gov. To
fight computer criminals, they need to hear from you.
Internet
Fraud If a scammer takes advantage of you through an
Internet auction,
when you're shopping
online, or in any other way, report it to the Federal Trade
Commission, at ftc.gov. The FTC enters Internet, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds
of civil and criminal law enforcement agencies in the U.S. and abroad.
Deceptive
Spam If you get deceptive spam, including email phishing
for your
information, forward it
to spam@uce.gov. Be sure to include the full header of the email, including all routing information. You also may report phishing email to
of ISPs, security vendors, financial institutions and law enforcement agencies,
uses these reports to fight phishing.
Divulged
Personal Information If you believe you have mistakenly
given your
personal information to
a fraudster, file a complaint at ftc.gov, and then visit the Federal Trade
Commission's Identity Theft website at ftc.gov/idtheft to learn how to minimize your risk
of damage from a potential theft of your identity.
Parents Parents sometimes can feel outpaced by their technologically savvy
kids. Technology aside, there are lessons that parents can teach to help kids
stay safer as they socialize online. Most ISPs provide parental
controls, or you
can buy separate
software. But no software can substitute for parental supervision.
Talk to your kids about safe computing practices, as well as the things they're
seeing and doing online.
Social Networking
Sites Many adults, teens, and tweens use social networking
sites to exchange information about themselves, share pictures and
videos, and
use blogs and private
messaging to communicate with friends, others who share
interests, and sometimes even the world-at-large. Here are some tips for parents
who want their kids to use these sites safely:
Use privacy settings to restrict who can access and post on your
child's website. Some social networking sites have strong privacy
settings. Show
your child how to
use these settings to limit who can view their online profile, and
explain to them why this is important.
Encourage your child to think about the language used in a blog,
and to think before posting pictures and videos. Employers, college
admissions
officers, team coaches,
and teachers may view your child's postings. Even a kid's
screen name could make a difference. Encourage teens to think about the
impression that screen names could make.
Remind your kids that once they post information online, they can't
take it back. Even if they delete the information from a site, older
versions may
exist on other people's
computers and be circulated online.
Talk to your kids about bullying. Online bullying can take many forms,
from spreading rumors online and posting or forwarding private messages
without
the sender's OK, to sending
threatening messages. Tell your kids that the words
they type and the images they post can have real-world consequences. They can
make the target of the bullying feel bad, make the sender look bad
— and, some-
times, can bring
on punishment from the authorities. Encourage your kids to talk to
you if they feel targeted by a bully.
Talk to your kids about avoiding sex talk online. Recent research
shows that teens who don't talk about sex with strangers online
are less likely to
come in contact
with a predator.
Tell your kids to trust their instincts if they have suspicions. If they feel threatened by
someone or uncomfortable because of something online, encourage
them to tell you.
You can then help
them report concerns to the police and to the social networking
site. Most sites have links where users can immediately report abusive, suspicious,
or inappropriate activity.
Q. What is the best way to keep malware
out.
A.
Try to minimize the threat.
Minimizing
the Effects of Malware on Your Computer
Malware is short for “malicious software;” it includes viruses —
programs that copy
themselves without your permission — and spyware, programs installed without
your consent to monitor or control your
computer activity. Criminals are hard at work
thinking up creative ways to get malware on your computer. They create appealing
web sites, desirable downloads, and compelling
stories to lure you to links that will
download malware, especially on computers that don’t use adequate security
software. Then, they use the malware to
steal personal information, send spam,
and commit fraud.It doesn’t have to be that way.
So says a website with tips from
the federal government and the technology industry that is helping consumers be on
guard against Internet fraud, secure their
computers, and protect their personal
malware can wreak, and reclaim their computers and their electronic information.
Computers may be infected with malware if they:
-
slow down, malfunction, or display repeated error messages;
- wont shut down or restart;
-
serve up a lot of pop-up ads, or display them when youre not surfing
the web;
or
-
display web pages or programs you didnt intend to use, or send emails
you
didnt write.
If you suspect malware
is on your computer
If you suspect malware is lurking on your computer, stop shopping, banking, and
other online activities that involve user names, passwords, or other
sensitive inform-
ation.
Malware on your computer could be sending your personal information to
identity thieves.
