Your Online Safety is Important – Stop, Think, Connect (COMM011 Post #5)

Online_SafetyI know that most of my blogs have some kind of cyber, security or even legal aspect to them.  But as the saying goes…write about what you know.  October was cyber security month.  So I’m taking the liberty of stretching this into November.  Let me share with you some very good reasons for ensuring that you secure your social media accounts, and more importantly your WiFi internet access.

I’m not going to focus so much on discussing the dos and don’ts of what you post, such as personal information or family photos, but rather tips on how to help you be safe and secure online.  So lets start with a focus on securing your home network.  This will help protect you’re entire family.  So many of devices – laptops, gaming consoles, smartphones, computers, even TVs – now access your wireless network.

A fundamental first step is to ensure that all your Internet-enabled devices have up-to-date antivirus programs and that the auto update feature is turned on.  Be sure to regularly patch and update your operating system and your web browsers as well.secure_network

Your home wireless network includes a router.  If the security settings and a strong password are not set on your router, your home network is vulnerable.  This could potentially expose your personal information or even allow others to use your Internet service for free, potentially using your network to commit cybercrimes.  And if you think I’m fear mongering, think again.   Check out this headline from a very recent article in The Coastguard, a Shelburne, Nova Scotia newspaper!

RCMP charge Shelburne County man with child pornography offences

Greg Bennett
Published on September 10, 2014
A Shelburne County man, accused of using unsecured WiFi networks to obtain child pornography, has been arrested and charged by RCMP.
Check out the full story here.

I also recall a story of a similar incident that occurred in Orleans a few years ago.  The police raided a house in Orleans for a similar crime only to find out that the criminal had been ‘wardriving’ – using that resident’s open WiFi access from his car – to commit a crime.  Not too hard to imagine how afraid the Orleans’ family was when the police raided their home!  I imaging their WiFi is secured now.

 The National Cyber Security Alliance provides some very helpful information.

Here are ways to secure your wireless router:

  • Change the name of your router: The default ID – called a service set identifier” (SSID) or “extended service set identifier” (ESSID ) – is assigned by the manufacturer. Change your router to a name that is unique to you and won’t be easily guessed by others.
  • Change the pre-set password on your router: When creating a new password, make sure it is long and strong, using a mix of numbers, letters and symbols.
  • Review security options: When choosing your router’s level of security, opt for WPA2, if available, or WPA. They are more secure than the WEP option.
  • Create a guest password: Some routers allow for guests to use the network via a separate password.  If you have many visitors to your home, it’s a good idea to set up a guest network.
  • Use a firewall: Firewalls help keep hackers from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for attempts to access your system and blocking communications with sources you don’t permit. Your operating system and/or security software likely comes with a pre-installed firewall, but make sure you turn on these features.

Protect Yourself with these STOP. THINK. CONNECT. Tips:

  • Keep a clean machine: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
  • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
  • Protect all devices that connect to the Internet: Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware.
  • Plug & scan: “USBs” and other external devices can be infected by viruses and malware. Use your security software to scan them.
  • Protect your $$: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.
  • Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.
keep-calm-and-make-your-password-strongAnother very important aspect to being safe and secure online is to create strong passwords for all your social media accounts and enable the privacy settings for each.  This will help reduce the probability of your accounts being hacked, but if they are there are some things that you can do to regain control.  Are there are posts you’ve never made to your Twitter account? Is your family and friends getting emails from you that you never sent? Do you suspect that maybe you have been infected by a virus?  There are somethings that you can do according to the NCSA.

If you believe an account has been compromised, take the following steps:

  • Notify all of your contacts that they may receive spam messages  that appear to come from your account.  Tell your contacts they shouldn’t open messages or click on any links from your account and warn them about the potential for malware.
  • If you  believe your computer is infected, be sure your security software is up to date and scan your system for malware. You can also use other scanners and removal tools.
  • Change passwords to all accounts that have been compromised and other key accounts ASAP. Remember, passwords should be long and strong and use a mix of upper and lowercase letters, and numbers and symbols. You should have a unique password for each account.  If you cannot access your account because a password has been changed, contact the web service immediately and follow any steps they have for recovering an account.

Protect Yourself with these STOP. THINK. CONNECT. Tips:

  • Keep a clean machine: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
  • Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
  • Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals
  • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.

There really is very little excuse for not taking steps to protect yourself.  So much information is available to help you with the technical aspects of security, with tips on best practices to employ and general information on the dangers that lurk.  The NSCA is only one such site.  The Canadian government has a ton of information available at Get Cyber Safe.  Here are a list of the available resources.  So no more excuses!

Protect Your Identity

Learn everything you need to know to protect your identity online – and what you have to lose if it’s ever compromised.

Protect Your Money

The convenience of banking and shopping online could come at a price. Find out what you need to know to make sure your money is protected.

