United States Computer Emergency Readiness Team

The United States Computer Emergency Readiness Team is a section of Homeland Security that is specifically geared toward addressing cyber attacks and scams. They have excellent information on how to recognize and deal with many of the prevalent issues regarding cyber security. We highly suggest taking a look at their many resources so that you can recognize these threats ahead of time and defend yourself.



USA Today Money | Using Debit vs. Credit

Cyber Security @Home

We all know that feeling of excitement when we get a new electronic device. There’s an almost overwhelming desire to rip open the box, fire it up, and see what it’s capable of. With the holiday season fast approaching, chances are that someone in your home or family will be getting a new gadget. Before, you take off cruisin’ the web, though, it is important to take a few minutes and make sure that your device is properly protected.

It can take several months from the time a shiny new toy was manufactured for it to be boxed up and placed on the showroom floor. Cyber criminals rarely take breaks, so there is a very good chance that many new threats have surfaced since the last time that device was turned on, and even longer since any software was updated.

Software updates may seem annoying, popping up in the middle of a Netflix movie, or eating system resources in the middle of an HD game, but they are critically important to the security of your information. Software updates occur as often as they do and are as nagging as they are because they usually contain ‘patches’ which are meant to fix security vulnerabilities in software that weren’t discovered until after the software was released.

Large software companies like Microsoft, Facebook, and even the U.S. Government hire what are known as ‘Ethical Hackers’ to hunt down, and help them fix, holes in their software security. Though it is great that these companies are concerned about your security, it is a bit of a two-edged sword. By releasing the update, they are letting not-so-ethical hackers know that there was a hole in the defenses. These hackers will then go about looking for machines that have not yet been patched, so that they can take advantage of, or ‘exploit’ that vulnerability.

How Do I Protect Myself?

As we’ve already discussed, letting your computer run those pesky updates is a great first step. You can cut back on the ‘peskiness’ of the updating process by scheduling updates to occur while your computer is not in use, usually overnight. Just make sure to leave your device powered on during that scheduled time.

The next step is to ensure that you have proper antivirus protection in place. Apple and Mac products are currently less vulnerable in this aspect, but it is better to be safe than sorry. Windows and Linux based devices (this includes Android devices), however, should almost always have a quality antivirus installed. There are many great free options available, such as AVG, McAfee (free for Android), and Avast, as well as paid software such as Bitdefender, Norton, and Kaspersky, just to name a few. There’s something for everyone’s budget.

Between, a good update schedule and a robust antivirus, you should have a pretty decent hedge of protection from cyber-attacks, but it is also important to protect yourself against physical threats, such as theft. Thieves are a lot like pack-rats and the newer and shinier the object, the more they want to get their hands on it. So, make sure to set up passwords on your devices. Cell-phones, computers, tablets, and even your wi-fi should all be password protected to help protect your data in case of theft.

Finally, if your device is ever stolen, or you suspect that a hacker has somehow gained access to your personal information, make sure to give your bank (hopefully us!) a call and let us know to watch for suspicious activity on your accounts. If they know about it soon enough, banks can often help minimize or even prevent loss in those situations! 

The Dangers of 3rd Party App Stores

According to sources like the NY Daily News, CNN, and CNET, more than 90% of Americans now own cell-phones, and roughly 50% of those phones are ‘smartphones’, capable of accessing the internet and running small gaming and productivity applications known as ‘apps’. 

With a 90% market penetration, chances are you’ve probably heard all of that before. But just in case, now you know.

As with any widely adopted technology, there always follows a plethora of individuals seeking to misuse said technology for less-than-ethical personal gain.  Companies like Kaspersky Labs, Avast and McAfee who provide mobile antivirus solutions have reported a sharp increase in mobile malware attacks within the last year. These attacks range from stealing and/or damaging private information to hijacking other applications, and even taking complete control over a user’s phone and placing calls, sending SMS messages, turning on the phone’s microphone or cameras, spamming contacts, or simply locking the user out, and holding the device hostage until a ransom is paid. 

When it comes to mobile malware, the attacks are widely varied, and seemingly limited by nothing more than the hacker’s imagination. However, there do seem to be some common threads in the attacks:

1) The majority of mobile malware attacks appear to target Android based devices… by quite a significant margin.

2) Apple devices are rarely infected unless the device is jail-broken.

3) Roughly 99.86% of malicious or infected apps are downloaded from third party app stores (app stores other than iTunes® and Google Play®). And…

4) Mobile Antivirus solutions appear to do a pretty decent job of combating most infections.

These statistics do not mean that everybody should throw their android devices in the garbage and go buy an Apple i-something. In fact, the current estimated infected device percentage for the U.S. Market is still thought to be less than 1%. However, experts agree that this number is growing.

