Tips for Buying Safe Connected Devices This Cyber Monday


Keeping up with news alerts about cybersecurity flaws in consumer electronics is a lot like picking up spilled jelly beans one at a time with a plumber’s wrench. Even if you figure out how to do it and have endless patience, a few will skitter out of sight.

Assume for the moment that, unlike most people, you think a lot about cybersecurity and you do your homework before buying a connected device. (I know. This is a truly ridiculous proposition. But let’s just say it’s the case.)

As you prepare for Cyber Monday, make cybersecurity part of the purchase process. What does your thinking about cybersecurity look like? What form does it take? Perhaps you like to use a search engine to see if there have been any obvious problems associated with the product, service, or device you’re considering. And by problems, I mean specifically cybersecurity and privacy issues.

This simple action can save you from a time-consuming hassle later. Security lapses abound. It’s your job to know about them.

Your Role in Cybersecurity

If you think this sort of research is too hard, relax. It’s easy. A simple search using the name of the item in question as well as terms like “compromise,” “privacy,” and “breach” is a good place to start.

For example, maybe you’re thinking about giving someone a credit monitoring gift that protects them from fraud. You might do the following searches:

  • “Equifax hacked”—About 901,000 results (0.58 seconds)
  • “Experian hacked”—About 128,000 results (0.63 seconds)
  • “TransUnion hacked”—About 62,800 results (0.37 seconds)

Now, bear in mind, many of the search hits on Experian and TransUnion (both of which offer sophisticated monitoring programs) come by way of obligatory mentions in the coverage of the Equifax compromise.

You’re Still Not Safe

Let’s say you get a connected cam to monitor an aging parent. There are some basics to consider. You’ve got to assume, for example, that Mom may not want to be the star of a Russian reality TV show called something along the lines of “Stupid Americans I Have Hacked.” But you also have to assume it could happen.

If you did your homework right, you know there’s been a problem with many plug-and-play webcams involving the use of manufacturer default passwords.

Checking for known security issues or a history of poor security is important, but there is still more work to be done before Cyber Monday to make sure you’re not giving someone a gift that robs them blind, opens them up to public ridicule, or simply embarrasses them.

The Most Important Question

That camera with seemingly perfect security you got your mom could become a live feed to her own version of The Truman Show for an avoidable reason: the cam wasn’t patchable. This means that when a security flaw is discovered, there is no way to protect the cam because it cannot receive security patches.

You’ve read privacy policies online and have made sure the product you’re thinking about doesn’t get significant revenue by selling data collected from this or that smart device, but the item also needs to be patchable.

Many companies do a very good job. Contrary to the folklore about planned obsolescence at Apple, the company is excellent at supporting older devices and operating systems, and it is a top player when it comes to security patches.

Let’s focus on gadgets. If the connected device you’re considering is not properly maintained after the launch of later generations of that product or a related service, keep looking for a device that does.

And ask, Is this connected device patchable?

This Cyber Monday, the only way to find those errant jelly beans mentioned above is to do the requisite research.

While nobody has the time to read every news item about product security, with the holiday shopping season upon us, it’s imperative to think about cybersecurity basics.

Data breaches and other compromises are the third certainty in life, right behind death and taxes. The simplest way to avoid falling prey to products and services that offer shabby or nonexistent cybersecurity? Don’t buy them.

If you fear your information has been compromised through an unsecure device, review your credit report for any suspicious activity. You can get your credit report for free through

Image: istock

The post Tips for Buying Safe Connected Devices This Cyber Monday appeared first on

Are Your Connected Devices Safe?


The number of Internet of Things (IoT) devices in use is forecasted to hit 8.4 billion this year. That’s more than the human population on planet Earth. And with successful attacks like Mirai (which was the malware used in the 2016 Dyn cyberattack) already a part of the IoT story, there’s plenty to worry about.

It’s crucial we give this latest market exuberance a brief time-out. Unfortunately, the chances of that happening are fairly unlikely. So, what to do between now and the next zero-day exploit?

I’m specifically recommending a cyber “time-out,” and not a “breather” or any other term signifying a pause or cessation of activity. IoT technology is in its infancy and growing faster than projected. And it’s flawed.

