On November 2017, the US clothes retailer FOREVER 21 announced it has suffered a security breach, the company now confirmed that hackers stole payment card data from its locations throughout the country for several months during 2017. Even if the investigation is still ongoing, FOREVER 21 confirmed the presence of a malware at some point of sale (POS) systems in stores across the US, the malicious code was used at least between April 3, 2017, and November 18, 2017.

The payment made on the company website, forever21.com, were not affected by the incident.

The company explained that it has been using encryption technology since 2015 to protect its payment processes, but the investigation revealed that the encryption was switched off for some POS terminals at certain stores, a circumstance that allowed crooks to install the malware.

“The investigation determined that the encryption technology on some point-of-sale (POS) devices at some stores was not always on. The investigation also found signs of unauthorized network access and installation of malware on some POS devices designed to search for payment card data. The malware searched only for track data read from a payment card as it was being routed through the POS device. In most instances, the malware only found track data that did not have cardholder name – only card number, expiration date, and internal verification code – but occasionally the cardholder name was found.” reads the advisory published by the company.

“The investigation found that encryption was off and malware was installed on some devices in some U.S. stores at varying times during the period from April 3, 2017 to November 18, 2017. In some stores, this scenario occurred for only a few days or several weeks, and in some stores this scenario occurred for most or all of the timeframe.”

Even many of the tools explicitly designed to protect your privacy don’t work quite as well as advertised. Our personal information is eroded through a combination of user information-driven commerce (nearly every company sells your personal data), weak governmental protections, leaky products, hacked records and a society that, in general, feels meh toward privacy in the first place. If you're concerned with the privacy of your business, contact our security experts. The end result is that it isn’t all that difficult for anyone to buy or see your personal information. You don’t have to be a government official with a legal warrant to peer into someone’s life. But just because your privacy isn’t protected by default doesn’t mean you can’t take steps to improve it. Here's how to take back a bit of your private life:

1. Find a safe country that values privacy

It’s good to be in a country that attempts to protect citizens from rampant government spying, at least without legal warrants and judicial oversight. It’s even better to be in a country that at least talks tough about protecting users' individual privacy and places limits on its commercial use.

The European Union’s General Data Protection Regulation (GDPR) is pushing the privacy bar a bit. It impacts any company in the EU or doing business with any citizen in the EU. That’s a lot of coverage. Expect more businesses and countries not in the EU to be moving toward more GDPR-like laws, although you will always have your laggards.

Of course, most of us don’t have the option of simply moving to another, more privacy-embracing country. If that's your situation and if you care about your privacy, be an agent of change. I recommend contributing to any organization that fights for your privacy. Certainly, the Electronic Privacy Information Center (EPIC) and the Electronic Frontier Foundation (EFF) are top organizations with lots of information and a track record of continued hard work and success.

2. Get an anonymizing operating system

Next, you'll need an anonymizing operating system that runs on a resettable virtual machine (VM) running on secure portable media. The portable media device should use hardware-based encryption or a secure software-based encryption program. One of the top products on that list is Ironkey Workspace. It offers good encryption, locks out users who enter too many bad passwords and comes with Microsoft's portable OS, Windows to Go, on several USB key models.

Many privacy advocates prefer a Linux Live distro, such as Tails or ZeusGuard. Live OSes are designed to be booted from removable media for each session, and Tails is one of the best, built for and focused on privacy and security. The U.S. National Security Agency has stated in an internal, leaked presentation that Tails and Live OSes like it are a threat to its eavesdropping mission.

3. Use an anonymous VPN

Next, you'll need to connect to the internet using an anonymous method. The best approach would probably be to jump around different open wireless networks, public or otherwise, as much as possible, rarely repeating at the same connection point. Barring that method, you would probably want to use a virtual private network (VPN) or device built for such purposes. There are literally dozens, if not hundreds, of VPNs that are specifically built to make your internet connection more difficult to identify and track. They do this by replacing your computer’s originating IP address and metadata information with something else. Instead they substitute one of their IP addresses for yours and block your metadata information from traveling to the eventual endpoint. On top of that, many privacy-protecting VPNs also promise not to log your connection, so even if they get a legal search warrant from law enforcement, they will have less data that can assist in identifying you.