Then, confirm that your security software is active and current:
at a minimum, your
computer
should have anti-virus and anti-spyware software, and a firewall. You can
buy stand-alone programs for each element or a security suite that
includes these
programs
from a variety of sources, including commercial vendors or from your
Internet Service Provider. Security software that comes pre-installed on a computer
generally works
for a short time unless you pay a subscription fee to keep it in effect.
In any case, security software protects against the newest threats
only if it is up-to-
date.
Thats why it is critical to set your security software and operating system (like
Windows or Apples OS) to update automatically.
Some scam artists distribute malware disguised as anti-spyware software. Resist
buying software in response to unexpected pop-up messages or emails,
especially
ads
that claim to have scanned your computer and detected malware. Thats a tactic
scammers have used to spread malware, and that has attracted the attention
of the
Federal
Trade Commission, the nations consumer protection agency, as well as a
security tools from legitimate security vendors selected by GetNetWise, a project
of
the Internet
Education Foundation.
Once you confirm that
your security software is up-to-date, run it to scan your compu-
ter for viruses and spyware. Delete everything the program identifies as a problem.
You
may have to restart your computer for the changes to take effect.If you suspect
that your computer still is infected, you may want to run a second anti-spyware
or
anti-virus
program. Some computer security experts recommend installing one
program for real-time protection, and another for periodic scans of your machine
as
a
way to stop malware that might have slipped past the first program.
Finally, if the problem persists after you exhaust your own ability to diagnose and
treat it, you might want to call for professional
help. If your computer is covered by a
warranty that offers free tech support, contact the manufacturer. Before you call,
write down the model and serial number of
your computer, the name of any software
you’ve installed, and a short description of the problem. Your notes will help you give
an accurate description to the technician.If you need professional help, if your
machine isn’t covered by a warranty, or if your security software isn’t
doing the job
properly, you may need to pay for technical support. Many companies — including
some affiliated with retail stores —
offer tech support via the phone, online, at their
store, or in your home. Telephone or online help generally are the least expensive
ways
to access support services — especially if there’s a toll-free helpline — but you
may have to do some of the work yourself.
Taking your computer to a store usually is
less expensive than hiring a technician or repair person to come into your home.
Once your computer is back
up and running, think about how malware could have
been downloaded to your machine, and what you could do to avoid it in the future. If
your security software or operating system was
out-of-date, download the newest
version and set it to update automatically. Use the opportunity to back up important
files by copying them onto a removable disc. Other
ways to minimize the chances
of a malware download in the future:
-
Don’t click on a link in an email or open an attachment unless you
know who sent it and what it is. Links in email can send you to sites
that automatically download malware to your machine. Opening
attachments — even those that appear to come from a friend or
co-worker — also can install malware on your computer.
-
Download and install software only from websites you know and trust.
Downloading free games, file-sharing programs, and customized
toolbars may sound appealing, but free software can come with
malware.
-
Talk about safe computing. Tell your kids that some online activity
can
put a computer at risk: clicking on pop-ups, downloading free games or
programs, or posting personal information.
Finally, monitor your computer
for unusual behavior. If you suspect your machine
has been exposed to malware, take action immediately. Report problems with
malware to your ISP so it can try to prevent similar problems and
alert other
Q. What Should Parents know about Social
Networking Sites?
A. Social Networking
Sites
"It's 10 p.m. Do you know where your
children are?
"Remember that phrase from your own childhood? It's still a valid question, but now, it comes with a twist:
"Do you know where your kids are — and who they're chatting with online?
"Social networking sites have morphed into
a mainstream medium for teens and adults. These sites
encourage and enable people to exchange information
about themselves, share pictures and videos,
and
use blogs and private messaging to communicate with friends,
others who share interests, and
sometimes
even the world-at-large. And that's why it's important
to be aware of the possible pitfalls that
come
with networking online.
Some social networking
sites attract pre-teens – even kids as young as 5 or 6. These younger-focused
sites don't allow the same kinds of communication
that teens and adults have, but there are still things
that parents can do to help young kids socialize
safely online. In fact, when it comes to young kids, the
law provides some protections – and gives parents some control over the type of information that
children can disclose online. For sites directed to children under age 13, and for general audience sites
that know
they're dealing with kids younger than 13, there's the Children's Online Privacy Protection Act
(COPPA). It requires
these sites to get parental consent before they collect, maintain, or use kids'
Information. COPPA also allows parents to review their child's online profiles and blog pages.
Parents sometimes can feel outpaced by their technologically savvy kids.