So what has been your experience?  Hacked? Infected? Friends asking you about emails you didn’t know you sent?  What are you waiting for?  Get safe.

Advertisements

Word of Mouth – The power of testimonials (COM0011, post #4)

There is no doubt that this a hot topic right now with the recent Marketplace expose. Fake reviews and testominials are nothing new however. To drive that point home, legislation in many countries has been around for more than two decades on this topic and likely longer in some fashion or an other . Generally speaking, false and misleading advertising has been contemplated by the legislators. And if we agree that legislation is generally slow to address the issues in the marketplace, the problem of fake testominials has been around even longer.Legislation

The Marketplace investigation, “Faking It,” aired on November 7, 2014 on CBC. And on its site at CBC.ca on November 6th to promote the coming show, they posted an article entitled “Fake Online Reviews: 4 ways companies can deceive you“.  The 4 ways referred to are more about ‘where’ fake testominials are posted than ‘how’. Nonetheless, the effect is the same. People are deceived. CBC cites some interesting research that has been conducted by universities and Think Tanks. I suspect any savvy online consumer is aware that online reviews should be read with a critical eye and that some websites are perhaps more credible than others. But I was surprised by the findings of a research paper published by the Harvard Business School in 2011.  Yelp Harvard StudyIn their research they were able to quantify a significant motive for companies to enlist review writers or purchase fake reviews. Their research notes that an increase of a one-star rating on the review site Yelp translates to a five to nine per cent increase in revenue for independent restaurants. Yikes! No doubt some businesses are willing take the risk, of not only alienating the consumer if their online behaviour is exposed, but risk the potential for legislative repercussions.

Fake YouTube views are apparently easy to purchase if you know where to look. According to the article, “Marketplace found it was easy to buy them, and inexpensive; the show bought 10,000 video views from a company for its video promoting its fake business. The cost? Thirty dollars.” Increasing their Twitter following also seems to purport some form of credibility. Of course this phenomenon of following the heard is nothing new. Consumers are all too often swayed by what’s popular, what’s trending and what the Jones’ have or are doing. Marketers leverage this phenomenon to their advantage. Some interesting statements made in the article support this concept.

“Last year, Italian security researchers Andrea Stroppa and Carlo De Micheli researched fake Twitter followers. They estimated that four per cent — or 20 million — of Twitter accounts were fake.”

“Research by internet security analysts at Barracuda Labs found that as of the end of 2013, there were 52 sellers on eBay selling fake Twitter followers, a number that more than doubled in roughly six months.”

“Facebook is another platform popular for posers. The company estimates that as many as 1.2 per cent of accounts are fake, but with 1.2 billion active monthly users, that number represents as many as 14 million fake accounts”

Gaining an edge in the social media realm is not easy. Even the so called big guys employ these tactics. Twitter, YouTube, Facebook and other such sites are fighting back. “In December 2012, YouTube stripped almost two billion fake views from music videos from major labels including Universal, Sony/BMG and RCA.” These sites and others who worry about reputational damage, and potential legislative repercussions, recognize that they must play a role in vetting the reviews, likes, profiles, etc on their platform. Site credibility is hard earned and trust is doubly hard to earned if your credibility is damaged. There is always another site ready to move into the space that they occupy.

Let’s consider for a moment the repercussions if a business’ behaviour attracts the attention of law enforcement. In Canada the Competition Bureau regulates false and misleading behaviours in advertising, and this includes online behaviours. They have recognized that there is an unfortunate current trend to post fake reviews and testimonials. The Competition Bureau refers to this as ‘astroturfing‘. They recently issued a news release to make consumers aware of this and read them with a decerning eye. The administrative monetary penalties can be very significant and if the Competition Bureau deems the behaviour fraudulent, they have the authority to lay criminal charges. So businesses needs to clearly understand there are real risks In buying fake reviews.

Canada is not the only country with similar legislation. The United States of America has similar legislation which is enforced by the Federal Trade Commission. Australia, the United Kingdom and many other countries have similar legislation and regulatory authorities that actively enforce in this space. Not only should the old adage of ‘buyer beware’ apply, but ‘business beware’ should also be heeded.

Canadian Authorities Links:image

Competition Bureau: Consummer announcement on ‘astroturfing’ http://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/03782.html

General Fraud awareness page at CB http://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/h_00122.html

False and Misleading sections of the Competition Act – http://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/00527.html

Other Country Links:

Australia: https://www.accc.gov.au/business/advertising-promoting-your-business/managing-online-reviews

United States: http://www.ftc.gov/news-events/press-releases/2009/10/ftc-publishes-final-guides-governing-endorsements-testimonials

Helpful Links:

Harvard Business Research report of 2011:  http://people.hbs.edu/mluca/Papers%20on%20RIS/FakeItTillYouMakeIt.pdf

Gartner report “The Consequences of Fake Fans, ‘Likes’ and Reviews on Social Networks”: http://www.gartner.com/resId=2091515.

