Tips for Buying Safe Connected Devices This Cyber Monday


Keeping up with news alerts about cybersecurity flaws in consumer electronics is a lot like picking up spilled jelly beans one at a time with a plumber’s wrench. Even if you figure out how to do it and have endless patience, a few will skitter out of sight.

Assume for the moment that, unlike most people, you think a lot about cybersecurity and you do your homework before buying a connected device. (I know. This is a truly ridiculous proposition. But let’s just say it’s the case.)

As you prepare for Cyber Monday, make cybersecurity part of the purchase process. What does your thinking about cybersecurity look like? What form does it take? Perhaps you like to use a search engine to see if there have been any obvious problems associated with the product, service, or device you’re considering. And by problems, I mean specifically cybersecurity and privacy issues.

This simple action can save you from a time-consuming hassle later. Security lapses abound. It’s your job to know about them.

Your Role in Cybersecurity

If you think this sort of research is too hard, relax. It’s easy. A simple search using the name of the item in question as well as terms like “compromise,” “privacy,” and “breach” is a good place to start.

For example, maybe you’re thinking about giving someone a credit monitoring gift that protects them from fraud. You might do the following searches:

  • “Equifax hacked”—About 901,000 results (0.58 seconds)
  • “Experian hacked”—About 128,000 results (0.63 seconds)
  • “TransUnion hacked”—About 62,800 results (0.37 seconds)

Now, bear in mind, many of the search hits on Experian and TransUnion (both of which offer sophisticated monitoring programs) come by way of obligatory mentions in the coverage of the Equifax compromise.

You’re Still Not Safe

Let’s say you get a connected cam to monitor an aging parent. There are some basics to consider. You’ve got to assume, for example, that Mom may not want to be the star of a Russian reality TV show called something along the lines of “Stupid Americans I Have Hacked.” But you also have to assume it could happen.

If you did your homework right, you know there’s been a problem with many plug-and-play webcams involving the use of manufacturer default passwords.

Checking for known security issues or a history of poor security is important, but there is still more work to be done before Cyber Monday to make sure you’re not giving someone a gift that robs them blind, opens them up to public ridicule, or simply embarrasses them.

The Most Important Question

That camera with seemingly perfect security you got your mom could become a live feed to her own version of The Truman Show for an avoidable reason: the cam wasn’t patchable. This means that when a security flaw is discovered, there is no way to protect the cam because it cannot receive security patches.

You’ve read privacy policies online and have made sure the product you’re thinking about doesn’t get significant revenue by selling data collected from this or that smart device, but the item also needs to be patchable.

Many companies do a very good job. Contrary to the folklore about planned obsolescence at Apple, the company is excellent at supporting older devices and operating systems, and it is a top player when it comes to security patches.

Let’s focus on gadgets. If the connected device you’re considering is not properly maintained after the launch of later generations of that product or a related service, keep looking for a device that does.

And ask, Is this connected device patchable?

This Cyber Monday, the only way to find those errant jelly beans mentioned above is to do the requisite research.

While nobody has the time to read every news item about product security, with the holiday shopping season upon us, it’s imperative to think about cybersecurity basics.

Data breaches and other compromises are the third certainty in life, right behind death and taxes. The simplest way to avoid falling prey to products and services that offer shabby or nonexistent cybersecurity? Don’t buy them.

If you fear your information has been compromised through an unsecure device, review your credit report for any suspicious activity. You can get your credit report for free through

Image: istock

The post Tips for Buying Safe Connected Devices This Cyber Monday appeared first on

Are Your Connected Devices Safe?


The number of Internet of Things (IoT) devices in use is forecasted to hit 8.4 billion this year. That’s more than the human population on planet Earth. And with successful attacks like Mirai (which was the malware used in the 2016 Dyn cyberattack) already a part of the IoT story, there’s plenty to worry about.

It’s crucial we give this latest market exuberance a brief time-out. Unfortunately, the chances of that happening are fairly unlikely. So, what to do between now and the next zero-day exploit?

I’m specifically recommending a cyber “time-out,” and not a “breather” or any other term signifying a pause or cessation of activity. IoT technology is in its infancy and growing faster than projected. And it’s flawed.

Connected devices have not been around very long, and yet they’ve already managed to cause no end of trouble—whether we’re talking about hijacked baby monitors, IP cameras, or exercise trackers that broadcast granular details about your sex life to anyone who might be curious about it.

We need a time-out to think through and implement best security practices for the IoT market.

Are Connected Devices a Cyber Catastrophe Waiting to Happen?

With total spending on IoT or connected devices pegged to hit $2 trillion this year, the market is undergoing a period of staggering growth.