Connected devices have not been around very long, and yet they’ve already managed to cause no end of trouble—whether we’re talking about hijacked baby monitors, IP cameras, or exercise trackers that broadcast granular details about your sex life to anyone who might be curious about it.

We need a time-out to think through and implement best security practices for the IoT market.

Are Connected Devices a Cyber Catastrophe Waiting to Happen?

With total spending on IoT or connected devices pegged to hit $2 trillion this year, the market is undergoing a period of staggering growth.

IoT is increasingly present in daily life. It can be found in kitchen appliances, cars, health care equipment, toys, exercise gear, and peripherals like watches and monitors. It’s in security systems and many of the creature comforts populating our homes.

On all fronts, the upside is impressive. Consumers get to shop for a whole new universe of things they never knew they wanted, and manufacturers are increasing their revenues. In case you don’t have the figures handy, the revenue target for 2017 represents 31% growth over the previous year.

Sounds great, right? But while everyone benefits from the hunger for next-generation, hyper-connected everything, consumers may lose sight of the security pitfalls associated with them. At the risk of being a killjoy, I believe it doesn’t just seem reasonable, but absolutely essential, to assume many new devices currently hitting the IoT market aren’t cybersecure.

So, while the boom in connected devices looks like a win for everyone, it’s not. When consumers connect new devices to the Internet, their attackable surface expands. Data is being moved around. New doors are opened.

Even the most cursory look backward reveals the likelihood of future attacks.

New Products, Better Prospects?

Nest is a popular smart home player in the IoT sector. The company just released some new devices, including home security cameras, which made me wonder about the lessons learned from recent zero-day fails.

In the Persai/Mirai catastrophe, IP cameras and routers were hijacked and roped into a botnet that hackers used to launch a massive distributed denial of service (DDoS) attack against Dyn, which routed traffic for major websites. The sites affected by the attack included The New York Times, HBO, PlayStation, Etsy, Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, and PayPal.

The Dyn attack was the direct result of rushing connected devices to market. IoT devices were sold to consumers with default passwords that many people never bothered to change (some don’t permit passwords to be changed), security taking a backseat in the race to the marketplace. While there was little to no issue with the affected devices on the consumer end, the hackers were able to use all those points of contact to launch the crippling attack on Dyn. And yes, that attack affected everyone. A back-of-the-napkin estimate on total cost is in the billions, not millions, of dollars.

In addition to Nest, I reached out to other IoT device manufacturers this week to hear what they’re doing to protect consumers in the wake of the Dyn attack and the mad rush to cash in on the robust market for connected devices. Of the 10 companies I contacted, only three got back to me.

Both Nest and Vivint (a leader in smart devices with excellent security) responded with answers that were music to my cyber-paranoid ears, though I’ll spare you the details. The same was not true of the third response, which came from a Honeywell representative: “I’d need quite a bit more time to fact check answers through our various businesses given the breadth of your questions.”

My questions:

There have been many instances of cams with factory-default passwords getting hacked—do new [Honeywell] cam products require the end user to create a secure password before they will function? Do they allow the consumer to create a password? What security measures were designed into the product?

What measures have been taken to protect other smart home products from hackers?

These questions are elementary. One has to suspect the reason so many companies failed to reply is that they don’t have great security built into the design of their products.

The takeaway here is simple, but important. When you are shopping for a connected device, security should be the first thing you ask about—even before checking out proffered features. The future is as safe as you make it.

Image: istock

The post Are Your Connected Devices Safe? appeared first on

Now’s the Time to Talk Online Security With Your Children

Whether you’re a helicopter parent or more laissez-faire, we have some words of wisdom to offer.

Summer’s here and the time is right for getting hacked or worse, having the contents of your computer held hostage by ransomware. For a couple of carefree and extreme data-consuming months, kids everywhere will be doing whatever they want online even if you’ve tried to control them.

In other words, be very afraid.

Only you know if it is time to have “the talk” with your child about online security. But before you sheepishly clear your throat in their doorway, have you had the talk with yourself?

No amount of whistling in the dark will keep you safe from the crazed clicking of an unthinking child. It’s crucial to remember that safe online habits aren’t an innate skill; they need to be taught. That said, there are many parenting styles when it comes to all things online. Some parents choose to be hands-off about it, and if that’s working for you, more power to you.

