Keeping your personal information safe is a must in today’s age of identity theft. While you likely have strong passwords, shred paper documents and keep a close eye on your online banking and investment accounts, you also need to think about the features of your home that could be compromising your confidential data. Our tips for keeping your personal information safe at home will help.

1. Be Mindful When Placing Home Security Cameras

Home security cameras provide a sense of security to homeowners. Many of today’s top models enable you to keep an eye on your home using an app so that you can monitor your home from virtually anywhere at any time. But, if you place your security cameras incorrectly, you put your valuable personal information at risk if hackers manage to access your system.

For example, do not put your home security camera in a location that points toward your home desk or computer screen. Hackers easily could get their hands on your account numbers, Social Security numbers or other confidential data simply by seeing it through the lens of your hacked camera. For personal privacy, it’s also best to avoid putting security cameras in your bedroom or bathroom.

2. Protect Your Home Wi-Fi Network

Virtually everyone has a Wi-Fi network at home with a wireless router. It’s critical for you to protect your home security and personal data from hackers by securing your home network with passwords. Begin by changing the generic username and password that your router came with if you haven’t done so already. It is far too easy for hackers to use generic names and gain access to your system.

Also, change the network name that appears on other people’s smartphones and devices when they are in the vicinity of your network. For instance, manage your privacy by using a name other than your last name or address.

According to PCMag, one of the best ways to protect your personal information at home is to encrypt your wireless router. Go to the security options in your router’s settings and turn on the WPA2 Personal option. Set the encryption type to AES and enter a password, or a network key, for the encrypted Wi-Fi. Keep in mind this password is different from the one you use to connect devices to your Wi-Fi, so make your password a sentence that’s at least 12 characters long. You can use capital and lowercase letters, punctuation, symbols and even spaces!

3. Remember Baby Monitors and Smart Appliances When Protecting Personal Information

The smarter our baby monitors and home products become, the more diligent we need to be about protecting them. After stories about hacked baby monitors were published, parents began to worry about protecting their children and themselves.

Fortunately, companies today offer high-security, password-protected mobile streams to parents’ smartphones to enhance privacy and provide an extra layer of security.

Homeowners also should consider smart appliances when thinking about protecting personal information. Some smart home products are easy to hack, which puts your home Wi-Fi network and confidential data at risk. The best thing you can do is use our previous advice for securing your home network, including disabling the guest network access, consistently changing passwords and creating two different Wi-Fi networks – one for computers, tablets and smartphones and another for smart appliances and devices. You also can disable remote management of your smart devices and only connect them to your network when using them.

You need to secure your personal information just as you secure your home. Lock down your confidential data by keeping home security cameras away from your home desk and computer screens and encrypting and password-protecting your home Wi-Fi network. It’s also important to keep baby monitors and other smart devices in mind when thinking about hacking risks.

The application’s developers, however, might not be of North Korean origins themselves, the security researchers say. They also suggest that the tool could either be only an experimental application or could attempt to trick researchers by connecting to Kim Il Sung University in Pyongyang, North Korea.

Once the discovered installer is run, it copies a file named intelservice.exe to the system, which is often associated with cryptocurrency mining malware. The arguments the file is executed with reveal it is a piece of software called xmrig, a program already associated with wide campaigns exploiting unpatched IIS servers to mine Monero.

Analysis of the file revealed both the address of the Monero wallet and the password (KJU, possible reference to Kim Jong-un) it uses, as well as the fact that it sends the mined currency to the server barjuok.ryongnamsan.edu.kp server. The use of this domain reveals that the server is located at Kim Il Sung University, AlienVault says.

AlienVault's security researchers also discovered that the specified address doesn’t resolve, either because the app was designed to run on the university’s network, because the address used to resolve in the past, or because it is only meant to trick security researchers.

“It’s not clear if we’re looking at an early test of an attack, or part of a ‘legitimate’ mining operation where the owners of the hardware are aware of the mining,” AlienVault says.

The sample was also found to contain obvious messages printed for debugging as well as fake filenames meant to avoid detection. According to the researchers, if the software author is at the Kim Il Sung University, they might not be North Korean.