IoT is increasingly present in daily life. It can be found in kitchen appliances, cars, health care equipment, toys, exercise gear, and peripherals like watches and monitors. It’s in security systems and many of the creature comforts populating our homes.

On all fronts, the upside is impressive. Consumers get to shop for a whole new universe of things they never knew they wanted, and manufacturers are increasing their revenues. In case you don’t have the figures handy, the revenue target for 2017 represents 31% growth over the previous year.

Sounds great, right? But while everyone benefits from the hunger for next-generation, hyper-connected everything, consumers may lose sight of the security pitfalls associated with them. At the risk of being a killjoy, I believe it doesn’t just seem reasonable, but absolutely essential, to assume many new devices currently hitting the IoT market aren’t cybersecure.

So, while the boom in connected devices looks like a win for everyone, it’s not. When consumers connect new devices to the Internet, their attackable surface expands. Data is being moved around. New doors are opened.

Even the most cursory look backward reveals the likelihood of future attacks.

New Products, Better Prospects?

Nest is a popular smart home player in the IoT sector. The company just released some new devices, including home security cameras, which made me wonder about the lessons learned from recent zero-day fails.

In the Persai/Mirai catastrophe, IP cameras and routers were hijacked and roped into a botnet that hackers used to launch a massive distributed denial of service (DDoS) attack against Dyn, which routed traffic for major websites. The sites affected by the attack included The New York Times, HBO, PlayStation, Etsy, Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, and PayPal.

The Dyn attack was the direct result of rushing connected devices to market. IoT devices were sold to consumers with default passwords that many people never bothered to change (some don’t permit passwords to be changed), security taking a backseat in the race to the marketplace. While there was little to no issue with the affected devices on the consumer end, the hackers were able to use all those points of contact to launch the crippling attack on Dyn. And yes, that attack affected everyone. A back-of-the-napkin estimate on total cost is in the billions, not millions, of dollars.

In addition to Nest, I reached out to other IoT device manufacturers this week to hear what they’re doing to protect consumers in the wake of the Dyn attack and the mad rush to cash in on the robust market for connected devices. Of the 10 companies I contacted, only three got back to me.

Both Nest and Vivint (a leader in smart devices with excellent security) responded with answers that were music to my cyber-paranoid ears, though I’ll spare you the details. The same was not true of the third response, which came from a Honeywell representative: “I’d need quite a bit more time to fact check answers through our various businesses given the breadth of your questions.”

My questions:

There have been many instances of cams with factory-default passwords getting hacked—do new [Honeywell] cam products require the end user to create a secure password before they will function? Do they allow the consumer to create a password? What security measures were designed into the product?

What measures have been taken to protect other smart home products from hackers?

These questions are elementary. One has to suspect the reason so many companies failed to reply is that they don’t have great security built into the design of their products.

The takeaway here is simple, but important. When you are shopping for a connected device, security should be the first thing you ask about—even before checking out proffered features. The future is as safe as you make it.

Image: istock

The post Are Your Connected Devices Safe? appeared first on

Now’s the Time to Talk Online Security With Your Children

Whether you’re a helicopter parent or more laissez-faire, we have some words of wisdom to offer.

Summer’s here and the time is right for getting hacked or worse, having the contents of your computer held hostage by ransomware. For a couple of carefree and extreme data-consuming months, kids everywhere will be doing whatever they want online even if you’ve tried to control them.

In other words, be very afraid.

Only you know if it is time to have “the talk” with your child about online security. But before you sheepishly clear your throat in their doorway, have you had the talk with yourself?

No amount of whistling in the dark will keep you safe from the crazed clicking of an unthinking child. It’s crucial to remember that safe online habits aren’t an innate skill; they need to be taught. That said, there are many parenting styles when it comes to all things online. Some parents choose to be hands-off about it, and if that’s working for you, more power to you.

Actually, I take that back. There are countless pitfalls, pratfalls and worse awaiting your child — and with that your entire family — as well as anyone else unlucky enough to be connected to your home network.

Whether you’re a helicopter parent or more laissez-faire, we have some words of wisdom to offer. Here are four subjects to broach when talking online security with your children.

1. Stay Alert

Online security and threats threats are fluid. You can be completely on top of your game one day and get hacked the next because you aren’t prepared. The goal should be to become security-minded. While it helps to know about the most recent exploits and threats, it’s better to get into the mindset of those old Highlights Magazine exercises and think, “What’s wrong with this picture?” The moment you think you’ve got everything under control, you become an easier target. Stay alert. (If you believe you’ve been the victim of identity theft, don’t shrug it off. You can view two of your credit scores for free on

2. Use Better Passwords

Increasingly, people are turning to password managers to keep their accounts safe, since it can be difficult to remember a large number of long and strong passwords. These managers generate random passwords and allow you to manage the process with a single master password. If you are not using a manager, make sure everyone in the house is using sufficiently complex passwords that are unique to the key accounts in your home, and never let your kids use any of your passwords!