Actually, I take that back. There are countless pitfalls, pratfalls and worse awaiting your child — and with that your entire family — as well as anyone else unlucky enough to be connected to your home network.

Whether you’re a helicopter parent or more laissez-faire, we have some words of wisdom to offer. Here are four subjects to broach when talking online security with your children.

1. Stay Alert

Online security and threats threats are fluid. You can be completely on top of your game one day and get hacked the next because you aren’t prepared. The goal should be to become security-minded. While it helps to know about the most recent exploits and threats, it’s better to get into the mindset of those old Highlights Magazine exercises and think, “What’s wrong with this picture?” The moment you think you’ve got everything under control, you become an easier target. Stay alert. (If you believe you’ve been the victim of identity theft, don’t shrug it off. You can view two of your credit scores for free on

2. Use Better Passwords

Increasingly, people are turning to password managers to keep their accounts safe, since it can be difficult to remember a large number of long and strong passwords. These managers generate random passwords and allow you to manage the process with a single master password. If you are not using a manager, make sure everyone in the house is using sufficiently complex passwords that are unique to the key accounts in your home, and never let your kids use any of your passwords!

3. Monitor Them

No one likes the specter of Big Brother, but your kids aren’t your siblings, they are your wards. While many advocates of internet privacy will say that a child’s travels online should be protected, even from parents, I think of monitoring online behavior in the same way I do a trip to the pediatrician — it’s my duty as a parent to know and protect all of my child’s sensitive personal information.

The same goes for internet history and app usage. You need to know what they’re doing. While bullying, compromising pictures and other activities you may find could make a different conversation necessary, your job is online safety.

4. Establish Ground Rules

The best way to keep your family safe from the wandering clicks of a child is to start teaching a secure mindset right away. Tell them to look for secure HTML, which can be found in the URL of your browser, where you will see a padlock symbol or the letters HTTPS (instead of HTTP) or both.

Have rules about app shopping. Encourage your kid to check with you if they are unsure about a site or an app. Pick an app store that you know won’t carry shady app developers. Teach your kids about phishing scams, how they work and what to do when they think one arrives in their email or messaging apps. But most important, let the subject of online security be an ongoing discussion.

These are some big-picture considerations and a few on-the-ground concerns to help you start thinking about online security. Only you can figure out the best way to tell your child to keep their online travels safe and protect your whole family.

Image: mixetto 

The post Now’s the Time to Talk Online Security With Your Children appeared first on

The Lesson Mark Zuckerberg Just Taught Everyone About Reusing Passwords


Facebook CEO Mark Zuckerberg apparently didn’t read the warning about using different passwords to protect online accounts.

Sources told The Wall Street Journal that Zuckerberg’s Twitter and Pinterest accounts were hacked over the weekend. Per the paper, Zuckerberg utilized the same password — “dadada” — to protect each account. That password had appeared last month in a database of more than 100 million usernames and passwords that was stolen from LinkedIn back in 2012, it said.

Screenshots taken by Engadget show hacker group OurMine, using their now-suspended Twitter account, to alert Zuckerberg (@finkd) of their takeover on Sunday, saying “Hey @finkd we got access to your Twitter & Instagram & Pinterest, we are just testing your security, please dm us.”

Representatives from Facebook, Instagram, Pinterest and Twitter did not immediately respond to’s request for comment. Facebook did tell Engadget that the hackers didn’t get access to any of its accounts or systems.

Why Strong Passwords Are Important

Zuckerberg’s reported hack serves as a strong reminder not to skimp on password security. “Dadada” may not be on the list of 25 passwords you should never use, but it certainly wasn’t the most secure one out there, given that it’s short, repeats characters and doesn’t vary the types of characters used with numbers or symbols (all generally considered good password rules of thumb.)

And, while it may not seem like that big a deal to have a social media account compromised, using the same passwords across accounts, could open you up to other vulnerabilities, including card fraud or deeper identity theft. A thief, for instance, could potentially gain access to your bank account if it’s protected by the same password as a social media account that got compromised.