You can also consider using a device explicitly designed to protect your privacy, like Anonabox and ProxyGambit. Devices like Anonabox can utilize Tor (covered below) or anonymizing VPN services, which are always on to protect your connection. Devices like ProxyGambit go even a little further. I'll let ProxyGambit describe itself:

ProxyGambit is a simple anonymization device that allows you to access the internet from anywhere in the world without revealing your true location or IP, fracturing your traffic from the internet/IP through either a long distance radio link or a reverse tunneled GSM bridge that ultimately drops back onto the internet and exits through a wireless network you're nowhere near. While a point to point link is possible, the reverse GSM bridge allows you to proxy from thousands of miles away with nothing other than a computer and internet with no direct link back to your originating machine.

If you are truly concerned about your privacy, then consider using a VPN or anonymizing device to protect your internet surfing.

4. Use Tor

Whatever Live OS and internet connection method you use, make sure to go with an anonymizing browser, such as a Tor-enabled browser. Tor is actually an entire system — tools, browsers, APIs and network — dedicated to helping you and your connection remain anonymous.

Once you enter a Tor network path, the traffic to and from your destination will be routed through a random set of "Tor nodes." Although Tor's anonymity can be defeated, it remains one of the best ways to stay anonymous when combined with these other recommendations. You can even buy hardware-based Tor solutions like Anonabox.

5. Don't use plug-ins

It's very important to remember that many of today's browser plug-ins, particularly the most popular ones, leave clues that reveal your identity and location. Don't use them if you want to preserve your anonymity.

6. Stick with HTTPS

When you connect somewhere on the internet, try to use HTTPS. This used to be harder to do, but now the most popular websites use HTTPS by default, and those that don’t can be defeated by using one of the anonymizing VPN services or devices used above. When working with HTTPS, use only handpicked, trusted certificate authorities that don't issue "fake" identity certificates.

7. Avoid the usual applications

Don't install or use normal productivity software, like word processors or spreadsheets. If it’s super popular, they probably don’t care about your privacy. Many "dial home" each time they're started and reveal information. If it’s free and isn’t explicitly designed to protect your privacy, don’t expect any. As computer security guru Bruce Schneier says in his seminal book, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, “If something is free, you’re not the customer; you’re the product.”

8. Set up anonymous burner accounts

You'll need a different password and password question answers for each website where you create a logon account. (Note: these steps are not only for privacy nuts and should already be practiced by everyone.)  The very paranoid will also want to create different email addresses for each website. These "burner" email accounts are expendable and are much harder to trace back to the real you. Use email services that explicitly advertise as being anonymous. You’ll find free and commercial versions. Always connect to them using other anonymity apps and connections, and switch among burner accounts, even when speaking to the same people.

9. Never use credit cards

If you plan to buy anything on the internet, you can't use a normal credit card and stay anonymous. You can try to use online money transfer services such as PayPal, but most have records that can be stolen or subpoenaed. Better, use an e-currency such as bitcoin or one of its competitors. E-currencies are starting to gain widespread validity and are accepted in more and more places every day.  You'll need a bank or service to convert your real money into one of these alternative forms (and to get it back out), but once you're using the currency, buying anonymity is easier to maintain.

The hard work of privacy

Each of these anonymizing methods can be defeated, but the more of them you add to your privacy solution, the harder it will be for another person or group to identify you. Of course, everything you do to protect your privacy causes inconvenience in your online life. Serious privacy advocates don't mind going to this trouble, but most of us aren't willing to do what it takes to accomplish even a modicum of privacy, such as configuring settings in our OS or on social media sites. Most people simply accept the defaults — which rarely protect privacy.

The people who hack and monitor us for a living hope the majority of us will take the easy way out and do little or nothing to prevent our online identities from being discovered, hacked, and revealed. You can be part of the solution.