3. Monitor Them

No one likes the specter of Big Brother, but your kids aren’t your siblings, they are your wards. While many advocates of internet privacy will say that a child’s travels online should be protected, even from parents, I think of monitoring online behavior in the same way I do a trip to the pediatrician — it’s my duty as a parent to know and protect all of my child’s sensitive personal information.

The same goes for internet history and app usage. You need to know what they’re doing. While bullying, compromising pictures and other activities you may find could make a different conversation necessary, your job is online safety.

4. Establish Ground Rules

The best way to keep your family safe from the wandering clicks of a child is to start teaching a secure mindset right away. Tell them to look for secure HTML, which can be found in the URL of your browser, where you will see a padlock symbol or the letters HTTPS (instead of HTTP) or both.

Have rules about app shopping. Encourage your kid to check with you if they are unsure about a site or an app. Pick an app store that you know won’t carry shady app developers. Teach your kids about phishing scams, how they work and what to do when they think one arrives in their email or messaging apps. But most important, let the subject of online security be an ongoing discussion.

These are some big-picture considerations and a few on-the-ground concerns to help you start thinking about online security. Only you can figure out the best way to tell your child to keep their online travels safe and protect your whole family.

Image: mixetto 

The post Now’s the Time to Talk Online Security With Your Children appeared first on

When to Sell Your Stuff to Make the Most Money

It's time for spring cleaning. Here's how to get top dollar for your unwanted items.

If you’re like most folks, you have a lot of things tucked somewhere in the garage or storage shed that you aren’t using. But the thought of sorting through it all and trying to sell it can sound annoying at best and daunting at worst, especially when you think you won’t get much money for it.

“Nearly half of all Americans have $1,000 worth of unused items sitting around their homes, but the effort of having to spend the afternoon at a consignment store (or manning a garage sale) deters them from cashing in,” said Kelly Stephenson, director of marketing at OfferUp, an online marketplace.

But what if you could virtually guarantee you’ll get top dollar for your junk … ahem … stuff? Just think of what you could do with an extra $1,000. You could take a vacation, pay off your credit card debt, start an emergency fund or pay down your student loan debt.

The folks at OfferUp put together a list of the best times of year to sell different kinds of items, so you can get top dollar for your things. Whether it’s your old weight bench or your classic ’65 Mustang, knowing the right time of year to sell your stuff can make a big difference.

And by all means, avoid the garage sale option. Do you really want people showing up at your house at 7 a.m. to rifle through your things and haggle you down? Unless you enjoy a good barter, make it easy on yourself and use an online selling platform.

“The beauty of buying and selling online is that it simplifies the process,” Stephenson said. Many sites allow users to photograph and post items for sale immediately with their mobile phones.

Keep in mind when buying or selling online that it’s important to use trusted, verified sites and apps that include ID verification, user rating systems and other safety features that keep your credit card and personal identification information safe. (Be sure to check your credit report for errors or anything else fishy. You can get a free credit report snapshot at

Here are the best times of the year to sell your stuff.

January Is Best for Gym Gear

With the surge of New Year’s resolutions about getting fit, many folks look for a good deal on gear to help them do it. The treadmill collecting dust in your garage can earn you the most money in the month of January. Same is true for hand weights, foam rollers, yoga mats and fitness DVDs.

February Is Best for TVs

If you upgraded your TV set over Christmas, get rid of your old one and put some extra cash in your pocket by selling it in February. The Super Bowl is this month, and TV sales tend to soar as many people want to host a party and watch the big game on a good TV.

March Is Best for Yard Gear

April showers may be gearing up to bring May flowers, but those with a green thumb are eager to get started on their gardening no matter what the weather is like. Your extra flower bulbs, shovels, gardening gloves and pots will sell well in the month of March.

April Is Best for Summer Festival Tickets

Coachella marks the beginning of music festival season in April and it continues on through the spring and summer with Outside Lands in California, Bonnaroo in Tennessee, Lollapalooza in Illinois, and Sasquatch in Washington. By April, tickets are already available (and are often already sold out), so if you decided to buy a ticket and have since changed your mind about attending, April is the best time to get cash back and maybe even earn a profit if demand is high.

May Is Best for Sports Cars & Convertibles

If your mid-life crisis sports car is gathering dust in the garage, or your family’s move from L.A. to Seattle means the convertible is no longer going to be in the regular driving rotation, data show that springtime is your best time for selling them.

June Is Best for Kids Toys

With summer break around the corner for most schools, June is a great time to cash in on unused toys lying around your home. Put any soccer balls, bikes your kids grew out of and puzzles or board games they’re sick of up for sale this month.

