5 Security Spring Cleaning Tips for the Home Office

It might not seem it, but it's officially spring! Wherever you live, if you run and manage a home office, now’s a good a time to do some spring cleaning so your devices are less vulnerable to malware and potential threats.

1. Keep all your systems up to date

Running updates has become a mantra for security managers, but it's the simplest and most practical thing a home user can do. By running updates, we're talking about doing the updates for the operating system and all applications, not just Microsoft Office. The way the industry has progressed, most of the updates today are security-related, so be sure to run the updates when your computer prompts you to run them. It's also important to run frequent security scans. At least once a month run a full system scan, not just a scan of critical areas. It may take several minutes, but it's well worth it.

2. Clean out the cache on your computer

Look at what's on your cache and just clean it out. You'll get better web browsing performance and there's no reason to keep things piling up for months and months in your cache, where malware can hide. The other point to consider is that once you clean out the cache, you will be visiting the most up-to-date version of that website, so assuming that the site practices security hygiene it will also be more secure.

3. Clean out the cookies

In the wake of all the bad news surrounding privacy lapses at Facebook, this point has become especially important. Check your browser for cookies and either delete them selectively or delete them entirely. It's really important for you to have insight on who has data about you.

4. Update passwords and consider two-factor authentication

For years, security experts told people to use numbers for vowels in certain places as well as symbols, but in the past year NIST advises that people use passphrases. A longer passphrase is better than a tricky password with numbers and symbols. Use a passphrase that's unique to you and something you can remember. It can be the opening line to a favorite song or poem, but the more unique it is to you, the more secure. And especially for personal banking sites, sign up for two-factor authentication. Most banks today will offer an option where you get a unique PIN number or passcode every time you log on. Use it.

5. Check your router

Home office users should periodically change the password on their routers. And if the router is more than two or three years old, ask your provider if you can swap it out and get a dual-band router. You’ll get the benefit of faster, more reliable data transmission, plus the router will have the latest security firmware updates.

Unpatched Vulnerabilities the Source of Most Data Breaches

Nearly 60% of organizations that suffered a data breach in the past two years cite as the culprit a known vulnerability for which they had not yet patched.

Half of organizations in a new Ponemon Institute study say they were hit with one or more data breaches in the past two years, and 34% say they knew their systems were vulnerable prior to the attack. The study surveyed nearly 3,000 IT professionals worldwide on their patching practices.

Patching software security flaws by now should seem like a no-brainer for organizations, yet most organizations still struggle to keep up with and manage the process of applying software updates.

"Once a vuln and patch are announced, the race is on," he says. "How fast can a hacker weaponize it and take advantage of it" before organizations can get their patches applied, experts say.

Most of the time, when a vuln gets disclosed, there's a patch for that. Some 86% of vuln reports came with patches last year, according to new data from Flexera, which also tallied a 14% increase in flaws compared with 2016.

The dreaded zero-day flaw that gets exploited prior to an available patch remains less of an issue, according to Flexera. Only 14 of the nearly 20,000 known software flaws last year were zero-days, and that's a decrease of 40% from 2016.

Even so, organizations typically first must undergo a patching rollout process, which includes testing out a patch before going live with it. Nearly three-fourths of organizations recently surveyed by 0patch say they worry that software updates and patches could "break" their systems when applied. Then there are the usual challenges of any downtime, legacy system patching, and compatibilities with existing applications and operating systems.

And according to the findings in the Ponemon report, most organizations believe adding more staff is the solution to their patching problems: 64% plan to hire additional dedicated staffers to support their patching operation in the next 12 months, which represents a 50% increase in headcount for half of those organizations.

About 37% of the breached organizations say they don't even scan for vulnerabilities. "That was one of the most surprising results. In order to detect vulnerabilities, you need to scan for them".

We recommend that organizations assess the effectiveness of their vulnerability response process; prioritize patching based on risk of exploitation; unite security and IT staffs so they have a common view of vulnerabilities and IT configuration data; automate as much of the process as possible; and retain existing staff with a "high-performance" and optimized operation.

You’re Slowing Down Your PC: 4 Common Mistakes & What to Do Instead

Why is my computer so slow? This is the single most common complaint among computer users across the world.

The way you use your computer can either prolong the life and performance of your computer, or it can contribute to the slowdown problem. To determine which kind of user you are, and how to change what you’re doing wrong, read on.

Why Do Computers Slow Down?