It’s generally a good idea to go through your passwords and update them regularly, making sure you are using secure passwords, unique to each site. And, if you ever think your personal information has been compromised, you may want to monitor your credit accounts or even freeze your credit reports. Sudden changes in your credit scores can be a sign your identity has been stolen. You can get two of your credit scores for free, updated each month, on

More on Identity Theft:

Image: FLDphotos

The post The Lesson Mark Zuckerberg Just Taught Everyone About Reusing Passwords appeared first on

Ransomware Is a Real Threat (Even to You, Apple Users)


Maybe the thought actually occurred to you that something was “phishy” about that link, but that’s so 30 seconds ago. You clicked and now your computer screen is locked. Behind that frozen screen lie your personal files — everything from photos to tax documents — all of it encrypted by a third party that promises to return access for a ransom, which is usually between $200 and $5,000, according to the FBI.

Encryption can be a tool for good and evil. It’s the safest way for an enterprise to keep information safe from prying eyes and sticky fingers, but unfortunately it’s relatively easy for a hacker — and not even a very clever one — to use it to force an ugly situation: your files are encrypted and can only be unlocked by the thief.

A recent newsworthy item takes its lead from the popular “Saw” horror series. If you get hit with this one, Billy the Puppet from the franchise pops up on your screen with the message: “I want to play a game with you.”

Think that invitation from Billy the Puppet sounds fun? Before you go looking for the jigsaw ransomware, also known as BitcoinBlackmailer.exe, let me assure you that it’s not. There are different versions, but they all say pretty much the same thing: “Your computer files have been encrypted. Your photos, videos, documents, etc….But, don’t worry! I have not deleted them, yet. You have 24 hours to pay 150 USD in Bitcoins to get the decryption key. Every hour, files will be deleted. Increasing in amount every time. After 72 hours all that are left will be deleted.”

If you get the jigsaw ransomware, don’t panic. As ZDNet (my source for the above script) points out, a company named Forcenet already solved the problem with simple reverse-engineering. According to those at Forcenet, “A genius malware author this is not, the use of C#/.NET makes it trivial to reverse engineer and analyse.”

Not Just an Inconvenience & Not Just a PC Problem

The point here is not whether or not a particular ransomware poses an extinction-level threat. Ransomware attacks are on the rise. According to Symantec’s 2016 Internet Security Threat Report, “crypto-style ransomware grew 35% in 2015.” In this report, Symantec warns that this often profitable approach, while adept at ensnaring PC users and branching out through network-connected devices, is increasingly targeting, “smartphones, Mac and Linux systems.”

In plain English: ransomware is a danger for anyone using a network-connected device. A former NSA employee recently released a tool for Mac users called RansomWhere, which detects when files are being encrypted on an Apple device and allows the user to stop it. That’s notable because, until now, most Apple users have been relatively unscathed by ransomware.

How People Are Affected by Ransomware

While many ransomware attacks are fixable, they can be embarrassing. A number of the links that get people “got” involve sites you wouldn’t want your mother — or spouse, or child — to think were part of your regular Internet diet, or sites that would suggest you’re about to go into personal bankruptcy. Ransomware crooks use various hot-button clickbait to lure victims.

But do you know what’s worse than being embarrassed by a public airing of what piques your curiosity? A lot of things are, but when it comes to ransomware, at the top of the list has to be the increasing risk for more serious kinds of fallout as hospitals are being more frequently targeted by this form of attack.

In February, Hollywood Presbyterian Medical Center was hit by ransomware. The incident got a great deal of attention because instead of risking patients’ lives, the hospital decided to pay the ransom, which was about $17,000 — or 40 bitcoins. Another hospital was hit in Kentucky, but they only had to pay a ransom of 4 bitcoins, according to internet security reporter Brian Krebs. MedStar Health was also a victim of ransomware, with employees reporting, “a pop-up on their computer screens stating that they had been infected by a virus and asking for ransom.” MedStar owns 10 hospitals and 250 out-patient facilities in Maryland and D.C.

TrendMicro, a company that focuses on internet content security software and cloud computing security, recently predicted “2016 will be the year of online extortion.” If ever there was a time to be careful out there, it was last year. And the year before that, and the one before that, too, but also: tomorrow. Tomorrow is still really not the sort of thing that’s conducive to a good night’s sleep, because the underlying message here is that you are going to get got. Being informed is your best defense.

