United States Computer Emergency Readiness Team
The United States Computer Emergency Readiness Team is a
section of Homeland Security that is specifically geared toward addressing
cyber attacks and scams. They have excellent information on how to recognize and
deal with many of the prevalent issues regarding cyber security. We highly
suggest taking a look at their many resources so that you can recognize these threats ahead of time and
USA Today Money | Using Debit vs. Credit
Cyber Security @Home
We all know that feeling of excitement when we get a new
electronic device. There’s an almost overwhelming desire to rip open the box,
fire it up, and see what it’s capable of. With the holiday season fast
approaching, chances are that someone in your home or family will be getting a
new gadget. Before, you take off cruisin’ the web, though, it is important to
take a few minutes and make sure that your device is properly protected.
It can take several months from the time a shiny new toy was
manufactured for it to be boxed up and placed on the showroom floor. Cyber
criminals rarely take breaks, so there is a very good chance that many new
threats have surfaced since the last time that device was turned on, and even
longer since any software was updated.
Software updates may seem annoying, popping up in the middle
of a Netflix movie, or eating system resources in the middle of an HD game, but
they are critically important to the security of your information. Software
updates occur as often as they do and are as nagging as they are because they
usually contain ‘patches’ which are meant to fix security vulnerabilities in
software that weren’t discovered until after the software was released.
Large software companies like Microsoft, Facebook, and even
the U.S. Government hire what are known as ‘Ethical Hackers’ to hunt down, and
help them fix, holes in their software security. Though it is great that these
companies are concerned about your security, it is a bit of a two-edged sword.
By releasing the update, they are letting not-so-ethical hackers know that
there was a hole in the defenses. These hackers will then go about looking for
machines that have not yet been patched, so that they can take advantage of, or
‘exploit’ that vulnerability.
How Do I Protect
As we’ve already discussed, letting your computer run those
pesky updates is a great first step. You can cut back on the ‘peskiness’ of the
updating process by scheduling updates to occur while your computer is not in
use, usually overnight. Just make sure to leave your device powered on during
that scheduled time.
The next step is to ensure that you have proper antivirus
protection in place. Apple and Mac products are currently less vulnerable in
this aspect, but it is better to be safe than sorry. Windows and Linux based
devices (this includes Android devices), however, should almost always have a
quality antivirus installed. There are many great free options available, such
as AVG, McAfee (free for Android), and Avast, as well as paid software such as
Bitdefender, Norton, and Kaspersky, just to name a few. There’s something for
Between, a good update schedule and a robust antivirus, you
should have a pretty decent hedge of protection from cyber-attacks, but it is
also important to protect yourself against physical threats, such as theft.
Thieves are a lot like pack-rats and the newer and shinier the object, the more
they want to get their hands on it. So, make sure to set up passwords on your
devices. Cell-phones, computers, tablets, and even your wi-fi should all be
password protected to help protect your data in case of theft.
Finally, if your device is ever stolen, or you suspect that
a hacker has somehow gained access to your personal information, make sure to
give your bank (hopefully us!) a call and let us know to watch for suspicious
activity on your accounts. If they know about it soon enough, banks can often
help minimize or even prevent loss in those situations!
The Dangers of 3rd Party App Stores
According to sources like the NY Daily News, CNN, and CNET,
more than 90% of Americans now own cell-phones, and roughly 50% of those phones
are ‘smartphones’, capable of accessing the internet and running small gaming
and productivity applications known as ‘apps’.
With a 90%
market penetration, chances are you’ve probably heard all of that before. But just in
case, now you know.
As with any widely adopted technology, there always follows
a plethora of individuals seeking to misuse said technology for
less-than-ethical personal gain. Companies like Kaspersky Labs, Avast and
McAfee who provide mobile antivirus solutions have reported a sharp increase in mobile
malware attacks within the last year. These attacks range from stealing and/or
damaging private information to hijacking other applications, and even taking
complete control over a user’s phone and placing calls, sending SMS messages,
turning on the phone’s microphone or cameras, spamming contacts, or simply
locking the user out, and holding the device hostage until a ransom is paid.
When it comes to mobile malware, the attacks are widely
varied, and seemingly limited by nothing more than the hacker’s imagination.
However, there do seem to be some common threads in the attacks:
1) The majority of mobile malware attacks appear to target
Android based devices… by quite a significant margin.
2) Apple devices are rarely infected unless the device is
3) Roughly 99.86% of malicious or infected apps are
downloaded from third party app stores (app stores other than iTunes® and Google Play®). And…
4) Mobile Antivirus solutions appear to do a pretty decent
job of combating most infections.
These statistics do not mean that everybody should throw
their android devices in the garbage and go buy an Apple i-something. In fact,
the current estimated infected device percentage for the U.S. Market is still
thought to be less than 1%. However, experts agree that this number is growing.
So what should you do?
