Phone Hacking: Prevention and Protection

Media_httpfarm6static_htbfn

The demise of the News of the World and on-going stories of phone hacking reveal the prevalence of this despicable practice.

As reports have shown, you do not have to be a celebrity to be a phone hacking target by unscrupulous individuals.  My advice, therefore, to anyone with a mobile is to protect and safeguard privacy with a PIN.

Hackers take advantage of apathy on the part of mobile phone users, their naivety or lack of knowledge.  If you have never set a PIN on your Voicemail you will be accessing messages through your mobile’s default number.  This is usually a simple four digit PIN such as 0000 or 1234. Here’s how phone hacking basically works.

A hacker can call your mobile directly, or via the mobile network’s specific access number.  Remember your mobile number may be in the public arena in a variety of ways (printed on your business cards/letterheads or available through social media networks).  Having dialled your mobile,  the hacker will then guess at your easy default PIN to access your messages.  These may be highly personal or contain important professional information.  Hackers can listen to new and saved messages and delete them.  

Essentially, the ease in accessing Voicemail means you cannot necessarily tell if your mobile has been hacked.  You would, however, have suspicions raised if someone you knew mentioned they had left you a message which you could not find on Voicemail.  This would indicate it had been deleted by a hacker.  You would also be suspicious if a message accessed by a hacker but not deleted was saved before you had actually listened to it.

If you have not already done so, set a PIN on your Voicemail now.  Choose at least four random numbers and avoid guessable dates of birth, or repetitive sequences such as 1212.  If you only ever access your Voicemail via your mobile you do not need to memorise your PIN as you can change it at will.  However, there are practical benefits to keeping and remembering it.  If you forget to take your mobile with you, or its battery is flat, you can still access its Voicemail messages from a landline via your secret PIN.  The added benefit being that no-one else can.

The major mobile networks have different methods for setting Voicemail PINs as explained recently in The Telegraph.

Contact me if you experience any difficulties and/or need advice in setting a Voicemail PIN on your mobile.

Image Credit: yisris

Security Announcement: Update your Browser

AGUK wishes to draw to your immediate attention that this week (21 March 2011) there was a potential security breach in the trust of SSL certificates.

SSL certificates are issued by Certificate Authorities (CAs). The CA is responsible for ensuring the certificate is issued correctly and in accordance with industry standards.

When using a website where you provide sensitive information or login details you are protected by SSL technology. This technology encrypts the connection between you and the server. It also asserts that you are connected to a legitimate website.

Comodo, the CA who issued the suspect certificates via a partner, released information on 24 March 2011 that several certificates had been issued to a fraudulent organisation, potentially based in Iran. This means that the attacker could direct you to one of these sites and successfully pass off that site with a valid SSL certificate.

The affected websites are listed below:

  • mail.google.com
  • www.google.com
  • login.live.com
  • addons.mozilla.org
  • login.skype.com
  • login.yahoo.com
Because of the risk associated with these links the major browser vendors have issued an update to hard-block access to them if they are using one of the fraudulently obtained SSL certificates. Access to legitimate websites will be unaffected.

Google Apps Customers
You can see that some of the affected websites include the Google links associated with your Google Apps account. It is therefore extremely important that you update your browser as soon as possible.

Updating Your Browser
In most cases your browser may have already automatically updated itself. Internet Explorer updates via Windows Update, the frequency dependant upon individual PC settings. Both Chrome and FireFox can verify if they are running the latest version via the Help menu.

The latest versions can be downloaded from the links below:

If you use an alternative browser please contact its manufacturer for support and information about any updates it has supplied to counter this threat.

Update your Anti Virus
Make sure your anti-virus software is up to date. Anti-Virus solutions such as PrevX can help provide zero-hour protection against threats such as these. This particular solution can now be supplied by AGUK as one of its newly added services.

Questions or Concerns
If you have any questions or concerns about this update please post your comments below so they can be shared. If you would prefer private support please email [email protected].

Further Reading
If you are interested in the more technical aspects of this issue please click here for information provided by Symantec.

 

LinkedIn - Who is Looking at My Profile?

LinkedIn is widely acknowledged as a fantastic website for business professionals.  However, while most members understand its obvious advantages not everyone appreciates its profile viewing benefits.  I hope my tips are useful.

To see who has visited their page, LinkedIn members should click the “Who’s Viewed Your Profile” link.

11-03-2011_15-36-27
The results displayed, from specific names to general information or no details at all, will depend upon visitors’ individual visibility settings level, explained below.  But even anonymous visitors, such as “Someone in the Customer Services function from Bristol”, can be explored further.  Click the link and LinkedIn will search for members in that position and location, giving a clue to identity should you wish to instigate contact.