This story is an Op/Ed contribution to and does not necessarily represent the views of the company or its partners.

More on Identity Theft:

Image: iStock

The post Ransomware Is a Real Threat (Even to You, Apple Users) appeared first on

429 Million Identities Were Stolen in Data Breaches Last Year

loan to buy a computer

Data breaches and other security crimes surged ahead in 2015, a new study found.

A total of 429 million identities were stolen last year as a result of data breaches, according to Symantec.

The security software company’s latest Internet Security Threat Report, released on April 12, notes that is a 23% increase from the prior year.

There were also a record nine mega-breaches reported last year. Mega-breaches are defined as data breaches involving more than 10 million records.

Additionally, the report found that crypto-ransomware attacks increased by 35% last year. This type of attack involves using malicious software to encrypt a victim’s computer files and block the victim from accessing them until a ransom is paid.

Ransomware called “CryptoWall” even prompted the FBI to issue a public warning last year, calling it “the most current and significant ransomware threat targeting U.S. individuals and businesses.”

Symantec also reported that more than 75% of all legitimate websites have vulnerabilities that have yet to be patched. And 15% of legitimate sites’ vulnerabilities are considered critical, “which means it takes trivial effort for cybercriminals to gain access and manipulate these sites for their own purposes,” the report states.

Symantec, which is known for software like Norton Antivirus, offers consumers the following tips to protect themselves.

1. Use Strong Passwords

Use strong and unique passwords for your accounts. Change passwords every three months, and never reuse your passwords. Additionally, consider using a password manager to further protect your information. (Need password ideas? These are 25 passwords to immediately cross off the list of possibilities.)

2. Think Before You Click

Opening the wrong attachment can introduce malware to your system. Never view, open or copy email attachments unless you are expecting the email and trust the sender.

3. Be Wary of Scareware Tactics

Versions of software that claim to be free, cracked or pirated can expose you to malware. Social engineering and ransomware attacks will attempt to trick you into thinking your computer is infected and get you to buy useless software or pay money directly to have it removed.

4. Safeguard Your Personal Data

The information you share about yourself online puts you at risk for social engineered attacks. (You can read more about identity theft protection here.) Limit the amount of personal information you share on social networks and online, including login information, birth dates and pet names.

And, if you have reason to believe your personal information was compromised, you can keep an eye on your credit. A sudden drop in credit scores, for instance, is a sign your identity has been stolen. You can view your two credit scores for free each month on

More From Money Talks News:

Image: iStock

The post 429 Million Identities Were Stolen in Data Breaches Last Year appeared first on

How to Get a ‘Burner’ Credit Card


A new online payment service, which launched earlier this week, hopes to curb online shopping fraud by doing away with the need to share your credit card number just to buy something. is creating virtual debit cards for online transactions for anyone who signs up for the service. The free app, which reported on last fall, is now available for Apple iOS and Google Chrome.

“Credit card breaches are growing at an alarming rate and real people are getting hurt,” said Bo Jiang, CEO and Founder of Privacy, in a press release. “We minimize your risk of fraud and identity theft by creating virtual burner cards.”

Here’s an overview of how the app works: Users download the software, register and link an online bank account. There is no pre-loading of funds required and the service can be used anywhere Visa cards are accepted. Once downloaded, a browser extension enables you to create burner card numbers when you go to check out on shopping websites. The funds are then withdrawn from the linked bank account.

The service uses two-factor authentication, an extra layer of security that requires not only a password and username but also something that only that user has on them, such as a physical token.

Prospective users can sign up on the company website. Keep in mind, you’ll have to enter personal information, including your name, address, date of birth and checking account information, to get and use the app. You can find more information about’s security protocols on the company website.

Remember, some banks also give cardholders the option to create virtual card numbers to increase security while shopping online, so you may want to look into these options, too, if you are interested in increased online card security.

And, if you think your credit card or personal information has been compromised, or even if you don’t, one of the best things you can do to protect yourself from identity theft is to regularly check your statements and your credit for signs of fraud. You can spot sudden, unexpected changes in your free credit report summary, which is updated every month on Here’s what to do if you find you are a victim of identity theft.

More on Identity Theft:

Image: gpointstudio

The post How to Get a ‘Burner’ Credit Card appeared first on