Technology aside, there are
lessons that parents
can teach to help kids stay safer as they socialize online.
Help Kids Socialize Safely OnlineOnGuard Online shares these tips for safe social networking:
Help
your kids understand what information should be private. Tell them why it's important to
keep some things – about themselves, family members and friends
– to themselves.
Information like their full name, Social Security number, street address, phone number,
and
family financial information — like bank or credit card Account numbers
— is private and
should stay that way. Tell them not to choose a screen name that gives away too
much
personal information.
Use privacy settings to restrict who can access and post on your child's website. Some
social networking sites have strong privacy settings.
Show your child how to use these settings to limit who can view their online profile,
and
explain to them why this is important.
Explain that kids should post only information that you — and they — are comfortable
with others seeing. Even If privacy settings are turned on, some — or even all
— of your
child's profile may be seen by a broader audience Than you're comfortable with.
Encourage your child to think about the language used in a blog, and to think before
Posting pictures and videos. Employers, college admissions officers, team coaches,
and teachers may view your child's postings.
Even a kid's screen name could make a difference. Encourage teens to think about the
impression that screen names could make.
Remind your kids that once they post information online, they can't take it back.
Even if they delete the Information from a site, older versions may exist on other
people's computers and be circulated online.
Know how your kids are getting online. More and more, kids are accessing the Internet
through their cell phones.
Find out about what limits you can place on your child's cell phone. Some cellular
companies have plans that limit downloads, Internet access, and texting; other plans
allow kids to use those features only at certain times of day.
Talk to your kids about bullying. Online bullying can take many forms, from spreading
rumors online and posting or forwarding private messages without the sender's
OK, to
sending threatening messages. Tell your kids that the words they type and the
images
they post can have real-world consequences. They can make the target of the
bullying feel bad, make the sender look bad – and, sometimes, can bring on
punishment from the authorities.
Encourage your kids to talk to you if they feel targeted by a bully.
Talk to your kids about avoiding sex talk online. Recent research shows that teens who
don't talk about sex with strangers online are less likely to come in contact with
a
predator.If you're concerned that your child is engaging in risky online behavior,
you can
search the blog sites they visit to see whatinformation they're posting. Try searching
by their name, nickname, school, hobbies, grade, or area where you live.
Tell your kids to trust their gut if they have suspicions. If they feel threatened by someone
or uncomfortable because of something online, encourage them to tell you. You
can then
help them report concerns to the police and to the social networking site. Most
sites have
links where users can immediately report abusive, suspicious, or inappropriate
online
behavior.
Read sites'
privacy policies. Spend some time with a site's privacy policy, FAQs, and
parent sections to Understand its features and privacy controls. The site should
spell out
your rights as a parent to review and delete your child's profile if your child
is younger
than 13.
A Few More Tips to Protect Pre-TeensMany of the tips above apply for pre-teens, but
parents of younger children also can:
Take
extra steps to protect younger kids. Keep the computer in an open area like the
kitchen or family room, so you can keep an eye on what your kids are doing online.
Use the Internet with them to help develop safe surfing habits.
Consider taking advantage of parental control features on some operating systems
that let you manage your kids' computer use, including what sites they can visit,
whether they can download items, or what time of day they can be online.
Go where your kids go online. Sign up for – and use – the social networking spaces
that your kids visit. Let them know that you're there, and help teach them how to act
as they socialize online.
Review your child's friends list. You may want to limit your child's online “friends” to
people your child actually knows and is friendly with in real life.
Understand sites' privacy policies. Sites should spell out your rights as a parent to
review and delete your child's profile if your child is younger than 13.
For More InformationTo learn more about staying safe online, visit the websites of the following organizations:
Federal Trade Commission — www.OnGuardOnline.gov The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business
practices in the marketplace and toprovide information to help consumers spot, stop, and avoid them.
To file a complaint or to get free information onconsumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP
(1-877-382-4357); TTY: 1-866-653-4261.The FTC manages OnGuardOnline.gov, which provides practical tips
from the federal government and the technologyindustry to help you be on guard against Internet fraud,
secure your computer, and protect your personal information. ConnectSafely — www.connectsafely.org ConnectSafely is a forum for parents, teens, educators, and advocates designed
to give teens and parents a voice in thepublic discussion about youth online safety, and has tips, as
well as other resources, for safe blogging and socialnetworking. Along with NetFamilyNews.org, it is
a project of the non- profit Tech Parenting Group. Cyberbully411 — www.cyberbully411.org Cyberbully411 provides resources and opportunities for discussion and sharing
for youth - and their parents - who havequestions about or may have been targeted by online harassment.