Personally identifiable information (PII) within corporations is worth millions. This data is even more valuable to malicious actors. I’ve noticed that a majority of corporations rely on consumer apps for communication, cloud storage, and collaboration. Have you ever considered the messaging apps that people in corporations use? According to some statistics in 2017, the biggest instant messaging apps in the world are WhatsApp and Facebook with 1 billion users, QQ Mobile and WeChat with 800 million users, and Skype with 300 million users. Hangouts, Viber, Line, and BBM follow. Lots of users are on multiple platforms as well. In fact, 7 in 10 Snapchat users definitely use another mainstream chat app.

Mainstream applications have been compromised more than once—some through affiliation with government surveillance programs and others through the inspection of privacy watchdogs.

One investigation was conducted by the Electronic Frontier Foundation in collaboration with Julia Angwin of ProPublica and Joseph Bonneau of the Princeton Center for Information Technology Policy. They dubbed it a “Campaign for Secure and Usable Crypto”, a project which started in late 2014 and has continued every year. The EFF, Angwin, and Bonneau are studying mainstream instant messaging apps and publish their results in an easy to understand scorecard table.

The applications have been analyzed according to the same seven criteria. They are as follows:

1. Is the message encrypted in transit?
2. Does the developers hold the encryption keys?
3. Can a user verify identities?
4. If your key is stolen, is your chat messages still secure?
5. Can people research and view the source code?
6. How well is the encryption method documented?
7. Has the application gone through a security audit?

What can we take away from all of this research? Obviously, we can see that many of these mainstream messaging apps are unsecure. Additionally, we can see how the study hasn’t made these apps much more secure. This proves that such apps aren’t fit for handling corporate communications, which is often very sensitive.

Corporations need a robust communication platform for chat, emails, calls, collaboration and file storage that’s encrypted with strong AES-256 with ChaCha20 at minimum and RSA 4096-bit key cryptography. This ensures that messages are sent through secure channels, free from malicious third parties.

A Louisiana man has been arrested on suspicion of involvement in a “Nigerian prince" fraud scheme that defrauded people of thousands of dollars. Michael Neu, 67, faces 269 counts of wire fraud and money laundering after being taken into custody following an 18-month investigation, the Slidell Police Department said in a statement.

Michael Neu, 67 of Slidell, La., was arrested on wire fraud and money laundering charges in connection with a "Nigerian prince" scam, according to the Slidell Police Department.

According to police, Neu acted as a “middle man” for a group of Nigerian scammers, obtaining money and wiring funds to his co-conspirators.

According to the Federal Trade Commission, the scammers operate by posing as Nigerian royalty or high-ranking officials and persuade victims to provide them with financial assistance or personal information to retrieve a fictional inheritance.

Though such scams have become notorious, thousands still fall for them, according to police.

"Most people laugh at the thought of falling for such a fraud, but law enforcement officials report annual losses of millions of dollars to these schemes," Slidell police said in a statement.

“If it sounds too good to be true, it probably is," Slidell Police Chief Randy Fandal said in a released statement. "Never give out personal information over the phone, through e-mail, cash checks for other individuals, or wire large amounts of money to someone you don’t know. 99.9 percent of the time, it’s a scam.”

Police said that their investigation is continuing, but has been hampered by the fact that many of those accused of involvement in the scheme live outside the U.S.

As broadband internet becomes more readily available, an increasing number of devices are being built with sensors and Wi-Fi capabilities. The interconnectedness of these devices has been dubbed the Internet of Things (IoT), and it is changing the way we work, live, and do business. Companies big and small have a lot to gain from embracing IoT devices, and a lot to lose by ignoring their potential. The IoT is about more than "smart" fridges and coffeemakers. In 2016, 5.5 million new things got connected every day, and 6.4 billion connected things came online worldwide, a 30 percent increase from 2015, according to Gartner. By 2020, that figure will reach 20.8 billion. That is a whole lot of connected things.

IoT solutions help small businesses reduce operating costs, better understand their customers, and even launch new products and services. Let's take a closer look.