Profile viewing, of course, works both ways.  While you can check who has read your profile, so members can see when you read theirs.  How much information you want to reveal about yourself is down to you.  You can set your preference from the same “Who’s Viewed My Profile” screen by clicking the “Settings” link.

11-03-2011_15-38-01

Your options here are:
  • Show your name and headline
  • Only show anonymous profile characteristics (ie industry and title)
  • Be totally anonymous
The disadvantage for free account members withholding their name is the forfeiture of all profile viewing statistics. These are undoubtedly beneficial as they are a means to online networking, making connections, identifying new customers and potentially growing your business. Subscribing LinkedIn members receive full statistics whatever their profile viewing setting.

Anyone with general internet privacy concerns may be interested to know that if the edit facility is not used, LinkedIn’s default settings always reveal who members are when they view a profile.  You may consider masking your identity but my recommendation is always to show your name and headline.  After all, if you joined LinkedIn to find contacts, why hide the fact you have been looking at someone’s profile?  Remember, it could lead to a connection, and a profitable one at that.

If this article raises unanswered questions, please contact me.

 

Internet Explorer Security Update

This is a follow up to our article on the Internet Explorer Security Scare sent earlier this week. Microsoft has now released a security patch to fix its weakness. Depending on your system’s update settings, this should have been downloaded by Windows. However, to check and ensure you have the patch installed, here is AGUK’s advice.

INTERNET EXPLORER LATEST UPDATE
Windows XP Users: Go to Windows Update website and follow the steps given.

Windows Vista and Windows 7 Users: Click Start and in the search box type "Windows Update" then press Enter.

In either case you will see the critical updates available. If none are displayed then your system is up to date.

FUTURE SECURITY PRECAUTION
If your computer is not set to receive automatic updates then I recommend you immediately rectify this. It is crucial for any system to automatically download and install updates daily. For more information about how to do this please click here (Microsoft Website).

CURRENT SECURITY STATUS
After you have installed this latest patch from Microsoft you can, if you wish, adjust Internet Explorer and change your browsing security from High security to Medium-High. Alternatively leave the Internet zone setting at High and instead add any trusted sites not displaying correctly at this level to your “Trusted sites” section. To do this take the following action:

Windows XP Users: Click Start > Run and type inetcpl.cpl then press Enter.

Windows Vista and Windows 7 Users: Click Start and in the search box type inetcpl.cpl then press Enter.

In either case then click the Security tab and select the “Trusted sites” zone as per the diagram below.

Diagram of required steps to take. 

FINAL SAFEGUARD
AGUK recommends you maintain up-to-date AntiVirus software and never open email attachments, or follow links in emails to unknown websites. Also, whenever you receive an update or security patch, ensure your system is set to restart automatically after installing it, or do this manually. This will ensure immediate effect of the update.

 

Internet Explorer Security Scare

You may have seen, or heard, news coverage about a significant security problem with Windows Internet Explorer. Following Microsoft’s admission that Internet Explorer was used to hack Google the German Government warned against using Internet Explorer. Now France has issued a similar warning.

INTERNET EXPLORER SCARE
Internet Explorer is the web browsing software used by many to access the internet. If you use this browser, the current flaw allows exploiting hackers to access files on your computer, to log keystrokes made, and to redirect you to specific websites. However, the advice from AGUK is not to panic but be cautious. 

To take any such advantage of a compromised system, a hacker must get you to either visit a specific website, or install a browser add-on. Depending on your security settings, this add-on (unlike software browser add-ons known as ActiveX controls) can be installed without you knowing. It is also undetected by current anti-virus software.

AGUK’s Security Action Plan
If you do not know which type of browser you are using click here and visit our browser test page. If you are using Internet Explorer there are steps you can take to reduce the risk of falling victim to Internet Explorer’s browsing weakness.

(1) Alternative Browser
You could install and use an alternative web browser. AGUK recommends Google Chrome. This lightweight browser is faster than Internet Explorer and is growing in popularity. This would not necessitate the removal of Internet Explorer.

(2) Run Internet Explorer in Safe Mode with add-ons disabled
It is possible to run Internet Explorer with all add-ons disabled. This will help prevent your browser being susceptible to this latest attack. The simplest way to do this is by creating a shortcut on your desktop. Here’s how:

Close down all open programs and on your desktop right click on your mouse and select: [New > Shortcut]. Then in the box labelled "Type the location of the item” paste the following text exactly, including the quotes:

“%ProgramFiles%\Internet Explorer\iexplore.exe” –extoff

After you have done that click [Next] and then [Finish]. A new shortcut will now be on your desktop called iexplore.exe. When you use this shortcut you will see that Internet Explorer is launched with all add-ons and ActiveX controls disabled.  In this mode it is possible some websites will not display correctly, but this is the sacrifice you must pay until the security hole is closed by Microsoft.