“KSU is an unusually open University, and has a number of foreign students and lecturers,” the researchers explain.

North Korean attacks focused on Monero mining have been spotted before, such as those associated with Bluenorroff and Andariel hackers, who are generally considered as being part of the Lazarus group. However, AlienVault hasn’t discovered evidence to link the newly found installer to the previous attacks.

“The Lazarus attackers have capable developers, and craft their own malware from a library of low-level code. Given the amateur usage of Visual Basic programming in the Installer we analyzed, it’s unlikely the author is part of Lazarus. As the mining server is located in a university, we may be looking at a university project,” the researchers note.

On the other hand, with the country hit hard by sanctions, crypto-currencies could easily prove highly valuable resources, and a North Korean university’s interest in the area wouldn’t be surprising.

In fact, the Pyongyang University of Science and Technology recently invited foreign experts to lecture on crypto-currencies, and the recently discovered installer might be a product of their endeavors, AlienVault suggests.

An electronic toy-maker has agreed to pay $650,000 to settle charges from the Federal Trade Commission that it collected personal information on hundreds of thousands of children without their parents knowing. VTech Electronics, whose North American operations are based in Arlington Heights, says it did notify parents and the allegations are based on technical provisions of a children’s privacy law.

The company also allegedly failed to protect the data it collected, allowing a hacker to gain access in late 2015, according to the complaint.

The children’s privacy case was FTC’s first involving internet-connected toys, said Tom Pahl, acting director of the FTC’s Bureau of Consumer Protection. It shines a light on the growing market, which is expected to reach $15.5 billion by 2022, up from an estimated $4.9 billion in 2017, according to a report from England-based Juniper Research.

“(This) sends a message to parents,” Pahl said. “Parents should read a company’s privacy practices, make sure that companies get their permission to collect their children’s information and be aware of their other rights.”

Hong Kong-based VTech makes toys such as smart watches and handheld smart devices for kids.

The FTC alleges that the Kid Connect app used with some of VTech’s toys collected information on children without notifying parents or getting their consent. That practice is required for children under age 13 by the Children’s Online Privacy Protection Act.

VTech also collected information from parents via its online platform Learning Lodge Navigator, where the Kid Connect app was available for download. As of November 2015, parents had registered and created accounts with Learning Lodge for almost 3 million children, including about 638,000 Kid Connect accounts.

VTech spokeswoman Kaleigh Steinorth said the company did give notice and get parents’ consent and designed Kid Connect in a way that ensured parents knew how the system worked and what information would be collected.

The allegations were based on technical requirements of the Children’s Online Privacy Protection Act regarding how parents must be notified “and how companies must verify that the consenting person is the parent,” she said in an email. “We have taken steps to ensure compliance with these technical requirements,” Steinorth said.

The Consumers Union, a nonprofit organization that does product testing and research, has asked the FTC to look into privacy and security concerns related to smart and connected toys.

“Parents have a right to know and a right to choose how their children’s personal data is collected,” Katie McInnis, technology policy counsel for Consumers Union, said in a statement.

The FTC launched its investigation in late 2015 after the hacker gained access to VTech’s networks, exposing the information, photos and audio of Kid Connect users. The FTC also alleged that VTech falsely stated in its privacy policy that personal information would be encrypted when it was not.

As part of the settlement, VTech is required to put a data security system in place that will be subject to independent audits for 20 years.

“There’s not a consistent practice over time of companies making sure they are always staying one step ahead of the hackers,” Pahl said. This settlement will help “to make sure that kind of program they develop is in place and works.”

Worried your business may be at risk? Contact us for a free security assessment! Florida officials say hackers may have accessed the personal information and medical records of up to 30,000 Medicaid recipients two months ago.

The state's Agency for Health Care Administration said in a Friday evening news release that one of its employees "was the victim of a malicious phishing email" on Nov. 15, and on Tuesday, agency leaders were notified about the preliminary findings of an Inspector General investigation. It found that hackers may have partly or fully accessed the enrollees' full names, Medicaid ID numbers, birthdates, addresses, diagnoses, medical conditions and Social Security numbers.