Exercise caution with your mobile device. If you are going
to download an app, try to do it from the recommended app store for your device
(such as iTunes® or Google Play®). If you absolutely have to have an app from a
third party store, take time to research the app and read reviews on other
websites from users who have tried the app. Beware of any deal that sounds too
good to be true! If an app costs $29.99 on the app store, and you find it online
for free, there’s probably a catch. And finally, consider installing an
antivirus app. Studies show that they really do make a difference. And with
improvements in technology and coding, battery drain and memory usage are becoming less noticeable with each release.
Refresher: Protect Mobile Data
Be a human firewall!
Laptops, smartphones, tablets, USB flash drives, and even digital cameras can be used to store data. There are two key risks you take when storing data on a mobile device. The first is that you could lose that data if the device is lost, stolen, or damaged. This could include contact information, important files, email messages, and more. The other larger risk is that any sensitive information on the device may be exposed to the public, possibly exposing clients or employees to identity theft or other forms of attack. Such incidents could be covered in the press, becoming a public relations nightmare.
Whenever using a mobile device, follow these best practices:
- Always use a strong password,
- Only place sensitive information on a mobile device if it is absolutely necessary, the device can protect it, and the device is approved for business use,
- If you must store sensitive information on a mobile device, consider encrypting the data, which is a way of electronically locking it. Contact your business' IT administrator for assistance,
- Backup key data stored on mobile devices regularly and store that data in a secure location, and
- Be on guard against thieves looking to steal your mobile device and use a cable lock for laptops.
Sharing USB Drives Can Be Risky
devices share a common and potentially harmful flaw. Hackers know that
computers are typically set up to listen for what type of USB device is plugged
in. This means that criminals can reprogram USB devices to pretend to be
something other than what it really is. That device can then be used to
spy on you, capture passwords, or do permanent damage to your system. This
activity goes undetected by antivirus programs since it is not a running
program but actual hardware.
This potential risk is called USB
duping and the only complete safeguard against potential infection is to
disable USB ports altogether. This practice has already been implemented by the
U.S. military in sensitive areas, along with banning all USB drives. Awareness
is the most important factor in thwarting an attack of this type, so remember
to be wary of strangers asking to charge a cell phone or borrow a USB drive.
5 Common Cyber-Threats (and How to Fight Back)
threats are everywhere, from the data breaches at retail stores to the Internet
security issues like the "Heartbleed"
bug that's dominating the nightly news.
But a little
knowledge, and common sense, can go a long way toward helping protect you from identity
theft and financial loss.
An email that
appears to be from your financial institution or another business you deal with
asks you to click a link that directs you to a web page that looks legitimate.
On this web page, you may be asked to verify personal information, such as your
account number, password or Social Security number. The email may include an
attachment, which it urges you to open.
Don't bite. It's a
scam to snatch your personal data. HLSB and other reputable companies never
gather information this way. If you are suspicious of an email from HLSB,
forward it to firstname.lastname@example.org,
then permanently delete the message.
Think of this as
phishing over the phone — the "v" is for voice. Instead of sending a
bogus email, the criminals call you, claiming to be from your bank or another
institution you trust, such as the local court system calling about jury duty.
Even if an email or
phone call appears to be legitimate, be suspicious. If they ask for a Social
Security number or other personal information, think twice. Hang up and call
the organization's customer service number to double-check.
This variant of the
phishing concept uses text messages to lure you into clicking links that
provide your personal information or download infected apps on your phone.
Don't respond to
text messages or automated voice messages from unknown or blocked numbers on
your mobile phone.
Pop-up ads are
especially bad, since clicking on them could trigger your computer to download
a nasty virus or spyware — software that gathers personally identifiable
information, including email addresses and passwords, from your computer
without your knowledge. The same goes for attachments or links that come in
unsolicited emails or in unsolicited Facebook®, Twitter®
or other social networking messages.
Once a malicious
code is on your machine, it can hijack your computer's operating system, send
spam and malware to other computers, launch unrelenting pop-up ads, or even
record your keystrokes and report back to its controller.
Defend your computer
with anti-virus, anti-spam, anti-spyware and pop-up blocker programs: Also consider researching alternative
browsers that utilize additional security features. Remember, when you're in
unfamiliar territory on the Internet, trust no one.
It may sound
old-fashioned and boring, but theft of devices remains the most common computer
crime because it requires zero know-how to pull off. Tablets are increasingly
popular as they are easily resold on the black market.
To help protect
yourself, use a laptop cable lock whenever possible, and keep important gear
out of sight unless you're using it. Store briefcases in your trunk, not the
passenger seat of your car, and make sure you use strong passwords and
encryption (if available) on all your devices in case they fall into the wrong
©2012 Home Loan State Bank • Member FDIC - Equal Housing Lender
About Us •
Personal Banking •
Business Banking •
Online Banking •
Patriot Act |
2018 Bank Holidays
*Remember to never transmit sensitive personal information through unencrypted email or an unsecured internet connection!*