The website was created by the non-profit Internet Solutions for Kids, Inc., with funding from the Community
Technology Foundation of California. GetNetWise — www.getnetwise.org GetNetWise is a public service sponsored by Internet industry corporations and
public interest organizations to helpensure that Internet users have safe, constructive, and educational
or entertaining online experiences. The GetNetWise coalition works to provide Internet users with the
resources they need to make informed decisions about their and theirfamily's use of the Internet.
iKeepSafe.org is a coalition of 49 governors/first spouses, law enforcement,
the American Medical Association, the American Academy of Pediatrics, and other associations dedicated
to helping parents, educators, and caregivers byproviding tools and guidelines to promote safe Internet
and technology use among children.
NCMEC is a private, non-profit organization that helps prevent child abduction
and sexual exploitation; helps find missingchildren; and assists victims of child abduction and sexual
exploitation, their families, and the professionals who serve them. staysafe —
www.staysafe.org staysafe.org is an educational site intended to help
consumers understand both the positive aspects of the Internet aswell as how to manage a variety of
safety and security issues that exist online.
WiredSafety.org is an Internet safety and help group. WiredSafety.org provides
education, assistance, and awareness on cybercrime and abuse, privacy, security, and responsible technology
use. It is also the parent group of Teenangels.org, FBI-trained teens and preteens who promote Internet
safety. See also: Social Networking Sites: Safety Tips for Tweens and Teens What to Do if There's a ProblemTrust your gut if you have
suspicions. If you feel threatened by someone or uncomfortable because of something online,Tell an adult
you trust, and report it to the police and the social networking site.The Children's Online Privacy
Protection Act (COPPA) requires websites to obtain parental consent before collecting, using,or disclosing
personal information from children under age 13.
Q. What are
Nigerian con-men or internet scams?
A.
Phony Lotteries, Nigerian 419s, Advanced Fee Fraud, and Scams
While you're online:
Know who you're
dealing with.
In any electronic transaction, independently confirm the other party's name, street
address, and telephone number.
Resist the urge to enter foreign lotteries. These solicitations are phony
and illegal.
Delete requests that claim to be from foreign nationals
asking you to help transfer their money through your bank account. They're fraudulent.
Ignore unsolicited
emails that request your money, credit card or account numbers, or other personal information.
If you are selling something over the Internet, don't accept a potential buyer's offer to send you a check
for more than the purchase price, no matter how tempting the plea or convincing the story. End the transaction immediately
if someone insists that you wire back funds.The Internet gives buyers access to a world of goods and services, and gives sellers access to a world of customers.
Unfortunately, the Internet also gives con artists the very same access. But being on guard online can help you maximize the
global benefits of electronic commerce and minimize your chance of being defrauded. OnGuard Online wants you to know how to
spot some cross-border scams — including foreign lotteries, money offers, and check overpayment schemes — and
report them to the appropriate authorities.
Foreign Lotteries
For years, scam operators have used the telephone and direct mail to entice U.S. consumers into buying chances in supposedly
high-stakes foreign lotteries. Now they're using email, too — either to sell tickets or suggest that a large cash prize
has your name on it. No matter what country's name is used to promote a lottery, the pitch follows a pattern: you should send
money to pay for taxes, insurance, or processing or customs fees. The amount may seem small at first, but as long as you keep
paying, the requests for funds will keep coming — for higher and higher amounts. Some victims have lost thousands of
dollars.Most scam operators never buy the lottery tickets on your behalf. Others buy some tickets, but keep the "winnings"
for themselves. In any case, lottery hustlers generally try to get you to share your bank account or credit card numbers,
so they can make unauthorized withdrawals.If you're thinking about responding to a foreign lottery, OnGuard Online wants you to remember:
Playing
a foreign lottery is against the law.
There are no secret systems for winning foreign lotteries. Your chances of getting any money back are
slim to none.
If you buy even one foreign lottery ticket, you can expect many more bogus offers
for lottery or investment "opportunities." Your name will be placed on "sucker lists" that fraudsters
buy and sell.