The agency said it "has no reason to believe" this information has been misused, but enrollees can call an agency hotline at 844-749-8327.

Meanwhile, the agency said it's training all employees on proper security protocol.

Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years.

What are Spectre and Meltdown?

In short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information.

Both attacks abuse 'speculative execution' to access privileged memory—including those allocated for the kernel—from a low privileged user process like a malicious app running on a device, allowing attackers to steal passwords, login keys, and other valuable information.

Protect Against Meltdown and Spectre CPU Flaws

Some, including US-CERT, have suggested the only true patch for these issues is for chips to be replaced, but this solution seems to be impractical for the general user and most companies.

Vendors have made significant progress in rolling out fixes and firmware updates. While the Meltdown flaw has already been patched by most companies like Microsoft, Apple and Google, Spectre is not easy to patch and will haunt people for quite some time.

Here's the list of available patches from major tech manufacturers:

Windows OS (7/8/10) and Microsoft Edge/IE

Microsoft has already released an out-of-band security update (KB4056892) for Windows 10 to address the Meltdown issue and will be releasing patches for Windows 7 and Windows 8 on January 9th.

But if you are running a third-party antivirus software then it is possible your system won’t install patches automatically. So, if you are having trouble installing the automatic security update, turn off your antivirus and use Windows Defender or Microsoft Security Essentials.

"The compatibility issue is caused when antivirus applications make unsupported calls into Windows kernel memory," Microsoft noted in a blog post. "These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot."

Apple macOS, iOS, tvOS, and Safari Browser

Apple noted in its advisory, "All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time."

To help defend against the Meltdown attacks, Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2, has planned to release mitigations in Safari to help defend against Spectre in the coming days.

Android OS

Android users running the most recent version of the mobile operating system released on January 5 as part of the Android January security patch update are protected, according to Google.

So, if you own a Google-branded phone, like Nexus or Pixel, your phone will either automatically download the update, or you'll simply need to install it. However, other Android users have to wait for their device manufacturers to release a compatible security update.

The tech giant also noted that it's unaware of any successful exploitation of either Meltdown or Spectre on ARM-based Android devices.

Firefox Web Browser

Mozilla has released Firefox version 57.0.4 which includes mitigations for both Meltdown and Spectre timing attacks. So users are advised to update their installations as soon as possible.

"Since this new class of attacks involves measuring precise time intervals, as a partial, short-term mitigation we are disabling or reducing the precision of several time sources in Firefox," Mozilla software engineer Luke Wagner wrote in a blog post.

Google Chrome Web Browser

Google has scheduled the patches for Meltdown and Spectre exploits on January 23 with the release of Chrome 64, which will include mitigations to protect your desktop and smartphone from web-based attacks.

In the meantime, users can enable an experimental feature called "Site Isolation" that can offer some protection against the web-based exploits but might also cause performance problems.

"Site Isolation makes it harder for untrusted websites to access or steal information from your accounts on other websites. Websites typically cannot access each other's data inside the browser, thanks to code that enforces the Same Origin Policy." Google says.

Here's how to turn on Site Isolation:

• Copy chrome://flags/#enable-site-per-process and paste it into the URL field at the top of your Chrome web browser, and then hit the Enter key.
• Look for Strict Site Isolation, then click the box labelled Enable.
• Once done, hit Relaunch Now to relaunch your Chrome browser.

Linux Distributions

The Linux kernel developers have also released patches for the Linux kernel with releases including versions 4.14.11, 4.9.74, 4.4.109, 3.16.52, 3.18.91 and 3.2.97, which can be downloaded from Kernel.org.

VMware and Citrix

A global leader in cloud computing and virtualisation, VMware, has also released a list of its products affected by the two attacks and security updates for its ESXi, Workstation and Fusion products to patch against Meltdown attacks.

On the other hand, another popular cloud computing and virtualisation vendor Citrix did not release any security patches to address the issue. Instead, the company guided its customers and recommended them to check for any update on relevant third-party software.