July Is Best for Baby Gear

More babies are born in July and August than any other months of the year, according to Centers for Disease Control and Prevention data. For families with old cribs and newborn baby gear packed away in the garage, a great time to sell them to get the most bang for the buck is in in the summer.

August Is Best for Back-to-School Items

Backpacks, lunch boxes and any unused school supplies left over from past school years can earn you some cash in August. Art supplies can also sell well because teachers are always looking to save cash stocking up on supplies for their classrooms.

September Is Best for Furniture

Many people, especially those with kids, tend to move during the summer months. The weather is better, the kids are out of school, the housing market is bursting with more options. By September, folks are moved and settling in, looking to fill their new space with the furniture they need. Take advantage by selling that old sofa during this month.

October Is Best for Children’s Snow Gear

No parent wants to take the gamble in April that the snow boots they’re buying for their kid are going to fit come December. If your kids have grown out of their old boots, jackets, pants, gloves and hats, sell them in October to ensure you’ll get solid offers from buyers.

November Is Best for Holiday Decor

If you have boxes of holiday decorations you know you won’t be using this year, dig them out of the garage and sell them for cash in November. Folks already gearing up for the upcoming visits from family will be interested in finding new ways to deck their halls.

December Is Best for Jewelry

The holidays not only spark a surge in the purchase of engagement rings and other sparkly gifts for significant others, but also a peak in breakups. So, if you’ve been dumped in the past year, or just want to sell some unwanted jewelry, now’s the time to sell it on a site like I Do, Now I Don’t, and get some extra holiday cash.

Now get out there and sell!

Image: bowdenimages

The post When to Sell Your Stuff to Make the Most Money appeared first on

The Job Scam That Even You Could Fall For


This might be the most sophisticated job scam I’ve ever seen. Thanks to a near-victim, you’ll get a rare chance to see a real pro almost pull off a nearly perfect digital caper.

You do things when you are job hunting that you wouldn’t normally do. You meet strangers. You share a lot of personal information with the world, on resumes and through job sites. You’re vulnerable. And most critically: You generally need money. It’s a scammer’s dream, and that’s why job-hunting scams are so persistent and prevalent.

Every chance I get, I try to explain that “smart” folks fall for scams all the time — and those at greatest risk are those who think they are too clever for criminals. This is one of those stories.

Josh Belzman is not just a tech savvy worker; he’s spent the better part of the last decade as a social media professional in Seattle. He’s been working in and around the internet’s cesspools for years.

Still, he recently went halfway down the aisle with a criminal offering the false hope of an exciting job in social media. Like all victims and near victims, he couldn’t stop blaming himself as he described the sequence to me— but I can see exactly why Josh danced with the devil.

Josh, 39, is job hunting, and he received an email from a woman named Morgan who said she worked for a big law firm and needed contract social media work for $39-$45 an hour. That kind of short-term gig is exactly what people like Josh need while they look for their next career step.

“I probably should have trusted my spidey sense and not engaged at all but you know how it goes when looking for work— your guard and confidence can drop,” he said.

Morgan asked for a Google hangout chat as a first step. Josh did his due diligence, and Googled her. Up came a LinkedIn profile that checked out. She had a long professional history in the Seattle area, including alleged stints as a ski instructor at nearby Snoqualmie Summit. It said she had worked at various law firms dating back to 2009. The firm (I won’t mention it) was real. So he jumped online, ready to answer her questions and ask a few.

Generally, con artists betray themselves during real-time interactions. They speak poor English, they show obvious lack of subject matter knowledge, and there are awkward delays. Morgan exhibited none of those. In fact, her questions for Josh were spot on. Here’s a partial list I pulled from a transcript of their chat.

“Could you give us an example of a limitation on a social platform that you have experienced? How did you overcome this?”

“Have you ever had to handle a Social Media crisis? If so, could you provide an example and how would you describe your work ethics?”

“How would you allocate our Social Media advertising budget and How do you evaluate new social platforms? How do you stay on top of the latest updates and innovations in Social Media?”

“Do you have your own blog? Do you currently write content for various Social Media platforms and why should we hire you?”

Josh answered each one deliberately. After each response, she replied, “good,” “very good,” and eventually “great.” All what you’d expect, or even hope for, during an interview.

Reading through the full transcript, you can see in retrospect that all these questions could have been cut and pasted from a script. In fact, I suspect the criminals somehow lifted them from an actual interview involving a social media position— perhaps they’d applied for a job themselves earlier just to understand what “marks” would expect.

Only once was there something more that might have tipped off Josh. When he, smartly, tried to interrupt and ask his own questions, Morgan’s reaction was a bit off.

Josh: Mind if I ask a few questions about the role?

Morgan: Sure when we done with this process so you can get all the details you need to know.