Keep your
credit card and bank account numbers to yourself. Scam artists often ask for them during an unsolicited sales pitch. Once
they get your account numbers, they may use them to commit identity theft.Resist solicitations for foreign lottery promotions. Report them to the appropriate government officials, then hit delete.View a sample fraudulent foreign lottery solicitation.
"Nigerian" Foreign Money Offers
The "Nigerian" scam got its name from emails that supposedly came
from Nigerian "officials" who needed your help getting at their money — which was tied up due to strife in
their country. Today, people claiming to be officials, businesspeople, or the surviving relatives of former government honchos
in countries around the world send countless offers via email to transfer thousands of dollars into your bank account if you
will just pay a fee or "taxes" to help them access their money. If you respond to the initial offer, you may receive
documents that look "official." But then, you will get more email asking you to send more money to cover transaction
and transfer costs, attorney's fees, blank letterhead, and your bank account numbers, among other information. Subsequent
emails will encourage you to travel to another country to complete the transaction. Some fraudsters have even produced trunks
of dyed or stamped money to verify their claims.The emails are from crooks trying to steal your money or commit identity
theft. Victims of this scam report that emergencies arise that require more money and delay the "transfer" of funds;
in the end, you lose your money, and the scam artist vanishes. According to the U.S. State Department, people who have responded
to these solicitations have been beaten, subjected to threats and extortion, and in some cases, murdered.If you receive an
email from someone claiming to need your help getting money out of another country, don't respond. After all, why would a stranger from another country pick you out at random to share thousands of
dollars? Report the solicitation to the appropriate government officials, and then hit delete.View a sample fraudulent foreign money offer.
Check Overpayment Schemes
Say
no to a check for more than your selling price, no matter how tempting the plea or convincing the story. Check overpayment
schemes generally target people who have posted an item for sale online. The con artist, posing as a potential buyer from
a foreign country (or a distant part of the U.S.), emails the seller and offers to buy the item with a cashier's check, money
order, personal check, or corporate check. Or the scammer may pretend to be a business owner from a foreign country, needing
"financial agents" to process payments for their U.S. orders; in exchange, they promise a commission.Regardless of the cover, here's what happens:
The scammer sends you a check that looks authentic — complete with watermarks — made payable for more money than
you expected. They ask you to deposit it in your bank account, and then wire-transfer some portion of the funds to a foreign
account. They provide convincing reasons why the check is for more than the necessary amount, and why the funds must be transferred
quickly. Sometimes, the counterfeit checks fool a bank teller, but be aware that the check still can bounce. The scammer vanishes
with the money you wired from your own account and you are on the hook for the entire amount of the worthless check. In addition,
a scammer who has your bank account number is likely to use it to withdraw more money from your account.
Reporting a Cross-Border Scam
If you think you may have responded to a cross-border scam, file a complaint at www.econsumer.gov, a project of 20 countries of the International Consumer Protection and Enforcement
Network. Then visit the FTC's identity theft website at www.ftc.gov/idtheft. While you can't completely control whether you will become a victim
of identity theft, you can take some steps to minimize your risk.If you've responded to a "Nigerian" scheme, contact your
local Secret Service field office using contact information from the Blue Pages of your telephone directory, or from www.secretservice.gov/field_offices.shtml.In addition, report telemarketing fraud and check overpayment scams to your state
Attorney General, using contact information at www.naag.org.Report unsolicited email offers to spam@uce.gov — including offers inviting you to participate in a foreign
lottery, looking for help getting money out of a foreign country, or asking you to wire back extra funds from a check you
received.If you receive what looks like lottery material from a foreign country through the postal mail, give it to your local
postmaster.
For More InformationForeign Lottery Scams
U.S. Federal Trade Commission — The FTC works for the consumer to prevent fraudulent, deceptive,
and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them.
To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261.
The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure,
online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.Competition Bureau in Canada — The Competition Bureau is an independent law enforcement agency
in Canada that investigates anti-competitive practices and promotes compliance with the
laws under its jurisdiction. To file a complaint or to get free information, visit www.competitionbureau.gc.ca or call toll-free, 1-800-348-5358. The Bureau has the ability to refer criminal matters to the Attorney General of Canada,
who then decides whether to prosecute before the courts.United Kingdom's Office of Fair Trading — The United Kingdom's
Office of Fair Trading is responsible for making markets work well for consumers. They protect and promote consumer interests
throughout the United Kingdom, while ensuring that businesses are fair and competitive. To file a complaint or to get free information,
visit www.oft.gov.uk or send an email to enquiries@oft.gsi.gov.uk.Australian Competition and Consumer Commission — The Australian Competition and Consumer Commission encourages vigorous
competition in the marketplace and enforces consumer protection and fair trading laws. To file a complaint or to get more
information, visit www.accc.gov.au. The ACCC advocates consultation and negotiation as the first and
best option to settle disputes, but once the ACCC pursues legal action any sort of mediation becomes less likely.