So what should you do?

Exercise caution with your mobile device. If you are going to download an app, try to do it from the recommended app store for your device (such as iTunes® or Google Play®). If you absolutely have to have an app from a third party store, take time to research the app and read reviews on other websites from users who have tried the app. Beware of any deal that sounds too good to be true! If an app costs $29.99 on the app store, and you find it online for free, there’s probably a catch. And finally, consider installing an antivirus app. Studies show that they really do make a difference. And with improvements in technology and coding, battery drain and memory usage are becoming less noticeable with each release.

Refresher: Protect Mobile Data

Be a human firewall!

Laptops, smartphones, tablets, USB flash drives, and even digital cameras can be used to store data. There are two key risks you take when storing data on a mobile device. The first is that you could lose that data if the device is lost, stolen, or damaged. This could include contact information, important files, email messages, and more. The other larger risk is that any sensitive information on the device may be exposed to the public, possibly exposing clients or employees to identity theft or other forms of attack. Such incidents could be covered in the press, becoming a public relations nightmare.

Whenever using a mobile device, follow these best practices:

  • Always use a strong password,
  • Only place sensitive information on a mobile device if it is absolutely necessary, the device can protect it, and the device is approved for business use,
  • If you must store sensitive information on a mobile device, consider encrypting the data, which is a way of electronically locking it. Contact your business' IT administrator for assistance,
  • Backup key data stored on mobile devices regularly and store that data in a secure location, and
  • Be on guard against thieves looking to steal your mobile device and use a cable lock for laptops.

Sharing USB Drives Can Be Risky

All USB devices share a common and potentially harmful flaw. Hackers know that computers are typically set up to listen for what type of USB device is plugged in. This means that criminals can reprogram USB devices to pretend to be something other than what it really is. That device can then be used to spy on you, capture passwords, or do permanent damage to your system. This activity goes undetected by antivirus programs since it is not a running program but actual hardware.

This potential risk is called USB duping and the only complete safeguard against potential infection is to disable USB ports altogether. This practice has already been implemented by the U.S. military in sensitive areas, along with banning all USB drives. Awareness is the most important factor in thwarting an attack of this type, so remember to be wary of strangers asking to charge a cell phone or borrow a USB drive.

5 Common Cyber-Threats (and How to Fight Back)

High-tech threats are everywhere, from the data breaches at retail stores to the Internet security issues like the "Heartbleed" bug that's dominating the nightly news.

But a little knowledge, and common sense, can go a long way toward helping protect you from identity theft and financial loss.


An email that appears to be from your financial institution or another business you deal with asks you to click a link that directs you to a web page that looks legitimate. On this web page, you may be asked to verify personal information, such as your account number, password or Social Security number. The email may include an attachment, which it urges you to open.

Don't bite. It's a scam to snatch your personal data. HLSB and other reputable companies never gather information this way. If you are suspicious of an email from HLSB, forward it to admin@hlsb.com, then permanently delete the message.


Think of this as phishing over the phone — the "v" is for voice. Instead of sending a bogus email, the criminals call you, claiming to be from your bank or another institution you trust, such as the local court system calling about jury duty.

Even if an email or phone call appears to be legitimate, be suspicious. If they ask for a Social Security number or other personal information, think twice. Hang up and call the organization's customer service number to double-check.


This variant of the phishing concept uses text messages to lure you into clicking links that provide your personal information or download infected apps on your phone.

Don't respond to text messages or automated voice messages from unknown or blocked numbers on your mobile phone.

Internet Safety

Pop-up ads are especially bad, since clicking on them could trigger your computer to download a nasty virus or spyware — software that gathers personally identifiable information, including email addresses and passwords, from your computer without your knowledge. The same goes for attachments or links that come in unsolicited emails or in unsolicited Facebook®, Twitter® or other social networking messages.

Once a malicious code is on your machine, it can hijack your computer's operating system, send spam and malware to other computers, launch unrelenting pop-up ads, or even record your keystrokes and report back to its controller.

Defend your computer with anti-virus, anti-spam, anti-spyware and pop-up blocker programs: Also consider researching alternative browsers that utilize additional security features. Remember, when you're in unfamiliar territory on the Internet, trust no one.

Laptop/Phone/Tablet Theft

It may sound old-fashioned and boring, but theft of devices remains the most common computer crime because it requires zero know-how to pull off. Tablets are increasingly popular as they are easily resold on the black market.

To help protect yourself, use a laptop cable lock whenever possible, and keep important gear out of sight unless you're using it. Store briefcases in your trunk, not the passenger seat of your car, and make sure you use strong passwords and encryption (if available) on all your devices in case they fall into the wrong hands.