But that’s it. The rest of the interview went as you might expect. LinkedIn page and all. Until …

Morgan: How soon can you begin work if luckily chosen for the position, do you need any our Company benefits and what means of Payment would you prefer; Check Or Direct Deposit?

Morgan: What bank are you with for Direct deposit/Check so we can see if it tallies with our preferred banks and do you have any question before i move forward?

Josh: I’m not comfortable sharing banking info online.

(Morgan may not be on Hangouts right now. Your messages will be seen later.)

The “line” went immediately dead.

Fortunately, after an hour of “seduction” and with the lure of a $35-an-hour job, Josh did listen to his spidey sense and threw up a roadblock. And as soon as Morgan saw he wouldn’t play along, she “hung up” on him.

An hour or so wasted, but it could have been much worse.

“I should have never entertained this — the initial email was sketchy but I chalked that up to some office admin being asked to help find candidates,” he said. “Going back through I see very few comments in ‘her’ voice— just a lot of cut-and-paste questions and ‘OK good.’ Amazing the tricks your mind plays in you when you’re visualizing a certain situation.”

After the disconnect, Josh called the firm and was told no one by that name worked there.

I, however, did find someone with her name who had posted a resume that was similar. It’s likely the con artists assumed elements of her identity for the scam. I emailed her, and got no response. I also emailed the person who chatted with Josh and got no response.

“The initial email was unsolicited with that odd name but I saw the LinkedIn profile and I’ve had some of those mails come through (job sites),” Josh said. “The hangout thing raised eyebrows but I suspended some of that because I got caught up answering the questions.”

Tips for Avoiding Scammers

So what should you do? The big one: Always trust your gut. I pretty much never talk to anyone who falls for these things who doesn’t say they had a queasy feeling in their stomach at some point.

Also, do what Josh did. Say it out loud: “I’m not comfortable with that.” It’s a handy phrase. A real person will react with an apology to that, like “Oh, I’m sorry, I didn’t mean to make you uncomfortable.” A con artist, or a bad person, will push you instead. Or hang up.

Finally, be realistic. If you are out of work, you are vulnerable. No matter how smart and put together you think you are. Know that going in. You’ll be more likely to hit the pause button if things go south, and generally, hitting pause is enough to scare off bad guys.

Here’s a handy list of ways to spot “Work at Home” scams. And if you think you’ve already fallen prey to an identity theft scam, it’s a good idea to keep an close eye on your credit. New accounts you don’t recognize on your credit reports or a sudden drop in credit scores are signs that fraud is afoot. (You can pull your credit reports for free each year at and view two of your credit scores for free each month on You can find more steps to take if you are an identity theft victim here.

Image: PeopleImages

The post The Job Scam That Even You Could Fall For appeared first on

7 Steps to Safer Passwords for All Your Online Accounts


Some passwords are funny. Some are pretty weird. Some can be a math problem. Many can be laughably easy to hack (I give you “dadada, ”“qwerty,” “password” and”123qwe” to name a few.) — or very tricky. But one thing is for sure, they are never really 100% hack proof.

Earlier this month, news broke that a significant number of Twitter passwords had been compromised and were being offered to anyone willing to fork over 10 bitcoins, or roughly $6,700, as of this writing. More than 32 million users were included in the cache of information on the cyber creep auction block. Hacked information database Leaked Source said in a blog post that it received the data set from a user under an alias.

Your Information Is Out There

The first takeaway: Anyone can scavenge and rumor-chase to find purloined login credentials. The second: You are not safe, and identity-related crimes are the third certainty in life, right behind death and taxes. (You can monitor your credit for signs of identity theft by viewing two of your credit scores for free each month on

Twitter has told multiple news outlets that its systems were not breached. Leaked Source said the passwords appeared to have been grabbed by malware.

How to Keep People Out of Your Stuff

While knowing that your information is out there is an important piece of the personal data security puzzle, keeping your accounts safe is even more crucial.

While there has been much innovation in the world of data security, nothing has proven foolproof yet. Biometric authentication using fingerprint and iris scans is promising, but their adoption is far from universal and not without some spoofing issues.

There are tokens and cards that can complement passwords, but those are fallible for the reason that they can be stolen or lost.

Multi-factor authentication is probably the best way to deal with security issues, but it does not necessarily strike the best workplace balance between security and convenience. The Pixar movie “Monsters vs. Aliens” provides a comical scene that demonstrates why it’s not the most practical approach (the character has to provide a hand, foot, tongue, elbow and butt scan to gain access to the president’s situation room).

Passwords Are Still the Best Option

As things stand now, a password coupled with a second factor of authentication known only to the user — like a visual prompt — is the best personal security solution.

