We must stay vigilant about security.

During the past few years, the Internet of Things (IoT) has become one of the hottest movements of our time. Although many technology trends and buzzwords come and go overnight, it’s clear that the IoT is here to stay. Almost half of the world's population is online, and technology is a deeply integrated part of our lives. Smart thermostats regulate our business and household temperatures, connected cameras watch over our homes and pets, online TVs and speakers respond to our every need, and intelligent devices constantly monitor our health.

According to Gartner, the number of world-wide Internet connected devices will grow to 11.4 billion by 2018. It’s a phenomenal trend that will continue to spread until human and machine connectivity becomes ubiquitous and unavoidably present.

Of course, anything that develops this rapidly will bring a lot of growing pains, and the IoT is no exception. Security hazards are one of the largest concerns. The market has emerged so quickly that manufacturers have hastily created insecure products in their rush to bring goods to market. Security has received very little, if any attention. Despite this lack of security and the inherent dangers it brings, we continue to buy and deploy these smart gadgets. As Amy Webb, futurist and CEO at the Future Today Institute proclaims: "Technology can be like junk food. We'll consume it, even when we know it's bad for us.”

There’s little doubt that the growth of insecure IoT devices will increase fraud. We’ve already seen numerous attacks against point of sales terminals and ATM machines. Recently, we witnessed how self-propagating malware can infect IoT devices in mass. In October 2016, nearly 150,000 smart security cameras were infected with malware as part of the Marai attack. In that particular assault, the compromised cameras launched a denial of service attack against the internet’s backbone, but the target could just as easily have been financial service organizations.

Today’s cybercriminals are organized, smart, and well equipped. They have the funding and resources to infect millions of IoT gadgets with disruptive mechanisms, spyware, password snatchers, legitimate device imitators, and a host of other nasty contraptions.

The only way to effectively protect ourselves is to stay continually vigilant and stay up to date with the latest knowledge and the most advanced security and fraud prevention tools.  The threats are dramatically changing, and if we want to minimize our risks of being attacked, we must be willing to change and adapt as well.

Source: Network World

A security lapse exposed the PINs of approximately 6 million Verizon customers.

If you're a Verizon customer who's called customer service in the past six months, it's probably a good idea to update your PIN, or the four-digit billing password that protects your account from people trying to impersonate you over the phone.

An Israel-based company called Nice Systems, a Verizon partner, reportedly exposed as many as 14 million records of subscriber calls on an unprotected Amazon S3 storage server, downloadable by anyone with the server's web address. The records show the subscriber's name, phone number, and account PIN. Security firm UpGuard detailed exactly what data was vulnerable in a recent blog post.

Verizon claims that no loss or theft of customer information occurred. In a statement emailed to BuzzFeed News, a Verizon spokesperson said the leaked dataset included the information of approximately 6 million subscribers. "Verizon is committed to the security and privacy of our customers. We regret the incident and apologize to our customers," the statement said.

Why is that bad?

That last bit of data — the security PIN — is especially sensitive information, as it would grant anyone with the four digit number access to your Verizon account. Verizon representatives use this account code (which, BTW, is different than the code you use to access your smartphone) to verify a customer's identity during a customer service call.

With this PIN, hackers can more easily gain access to online accounts (email, social media, banking, etc.) protected by two-factor authentication, which requires a code typically provided by text message in addition to a password.

Hackers would be able to call cell providers, impersonate the user, and change the SIM card on record to their own (which is what happened to Black Lives Matter activist DeRay Mckesson, when his Twitter account was hacked last year). This method of attack essentially reroutes the security code to another device, allowing hackers to bypass two-factor authentication for any account with it enabled.

I'm a Verizon customer, what should I do?

The first thing you should do is change your account PIN, just in case. You can never be too careful with your online privacy. Call customer service at (800) 922-0204, visit a retail store with government identification, or go to vzw.com/PIN. Note that the code *can't* be the last four digits of your Social Security number or cell number.

If you've reused that same PIN for other accounts, make sure you update those, too. It's best to keep all of your PINs unique. Those who have trouble remembering all of their PINs can store them safely in a password manager like Last Pass and Dashlane.

Source: Nicole Nguyen

Nebula Consulting is now an official authorized dealer for Siedle Security Systems. Siedle secures homes and buildings with precisioned technological mastery and uncommon elegance. For over 70 years, Siedle has designed high-end commercial and residential security systems featuring anti-burglary, card access, IP intercoms and closed circuit TV providing secure video door IP intercom functions. Click here for more info. Commonly known as the Mercedes of Intercom systems, Siedle's custom solutions are perfect for apartment & condominium complexes, video gate door access systems, parking garages, hotels, hospitals, and commercial buildings. If you are looking for a high-end, modern solution, Siedle is the perfect solution.

Covering all of New England, we claim the largest territory of any Siedle dealer in the area. For a free consultation, call a security engineer today at 617-477-2337 or email us at info@nebulanewengland.com.