(3) Enable High Security level in Internet Explorer
It is recommended you follow this process in conjunction with option 2 above.

Windows XP Users: Click Start > Run and type inetcpl.cpl then press Enter.

Windows Vista and Windows 7 Users: Click Start and in the search box type inetcpl.cpl then press Enter.

You should now see the Internet Properties window. Click on the Security tab, select Internet from the zones and then move the slider to High as per the image below. Make sure you click OK once you have changed these settings.

If you have any questions or concerns about this issue please let us know in the comments.

 

Is Your Laptop Secure?

Laptop-secure

After focusing last month on the importance of mobile phone security, I received a number of emails asking about securing laptop computers. By 2011, according to market intelligence firm IDC, laptops will represent 66% of corporate purchases, with 71% of consumers opting for a notebook instead of a tower PC. In response to those who contacted me, and for anyone considering buying a laptop, here are my safekeeping recommendations.

LAPTOP SECURITY
Many office workers who have to be mobile are opting to replace their desktop system with a laptop. An average laptop has an impressive hard-drive capacity and can store a huge amount of sensitive and important data. Laptop security is, therefore, crucial.  The following tips on keeping laptops safe and secure apply to those with Windows-based software.

Encrypt Your Laptop
Entering a password to access or log into a laptop does not mean its data is safe.  Far from it.  The initial log-in can easily be circumvented, or the drive removed and accessed via a different device.   My suggestion is to use a program called TrueCrypt which creates and runs hidden system-wide encryption. It is easy to use, and free for commercial use.

Anti Virus Software
Maintaining up-to-date Anti Virus software on your laptop is vital so I recommend installing the following two programs: 
  1. NOD32. This is a low cost business-strength security product providing integrated, real-time protection against spyware, adware, viruses, worms, trojans, phishing, hackers, etc. 
  2. Windows Defender if you are using Windows XP. Windows Defender is compatible with all MicroSoft certified Anti Virus software including NOD32. Anyone using Vista and Windows 7 will already have Windows Defender. 
Back-up Your Data
Laptops are light and portable and easier to lose than PCs so backing up your data should be instinctive. New laptop users should consider online systems such as HumYowhich, once installed, automatically backs up your data securely and safely while you work.

Using Wi-Fi Safely
Be cautious when connecting to public Wi-Fi hotspots. Some access points may be set up maliciously in order to collect data as you surf the internet. To avoid such risks, connect only to access points you recognize. You should also enable your laptop’s built-in Windows Firewall.
 

Further Action
Devise your own laptop security best practice routine by checking for updates regularly. Protect your laptop when on the move in an easily identifiable case. When not in use, store it in the same place away from any temperature extremes and electrical fields. Last but least, don’t forget to insure it.

Mobile Phone Data Security

Media_httpwwwbusinessmobilephonenetblogwpcontentuploads200907firstmobilephonejpg_gvajwwdawddfxce

Mobile phones make life very easy on the one hand, and very difficult on the other. Here's why.

A study by TAXI, the magazine for the Licensed Taxi Drivers Association, revealed that during a six-month period a staggering 63,135 mobile phones were mistakenly left in London cabs.  If they contained customer data and information that was not secure, then their owners could find themselves in breach of the Data Protection Act.

MOBILE PHONE DATA SECURITY

Mobile phones are common tools of the trade now for many businesses. However, in recent years these devices have become much more sophisticated. Many have the capacity to store over one million emails, as well as contact details of an entire customer base and other sensitive information, such as word documents and spreadsheets.

Awareness
Think how important the data on your mobile phone is.  Be aware, too, that if your employees are equipped with a company mobile phone, they must similarly be conscious of the importance of any stored information and contact details.  We strongly recommend that you look at your own mobile device security strategy, and that of your company. 

Precautions
As a first step you should note down your mobile device’s IMEI (International Mobile Equipment Identity) number. This is often found underneath the battery and your mobile provider will require it when you report the loss or theft of your mobile.  This should be a mandatory safety measure for all staff with company mobiles.

Seven Steps to Take
Here are some of the other things you should consider in formulating your mobile security strategy:
  • Enable the “Automatic Lock” function on your device, and set the lock period to the minimum time
  • Enable the “Require Pin” function or, if the option is available, the lock device on SIM card removal 
  • If you use memory cards, enable the “Encrypt External Storage” option if supported by your device
  • Only store essential names, numbers and documents on your mobile phone
  • Check with your mobile provider if your device supports “Remote Wipe”, and know how to implement this
  • Keep your mobile provider’s number handy as they can disable your phone when you give them your IMEI 
  • Be prepared to notify the Information Commissioner and your customers if a mobile device with customer data is lost/stolen
Further Action
There may be other things specific to your business that you need to think about, and you may need to create a workplace policy to ensure all staff are aware of the implications of storing data on mobile devices.