Exercise and transitioning to colder weather. What’s your secret? (Com0011 Post#3)

I have always considered myself an active person.  Not necessarily the most fit, but I enjoy an active lifestyle.  Over the years, I’ve transitioned through many different sports.  Skiing, snowshoeing, motocross riding, baseball, golfing, half-marathoning, hot yoga and the always constant hockey – summer and winter.   But I’ve always had motivation issues when it came to exercise for the sake of exercise.  My sport had to be fun and usually team oriented.  And I’m not ashamed to say that I’m a fair weather sportsperson.  You won’t catch me skiing in -30C, or golfing in the rain.  So I’m now faced with a dilemma.  How to transition to some new exercise for the eminent colder weather.

A little more than a year ago, I moved to the deep west end of the city.  It wasn’t my first choice, but love works in mysterious ways and I ended up, once again, with an hour (sometimes longer, ugh!) commute to the office.  Years earlier, I had sold my house in the deep east end of the city to move central in order to shorten my commute.  My new domicile meant I could take advantage of the eastern parkway and reduce my commute to 15-20 minutes each way.  Even on my bike, I was in the office within 22 minutes!

After a winter of driving in frustrating traffic, sometimes late for work, I knew that I needed to make a change.  In the spring, I mustered up my courage, deciding I needed to start biking in to the office again.  My motivation went beyond the ugly commute. A lot changed for me when I moved west, more specifically my routine.  As a single person, I ate what and when I wanted.   Cereal was my friend!   I had an exercise schedule that didn’t require being mindful of other people’s schedule.  The short commute meant more personal time that I could dedicate as I chose.  Now my work days were longer, leaving around 7:30am and not getting home til after 7:00pm.  Where in that schedule could I carve out time for exercise? I’m not a morning person, so getting up at 5:00am is unlikely.   My job doesn’t really lend itself to regular lunch time exercise.  Its more like, ‘Lunch time?  What’s that?’   Also, being part of a ready made family now meant negotiating time among everyone’s schedule.  Coming and going to evening exercise classes, yoga, etc. as I pleased was no longer on the table.

Championship Photo

I’ve been playing hockey for more than 40 years. (Yikes!  Did I just age myself?)  So playing hockey  a couple of nights a week is none negotiable.  Other than that, my schedule changed drastically.  Add to that, regular family dinners (no more cereal for dinner) meant the pounds slowly crept on.  Having a hot new husband who regularly trains  for triathlons is also a serious motivation!

Perth Tri

So in the spring, with a new bike and a renewed motivation, I started a routine of driving to Andrew Hayden park and cycling into Hull from there.  The 45 minute ride each way worked well, because it fit into my daily routine, almost within the same time frame.  It was also a great de-stressor after a long day.  But now, as the colder weather is nearing, I’m faced with what to transition to that I can incorporate into my new family’s routine.  The thought of very early morning weight lifting sessions with my husband brings on a groan.  What do I value more?  Sleep or admiring a fine physique?  I guess we’ll see what wins out in the very near future.

How do you cope with transitioning from warm to colder weather exercise?

E-Messaging: What to do and what NOT to do! (COMM0011 Post #2)

Of course we all want to make the best use of social media to promote our business or online presence.  I recently came across a site offering to ‘pull in email addresses’ to help provide insight to the users’ social media presence.  The site purported to provide deep metrics, sites on which the user was registered to, etc.  That site has since been acquired and morphed into providing altogether different services.  I have no doubt that a simple Google search will identify many other sites offering email lists for sale and e-commerce marketing strategies.  This got me thinking that I should share some information about Canada’s new anti-spam legislation also known as CASL. CASL applies to anyone sending e-commerce messaging to or from Canada.  So be sure to build a CASL compliant strategy into your e-marketing plans.

This new piece of legislation covers far more than electronic commerce messaging.  It deals with the dissemination of malware, botnets, phishing, spyware, etc.  But for the purpose of this article, I want to focus on providing accurate information around e-commerce messaging.   There is a wealth of sites out there providing material and information on CASL.  Some of it is very helpful, but there is still a lot of misinformation out there.  Many authors are still grappling with the interpretation of the law.  So when doing your research, I strongly suggest that you include among your resources, the authoritative sites on the subject matter.  In this case, it would be Canadian government and regulator sites.  The main government site that provides guidance to consumers and small-medium enterprises is Industry Canada’s Fight Spam site.  There are three regulators that are mandated under CASL.  The Canadian Radio-television and Telecommunications Commission, the Office of the Privacy Commissioner and the Competition Bureau.  Be sure to check these out.