The internet can be a dangerous place, particularly when sensitive personal information, such as medical records, are involved. One such internet-based crime is medical identity theft, which can become a living nightmare for unlucky victims. One of the most common problems associated with this kind of ID theft is having your credit rating damaged. If your medical information is tampered with, you may encounter life-threatening consequences when you access medical care and possibly end up with thousands of dollars in medical bills.

We hope this never happens to you, but here are some medical identity theft detection and prevention tips – just in case.

Medical Identity Theft – What Is It? Medical identity theft occurs when someone uses your personal health-related information without your knowledge or consent for acquiring medical treatment, submitting claims or obtaining goods and services. These thieves target personal information including your name, Social Security number (SSN) or health insurance ID.

How to Detect Medical Identity Theft The easiest way to stay vigilant when it comes to medical identity theft is to regularly check your medical purchase history. Take a visit to the hospital where you get your medication and ask if any purchases were made on your account. You don’t need to do this all the time, but check when you have a suspicion that your identity has been compromised. Also, don’t throw away receipts so that you can keep track of your purchase history.

The Three Main Sources of Medical Identity Theft

1. Hackers: There are people who earn money by selling personal and medical information to those who want to use another person’s identity to obtain medical goods and services. Additionally, the recent increase in the prevalence of electronic health records, or EHRs, is giving these hackers a greater chance of illegally accessing private information.
2. Friendly Fraud: This threat occurs when a family member or a friend illegally uses the identity and medical information of another person. Studies show that approximately 33-50 percent of all medical identity theft is committed by victims’ family members or friends. Friendly fraud may also occur when an employee gives out a plan number or insurance card in an attempt to help a friend in need.
3. Providers: Identity thieves may come in the form of dishonest staff from the offices of healthcare providers, including doctors, nurses, receptionists, technicians or other individuals. These criminals steal your private information with the intention to sell what they have gathered to those who will assume the victim’s identity. They can also use your information to fool insurance companies into paying out false claims.

How to Prevent Medical Identity Theft Preventing medical identity theft may not be as difficult as it seems. Besides keeping your information as secure as possible, your best defense is to always be vigilant and review your bills, medical records and insurance information carefully. Here are several tips you can follow to help prevent medical identity theft:

• Watch your medical records for accuracy. Check all your mail, email and records related to your healthcare. Review statements and other communications from your healthcare providers and insurance company closely, checking for any strange or suspicious items and services. In many cases, identity thieves may accidentally add their own information to your records. Monitoring your own medical history is an ideal way to nip thefts in the bud.
• Keep your information secure. Make a point to share as little personal data as you can. The less information you give out, the less there is to be used against you. Sometimes, sharing sensitive information is not necessary, so only give this kind of data on a need-to-know basis. It’s always a good idea to flat out ask if information such as your driver’s license, SSN and date of birth are really required to process you as a patient. Lastly, always be careful about storing your medical information, whether digital or physical, and take the necessary steps to keep it from leaking.
• Learn to spot phishing emails. Phishing is an illegal practice where unauthorized persons attempt to trick individuals into revealing private information, such as passwords, SSNs, credit card and bank account numbers. This is accomplished by installing malware on your connected devices or send legitimate-looking emails claiming to be from reputable companies. Learn to spot phishing emails by verifying the email address from which the email was sent. After clicking on a link provided by an email, ensure that the domain in the address field is the same company you believe you’re dealing with. When in doubt – if something looks suspicious – ignore or delete it.
• Avoid using public WiFi. Public WiFi can be notoriously unsafe. However, people still choose to use it and put themselves at risk. Know that any time you access information via a public network, anyone else using the service can see the information you are sending. The sites you visit, the text you send and your login information are all put on display for identity thieves to see. It’s best to avoid using these networks and/or limit your use to casual browsing without entering sensitive information. In instances when you absolutely need to log in to a public wireless network, be sure that your firewall is turned on and you have up-to-date malware protection. You can also consider using a virtual private network (VPN).

Millions of people are faced with the threat of medical identity theft on a day-to-day basis. If you become a victim, the repercussions may be devastating to both you and your family. As soon as you notice something that isn’t right, it’s best to resolve the issue immediately. Always remember these safety precautions to help decrease the chances of these security breaches.

Source: NCSA

As of July 2017, Nebula Consulting is an an authorized dealer for Hanwha Samsung Security Surveillance products. Hanwha Techwin, formerly Samsung Security, is a surveillance company that specializes in IP-based & CCTV security cameras, network video recorders, digital video recorders and advanced surveillance analytical software. For more info, check out our product listings: https://nebulanewengland.com/surveillance.php

Video surveillance is essential for businesses as it protects the company, protects the employees and increases productivity. Our engineers will analyze the requirements and design a solution that best fits your environment. Our IP-based solutions integrate with your existing infrastructure, significantly reducing cost. Security feeds can be securely accessed via your phone, tablet or computer - from anywhere in the world! Our business is designed around cyber security - we will ensure your security feeds are private and secure.

Nebula Consulting will ensure your company and customers are safe so you can focus on what you do best - running your business. Call a security engineer today at 617-477-2337 or email us at info@nebulanewengland.com.