Because we have many accounts and they should all have separate passwords, most consumers have a problem keeping all that information straight. There are apps for that, of course, and if you are OK with cloud-based solutions — bearing in mind that nothing is un-hackable — you might want to check out a service like 1Password, which allows you to store all your passwords, PINs, credit card numbers, and more. PasswordWallet 4 and Dashlane provide similar services. Bear in mind that they are not the only good games in town. So do your research and read reviews. Keep in mind, too, some password managers charge for their services.

The upside to password valets is clear — you only have to remember one password. If that’s of interest, you still need to make sure that password is very strong.

Rules of the Road for Effective Passwords

If you decide not to use a password manager, never store your passwords and user names in a document that resides on your computer. Save them on an encrypted thumb drive. Then you need only remember two things: Where you keep it and the password (hopefully long and strong) required for access.

The best practices here include a number of things you shouldn’t do:

1. Try to avoid single words, since many password-cracking programs use the dictionary.

2. Avoid letters and numbers that are close to each other on the keyboard.

3. Never use a password based on personal information that could well be available on social media or via a data breach. This would include your birthday or the birthdays of loved ones, children’s names, pet names, your high school or college mascots and the like.

4. Never use a password on a retail site that you use anywhere else. If that site gets hacked and the same login information is on a bank account, you’re toast.

And a few things you should do:

5. Create an easier password for sites that don’t have a great deal of your personal information, like news sites, video streaming services and the like.

6. Consider using a password generator. (Bear in mind this generally requires using a password management system, bought or homemade.)

7. Create long and strong passwords containing a phrase at their core. One thing that a brute force attack cannot do is guess the first line of a poem you wrote in fourth grade, especially if you have a simple math problem embedded in the middle of a word of two.

Most of us have day jobs. Identity thieves and scammers view grabbing our information and exploiting it for their gain as their day job. Always assume there is a never-ending riot overflowing with looters happening just outside your cyber house. That’s why you must be thoughtful, inventive and vigilant when creating passwords, for they are the locks to all your virtual doors and windows — even when you are home.

More on Identity Theft:

Image: PeopleImages

The post 7 Steps to Safer Passwords for All Your Online Accounts appeared first on

4 Signs Your Boss Is Spying on You

Chances are, your boss is keeping an eye on you. In fact, the American Management Association (AMA) reports that 43% of companies actively monitor employee emails and roughly the same number track the time you spend on the phone and who you call (16% go so far as to record those calls). Nearly half of companies say they use video to reduce theft and workplace sabotage.

Workplace monitoring is nothing new, of course. Bosses have probably been spying on employees for as long as they’ve been hiring people to work for them. But new technologies make it easier for companies to track their employees’ every move, while at the same time making it harder for workers to tell if they’re being watched.

From GPS tracking to checking your social media profiles, it’s not hard for a company to keep tabs on you. And, unless your boss tells you they’re spying, you may never know. (To be fair, the AMA reports that many companies do inform employees that they may be subject to monitoring.) This stealthy on-the-job surveillance is perfectly legal in most cases, which may come as a surprise to many people.

“Privacy in today’s workplace is largely illusory,” the AMA’s Ellen Bayer told The Week.

Not sure if your boss is using techniques to keep tabs on you? Here are four signs that you’re likely being watched at work.

1. You’re Secretly Planning to Quit & Your Boss Already Knows

More companies are mining big data to make predictions about which employees are likely to leave their job in the near future. And then there’s social media. If you’re connected to your boss on LinkedIn or have a public profile, they may get suspicious if your network suddenly starts to grow or you link up with recruiters or industry competitors. If your company is tracking the website you visit or logging keystrokes, you may also alert your boss to your on-the-clock job search.

2. You’re Called Out for a Conversation You Thought Was Private

If your boss reprimands you for a less-than-professional conversation or email exchange that you thought was private, there’s a chance you have a tattletale co-worker. But it’s also possible that your supervisor could be spying on you, perhaps by scanning your email, monitoring your phone conversations, or even looking at the text messages you send on a work-issued device. If they’re using a key-logging program or other monitoring software, they may even know what you’re saying in your personal emails sent on any company-owned devices.

Don’t make the mistake of thinking that your boss doesn’t care about your idle workplace gossip, either, whether in person or something shared digitally. Thoughtless emails can come back to haunt you.

“Employers own the content on their own internal email systems and have the right to monitor what you write and to whom,” Jennifer Lee Magas, an employment law attorney and vice president of Magas Media Consultants, LLC, told

3. Your Boss Knows What You Did This Weekend Before You Tell Him

Does your boss seem to know an awful lot about your personal life? They could be checking out your Facebook, Twitter, Instagram or other social media profiles, even if you haven’t added them to your network or given them your password (something that some employers really do ask for, though laws about that are changing). Looking at your public profiles is a bit creepy, but it’s not all that unusual. And people have been disciplined or fired after their employers stumbled upon inappropriate posts, photos and comments online.