CRTC-logo-300x248.jpg         http://reasoningconspiracy.files.wordpress.com/2013/08/cotarms_with_name_english.jpg      cb_logo2

In this article, I want to focus on providing specific information on how to stay onside with the legislation in Canada when acquiring and sending an e-commerce message to your list of potential customers either via emails, SMS or social media sites.  CASL is an ‘opt-in’ regime, which in essence means you must have consent before contacting someone with your e-commerce message.  This area falls mainly to the CRTC and there is plenty of information to round out what I will provide here.

Lets look at what falls under ‘what to do‘ to contact an individual.  You must either have consent, be it express or implied, or you must acquire it before contacting someone at their electronic address.  The CRTC has taken the policy position that if you already had ‘express’ consent prior to CASL coming into force on July 1 2014, it will be continue to be valid allowing you to  contact your list of recipients.  Keep in mind though that you will be required to prove that you have their express consent should the recipient complain about receiving spam.  So if you don’t already have express consent, how do you acquire it?  email-logoWell, the law says that you can’t acquire it by sending them a commercial electronic message, eg email or an SMS.  You must acquire it via your website, your social media campaigns, at trade shows, etc.  Any other way, but by sending them an e-message.  Again, lots of information available at the CRTC site.

Now if you’ve already done business or have a relationship with someone, you have ‘implied’ consent and can continue to contact your customer for two years following the last transaction or from the end of the contract, such as gym membership.  The law is not meant to stifle business but to reduce the amount of spam people receive.  Again, the onus is on the sender to prove they have such consent. In either case, you must allow the recipient the opportunity to unsubscribe from receiving any further e-commerce messaging from you.

Let’s look at ‘what NOT to do‘.  So you now know that you need prior consent.  So the concept of ‘pulling in emails’ is one that needs to be carefully considered.  If you want to buy a list of CASL compliant email adddresses, you need to ensure that the express consent acquired was done properly.  Scrapping sites for email addresses in an automated fashion, also knows as address harvesting, is not permitted under CASL.  So be wary of sites that sell you on that concept.  A quick search shows you just how to that.  This YouTube site is the perfect example of what not to do.

 Sites like this one should not be considered as part your overall strategy.  It stated quite openly that “In this tutorial, I am going to teach you how to harvest email addresses using msfconsole in BackTrack 5. Email harvesting is the process of collecting and storing large quantities of email addresses. The email lists that are generated are typically used in mass mailer attacks and phishing attacks.” For more information on address harvesting rules under CASL, check out the OPC site.

Beware and forewarned….the penalties for running afoul of the law are significant!!  If you are found in violation, the administrative monetary penalties can be as high as $1 million dollars per violation for an individual and up to $10 million dollars per violation for a business.

Cyber Crime – What’s trending for social media

This past week, I had to provide some opening remarks regarding what we, as law enforcement, can expect will trend in Internet threats in the coming years.  Social media as a threat vector is high on that list.  Criminals are certainly making very innovative use of social media to conduct their fraudulent activities.  Interestingly enough, what works for the criminals also works for law enforcement.

Natural disasters and horrific world events are like racing flags that signals the criminals to create fraudulent websites looking to prey on the emotions of good citizens separating them from their charitable dollars.  One article at CSO Online noted that more than 125 domain names were registered within the initial few hours after the Boston marathon bombings.  Conversely, as the tragedy unfolded, government and law enforcement used social media to disseminate information to the public and solicit their help. Social media sites are also used to gain information on criminals.  By scouring sites, using profiling techniques or covert infiltration, law enforcement officers are able to learn about criminals.

We are all too well aware of phishing attacks which attempts to steal our personal information and ultimately our money, usually sent via email.  Spear phishing, which targets specific data or identities, is on the rise.  This year, Facebook fell prey to what is known as a watering hole attack.  A very precise Facebook page was infected to successfully attract specific targets redirecting them to malware infected sites.  The traditional means of disseminating malware via email has graduated.
Our world is changing at a rapid rate.  Criminals will always leverage the weakest link.  And that unfortunately is the individual user.  Greed, ignorance or social engineering make them a prime target and easy prey. There are however a few things we can do to protect ourselves.  Be careful how much personal information we share.  Use strong passwords that are changed often.  Don’t use the same password across different platforms. Make sure that anti-viruses are used and up-to-date. Download only from trusted sites.  And finally, be sure to ‘friend’ only real friends.
security-password-100314299-primary.idge

 If you’ve used any of these passwords http://www.networkworld.com/article/2226175/microsoft-subnet/top-25-most-commonly-used-and-worst-passwords-of-2013.html, stop what you’re doing and change it now! 
https://www.europol.europa.eu/sites/default/files/ec3-icspa.jpg

Interested in what other threats are on the horizon, check out this white paper authored by Europol, Trend Micro and the International Cyber Security Alliance.  Have you heard of ‘human malware’?  No. Then read on.  https://www.europol.europa.eu/sites/default/files/publications/2020_white_paper.pdf