Increasing efficiency and saving money

Small businesses can save money by using IoT technologies to monitor their use of resources, much like homeowners do, explains Ruben M. Mancha, Ph.D., an assistant professor at Babson College who researches how digital technologies affect business innovation and strategy. For example, the Nest Learning Thermostat personalizes a schedule based on energy usage, automatically turns the temperature down when people leave the office, and connects with mobile phones so you can control it remotely. You can make your office even more efficient with "smart" lights, such as Wemo lights, which are compatible with Nest products and turn off automatically when the thermostat goes into Away mode.

EnerTalk is an energy data analytics platform that connects to a fuse box and measures electricity consumption. Using its app, you can break down energy consumption by device to identify ways to reduce expenditure, such as turning off certain devices at the end of the day or updating old equipment, and estimate monthly utility costs.

Another popular IoT device for small businesses is the connected security camera, says Dr. Mancha. Nest Cam sends an alert to your phone when it detects activity. Canary allows you to sound a siren in your workplace via its app should you detect something suspicious.

Streamline the ordering of office products (or household goods) with Amazon Dash, which syncs to the SKU of products you purchase frequently. Out of paper towels? Simply push the button to trigger a re-order.

Using data to improve the customer experience

"IoT can be a game changer as it delivers unparalleled access to real-time data and analytics, which gives businesses critical insight into their processes," says Arsalaan Kashif, director of marketing, IoT Center of Excellence at Happiest Minds, a global IT company that specializes in emerging technologies.

For example, small business owners use sensors, cameras, and radio-frequency identification (RFID) tags to improve warehouse inventory management. RFID tags are the IOT's take on barcode labels and allow users to more accurately track items. Business owners use handheld RFID readers to scan the tags, which then use radio waves to transmit the data back to warehouse management software. Improvements in inventory management are a good thing for customers, too, as you can then more accurately communicate about shipment statuses.

Business owners can install in-store beacons which use Bluetooth technology to communicate with shopper's mobile phones. Then, companies can serve them personalized content while they shop, such as a coupon based on which aisle they are in. They can also analyze customer behavior by collecting data on how people navigate the store.

Kashif notes that "the next generation of consumers will have been raised entirely on the internet." They are comfortable with technology and expect it to be used to simplify their shopping experience. A popular manifestation of the IoT for small businesses is mobile credit card readers like Square, which transform smartphones and tablets into card readers and improve the customer experience by sending a receipt right to their email address.

How the IoT Facilitates Innovation

For entrepreneurs, the IoT could even mean a new business opportunity. Bttn, a small, button-shaped device, is a versatile hardware interface that supports customer actions, such as accepting orders or messages. Logistics companies use bttns at customer premises to signal a pickup need. Alder & Sound, a small legal firm in Finland, distributes bttns to their customers as a convenient way to reach around-the-clock legal counsel. A small coffee shop roaster in Finland distributes bttns to cafes so they can order more coffee quickly, with a push of the button.

Anglr Labs, a small business based in Western Pennsylvania, uses connected technologies to improve--of all things--fishing! Fishing may seem idyllic, but enthusiasts "spend copious amounts of time planning meticulously, studying their environment, and evaluating different kinds of bait while also ensuring they repeat everything they did when they made a 'big catch,'" explains Kashif. The AnglrTracker attaches to a fishing rod to record factors like location, weather, and water levels. The data is then relayed back to an app where users can analyze and share it.

Safety Considerations for the IoT

The IoT has the potential to help you improve your small business, but you need to keep some security concerns in mind. Before purchasing an IOT-enabled device, be sure you understand what data will be collected and how the device manufacturer plans to protect it. The voracious volume of data that these devices generate is like catnip for cyber criminals, who could steal it and hold it hostage for ransom or use it to run subsequent schemes, such as identity theft. But the onus isn't just on the manufacturer. To protect your devices, consider the following best practices:

• Always use encrypted networks to connect IoT devices to the internet.
• Segment and firewall IoT devices from the rest of your network.
• Perform data backups regularly.
• Perform all recommended software updates.
• Use strong and complex passwords, and do not use the same passwords for every device.
• Look into data breach insurance to protect your business and your data.