4. There’s Some Suspicious Software on Your Devices

If your company’s IT department is monitoring your computer use, it’s not always going to be immediately obvious. However, you can poke around on your computer to see if there are any telltale signs of monitoring software (Online Tech Tips has some advice on how to do that, if you’re so inclined). The same goes for unusual apps installed on smartphones. But don’t be too quick to uninstall something that looks suspicious or your boss may fight back.

[Editor’s Note: You never know who may be looking at what you do online, whether it’s your boss or a hacker. It’s a good idea to keep an eye on your credit for any signs of identity theft, like a sudden dip in your score or unfamiliar new accounts. You can see your free credit report summary, updated each month, on]

This article originally appeared on The Cheat Sheet.  

More Money-Saving Reads:

Image: Jen Grantham

The post 4 Signs Your Boss Is Spying on You appeared first on

The Lesson Mark Zuckerberg Just Taught Everyone About Reusing Passwords


Facebook CEO Mark Zuckerberg apparently didn’t read the warning about using different passwords to protect online accounts.

Sources told The Wall Street Journal that Zuckerberg’s Twitter and Pinterest accounts were hacked over the weekend. Per the paper, Zuckerberg utilized the same password — “dadada” — to protect each account. That password had appeared last month in a database of more than 100 million usernames and passwords that was stolen from LinkedIn back in 2012, it said.

Screenshots taken by Engadget show hacker group OurMine, using their now-suspended Twitter account, to alert Zuckerberg (@finkd) of their takeover on Sunday, saying “Hey @finkd we got access to your Twitter & Instagram & Pinterest, we are just testing your security, please dm us.”

Representatives from Facebook, Instagram, Pinterest and Twitter did not immediately respond to’s request for comment. Facebook did tell Engadget that the hackers didn’t get access to any of its accounts or systems.

Why Strong Passwords Are Important

Zuckerberg’s reported hack serves as a strong reminder not to skimp on password security. “Dadada” may not be on the list of 25 passwords you should never use, but it certainly wasn’t the most secure one out there, given that it’s short, repeats characters and doesn’t vary the types of characters used with numbers or symbols (all generally considered good password rules of thumb.)

And, while it may not seem like that big a deal to have a social media account compromised, using the same passwords across accounts, could open you up to other vulnerabilities, including card fraud or deeper identity theft. A thief, for instance, could potentially gain access to your bank account if it’s protected by the same password as a social media account that got compromised.

It’s generally a good idea to go through your passwords and update them regularly, making sure you are using secure passwords, unique to each site. And, if you ever think your personal information has been compromised, you may want to monitor your credit accounts or even freeze your credit reports. Sudden changes in your credit scores can be a sign your identity has been stolen. You can get two of your credit scores for free, updated each month, on

More on Identity Theft:

Image: FLDphotos

The post The Lesson Mark Zuckerberg Just Taught Everyone About Reusing Passwords appeared first on

Ransomware Is a Real Threat (Even to You, Apple Users)


Maybe the thought actually occurred to you that something was “phishy” about that link, but that’s so 30 seconds ago. You clicked and now your computer screen is locked. Behind that frozen screen lie your personal files — everything from photos to tax documents — all of it encrypted by a third party that promises to return access for a ransom, which is usually between $200 and $5,000, according to the FBI.

Encryption can be a tool for good and evil. It’s the safest way for an enterprise to keep information safe from prying eyes and sticky fingers, but unfortunately it’s relatively easy for a hacker — and not even a very clever one — to use it to force an ugly situation: your files are encrypted and can only be unlocked by the thief.

A recent newsworthy item takes its lead from the popular “Saw” horror series. If you get hit with this one, Billy the Puppet from the franchise pops up on your screen with the message: “I want to play a game with you.”

Think that invitation from Billy the Puppet sounds fun? Before you go looking for the jigsaw ransomware, also known as BitcoinBlackmailer.exe, let me assure you that it’s not. There are different versions, but they all say pretty much the same thing: “Your computer files have been encrypted. Your photos, videos, documents, etc….But, don’t worry! I have not deleted them, yet. You have 24 hours to pay 150 USD in Bitcoins to get the decryption key. Every hour, files will be deleted. Increasing in amount every time. After 72 hours all that are left will be deleted.”

If you get the jigsaw ransomware, don’t panic. As ZDNet (my source for the above script) points out, a company named Forcenet already solved the problem with simple reverse-engineering. According to those at Forcenet, “A genius malware author this is not, the use of C#/.NET makes it trivial to reverse engineer and analyse.”