"Nigerian" Advance-Fee Scams
U.S. Secret Service — The Secret Service investigates violations of laws relating to financial
crimes, including access device fraud, financial institution fraud, identity theft, and computer fraud. To file a complaint
or to get free information, visit www.secretservice.gov or call 202-406-5708.U.S. Department of State — The Department of State's mission is to create a more secure, democratic,
and prosperous world for the benefit of the American people and the international community. As part of that mission, the
Department of State seeks to minimize the impact of international crime, including cross-border internet scams, on the United States and its citizens. To get free information, visit www.state.gov.
Q. What should I do prior to disposing of an old computer?
A. Computer Disposal
Once you have a “clean” computer,
consider recycling, donating, or reselling it – and keep the environment in mind when
disposing of your computer.If you want to get rid of your old computer, options include recycling,
reselling, and donating.
But before
you log off for thelast time, there are important
things to do to prepare it for disposal. Computers
often hold
personal and financial
information, including passwords, account numbers, license keys or registration numbers for software
programs, addresses and phone numbers, medical and prescription information, tax returns, and other personal documents.
Before getting rid of your old computer, it’s a good idea to use software to “wipe”the hard drive clean. If you don’t, consider
your old hard drive a 21st century treasure chest for identity thieves
and information pirates. The Federal Trade Commission
(FTC), the nation’s consumer
protection agency, says you can deter identity theft and information piracy by taking a few
preventive steps.
Understanding Hard Drives
A computer’s hard
drive stores data, and maintains an index of files. When you save a file, especially a large one, it is
scattered around the hard drive in bits and
pieces. Files also are automatically created by browsers
and operating
systems. When you open a file, the hard drive checks the index, then gathers
the bits and pieces and reconstructs them.
When you
delete a file, the links between the index and the file disappear, signaling to your system that the file isn’t needed
any longer and that hard drive space
can be overwritten. But the bits and pieces of the deleted file stay on your computer
until they’re overwritten, and they can be retrieved with a data recovery program.
To remove data from your hard drive
permanently,
it needs to be wiped clean.
Cleaning Hard Dives
Before you clean your hard
drive, save the files that are important to you on an external storage device – for example,
a USB drive, a CDRom, or an external
hard drive – or transfer them to a new computer. Check your owner’s manual, the
manufacturer’s website, or its customer support line for information on how to
save data and transfer it to a new
computer. Utility programs to wipe your hard drive are available both online and in stores where computers are
sold.
They’re generally inexpensive; some are available on the Internet for free. Wipe utility
programs vary in their capabilities:
some
erase the entire disk, while others allow you
to select files or folders to erase. They also vary in their effectiveness:
programs that overwrite
or wipe the hard drive many times are very effective; those that overwrite or wipe the drive only once
may not prevent information being wiped from being recovered later.
If your old computer contains sensitive information
that would be valuable to an identity
thief, consider using a program that overwrites or wipes the hard drive many times. Or,
remove the hard
drive, and physically destroy it. One more thing to keep in mind: If you use your home or personal
computer
for business purposes, check with your employer about how to manage information on your computer that’s business-related.
The law requires businesses to follow
data security and disposal requirements for certain information that’s related to
customers.
Disposal
Options
Once you have a “clean”
computer, here’s how to dispose of it:
Recycle it. Many computer manufacturers have programs to recycle computers
and components. Check their
websites or call their toll-free numbers
for more information. The Environmental Protection Agency (EPA) has
information on electronic product recycling
programs at
program. Check with your county or local government,
including the local landfill office for regulations.
Donate it. Many organizations collect old computers and donate them to charities.
Resell it. Some people and organizations buy old computers.
Check online. Keep
the environment in mind when disposing of your computer.
Most computer equipment contains hazardous materialsthat don’t belong in a landfill.
For example, many computers have heavy metals that can contaminate the earth.
The EPA recommends that you check with your local health and sanitation agencies for ways to dispose
of electronics safely.
www.hypersmash.com
hostgator promo