Not Just an Inconvenience & Not Just a PC Problem

The point here is not whether or not a particular ransomware poses an extinction-level threat. Ransomware attacks are on the rise. According to Symantec’s 2016 Internet Security Threat Report, “crypto-style ransomware grew 35% in 2015.” In this report, Symantec warns that this often profitable approach, while adept at ensnaring PC users and branching out through network-connected devices, is increasingly targeting, “smartphones, Mac and Linux systems.”

In plain English: ransomware is a danger for anyone using a network-connected device. A former NSA employee recently released a tool for Mac users called RansomWhere, which detects when files are being encrypted on an Apple device and allows the user to stop it. That’s notable because, until now, most Apple users have been relatively unscathed by ransomware.

How People Are Affected by Ransomware

While many ransomware attacks are fixable, they can be embarrassing. A number of the links that get people “got” involve sites you wouldn’t want your mother — or spouse, or child — to think were part of your regular Internet diet, or sites that would suggest you’re about to go into personal bankruptcy. Ransomware crooks use various hot-button clickbait to lure victims.

But do you know what’s worse than being embarrassed by a public airing of what piques your curiosity? A lot of things are, but when it comes to ransomware, at the top of the list has to be the increasing risk for more serious kinds of fallout as hospitals are being more frequently targeted by this form of attack.

In February, Hollywood Presbyterian Medical Center was hit by ransomware. The incident got a great deal of attention because instead of risking patients’ lives, the hospital decided to pay the ransom, which was about $17,000 — or 40 bitcoins. Another hospital was hit in Kentucky, but they only had to pay a ransom of 4 bitcoins, according to internet security reporter Brian Krebs. MedStar Health was also a victim of ransomware, with employees reporting, “a pop-up on their computer screens stating that they had been infected by a virus and asking for ransom.” MedStar owns 10 hospitals and 250 out-patient facilities in Maryland and D.C.

TrendMicro, a company that focuses on internet content security software and cloud computing security, recently predicted “2016 will be the year of online extortion.” If ever there was a time to be careful out there, it was last year. And the year before that, and the one before that, too, but also: tomorrow. Tomorrow is still really not the sort of thing that’s conducive to a good night’s sleep, because the underlying message here is that you are going to get got. Being informed is your best defense.

This story is an Op/Ed contribution to and does not necessarily represent the views of the company or its partners.

More on Identity Theft:

Image: iStock

The post Ransomware Is a Real Threat (Even to You, Apple Users) appeared first on

429 Million Identities Were Stolen in Data Breaches Last Year

loan to buy a computer

Data breaches and other security crimes surged ahead in 2015, a new study found.

A total of 429 million identities were stolen last year as a result of data breaches, according to Symantec.

The security software company’s latest Internet Security Threat Report, released on April 12, notes that is a 23% increase from the prior year.

There were also a record nine mega-breaches reported last year. Mega-breaches are defined as data breaches involving more than 10 million records.

Additionally, the report found that crypto-ransomware attacks increased by 35% last year. This type of attack involves using malicious software to encrypt a victim’s computer files and block the victim from accessing them until a ransom is paid.

Ransomware called “CryptoWall” even prompted the FBI to issue a public warning last year, calling it “the most current and significant ransomware threat targeting U.S. individuals and businesses.”

Symantec also reported that more than 75% of all legitimate websites have vulnerabilities that have yet to be patched. And 15% of legitimate sites’ vulnerabilities are considered critical, “which means it takes trivial effort for cybercriminals to gain access and manipulate these sites for their own purposes,” the report states.

Symantec, which is known for software like Norton Antivirus, offers consumers the following tips to protect themselves.

1. Use Strong Passwords

Use strong and unique passwords for your accounts. Change passwords every three months, and never reuse your passwords. Additionally, consider using a password manager to further protect your information. (Need password ideas? These are 25 passwords to immediately cross off the list of possibilities.)

2. Think Before You Click

Opening the wrong attachment can introduce malware to your system. Never view, open or copy email attachments unless you are expecting the email and trust the sender.

3. Be Wary of Scareware Tactics

Versions of software that claim to be free, cracked or pirated can expose you to malware. Social engineering and ransomware attacks will attempt to trick you into thinking your computer is infected and get you to buy useless software or pay money directly to have it removed.

4. Safeguard Your Personal Data

The information you share about yourself online puts you at risk for social engineered attacks. (You can read more about identity theft protection here.) Limit the amount of personal information you share on social networks and online, including login information, birth dates and pet names.

And, if you have reason to believe your personal information was compromised, you can keep an eye on your credit. A sudden drop in credit scores, for instance, is a sign your identity has been stolen. You can view your two credit scores for free each month on

More From Money Talks News:

Image: iStock

The post 429 Million Identities Were Stolen in Data Breaches Last Year appeared first on