  • Running low on available RAM
  • Lack of reboots
  • Malware
  • Poor maintenance
  • Temp file bloat
  • Viruses

Let’s look at how your own behavior is contributing to each one of these causes.

1. Installing Too Many Applications

There’s nothing wrong with installing software, but every application you install consumes precious computer resources in some way.

During the installation process you should make sure that when you’re asked if the software can run in the taskbar (or as a service), you select No unless that’s really a feature that you need.

The problem with allowing software to run “in the background” is that every software that does this consumes a little bit of available RAM.

You can view the top RAM hoarding applications by opening Task Manager and sorting processes by memory.

if you see a bunch of running applications you don’t recognize, then it’s possible you’ve been installing too many applications without giving it much thought.

It may not be a bad idea to uninstall the applications you never use.

2. Never Rebooting

There are a lot of people who never turn their computers off. In most cases, it’s to save time the next time they want to use the computer. Unfortunately, rarely rebooting a computer contributes to slowdown issues.

Restarting your computer is good for your computer’s health for the following reasons:

  • Flush RAM: Most modern computers manage RAM efficiently, but restarting your computer flushes out RAM and lets your computer start with a blank slate. This helps it run more efficiently.
  • Fix Memory Leaks: Some applications (usually freeware written by inexperienced programmers) have glitches that lead to slow memory leaks. A memory leak is RAM utilized by the software but never released back to the computer. Restarting your computer kills that process and releases RAM back to the computer to use again.
  • Updates and Diagnostics: By default, your computer receives and installs Windows updates when you restart. If you never or rarely restart, you could be running a computer that lacks important security patches or OS fixes.

Users who rarely restart their computers are usually the same users who complain that their computer is running slowly.

Do yourself a favor and shut down your computer every night. Not only will it keep your computer running fast, but you’ll also save electricity too.

3. You Aren’t Maintaining Your Computer

One of the most common reasons for the slowdown of older computers is either hard drive fragmentation, hard drive failure, or corrupt system files.

Disk Drive Fragmentation

Over time, the hard drive can get so fragmented with very few open, consecutive blocks of memory that it takes the OS much longer to store or obtain data. You can prevent this from happening by ensuring your hard drives don’t get too fragmented.

On Windows 10, this is very easy to do. Click on the Start menu, and type the word defrag.

Click on Defragment and Optimize Drives.

If your computer is set up properly, you should see that defragmentation and optimization is done automatically on a regular schedule.

If this isn’t On, then click on Change settings, and make sure you have it set up to run on a regular schedule.

Also, if it wasn’t set up to run regularly, it wouldn’t be a bad idea to click on Analyze to see just how badly fragmented your drives are.

4. You Never Clean Up Temp Files

Whenever I have a friend who says their computer is running slow, the first place I always check is temporary file locations. There are three main areas where files get cached over time.

To delete temporary files:

  1. Search for Disk cleanup from the taskbar and select it from the list of results.
  2. Under Files to delete, select the file types to get rid of. To get a description of the file type, select it.
  3. Select OK.

If you need to free up more space, you can also delete system files:

  1. In Disk cleanup, select Clean up system files.
  2. Select the file types to get rid of. To get a description of the file type, select it.
  3. Select OK.

A New Way to Report Tax Identity Theft

Identity theft is hard enough. That’s why we keep working to make recovering from it easier. It’s also why we’re happy to let you know about an innovative project by the FTC and IRS that lets people report tax-related identity theft to the IRS online, using the FTC’s IdentityTheft.gov website to file IRS Form 14039.

Tax-related identity theft happens when someone uses your stolen Social Security number (SSN) to file a tax return and claim your refund. You might find out about it when you try to e-file — only to find that someone else already has submitted a return — or when the IRS sends you a letter saying it has identified a suspicious tax return that used your SSN. That’s when you’ll need to file an IRS Identity Theft Affidavit (IRS Form 14039), so that the IRS can begin resolving your case.

Now, you can report to the IRS through IdentityTheft.gov. It’s the only place you can submit your IRS Form 14039 electronically. Here’s how it works: IdentityTheft.gov will first ask you questions to collect the information the IRS needs, then use your information to populate the Form 14039 and let you review it. Once you’re satisfied, you can submit the Form 14039 to the IRS through IdentityTheft.gov. Download a copy for your own records, too. About 30 days later, the IRS will send you a letter confirming it received the information.

While you’re at IdentityTheft.gov, you’ll also get help making an identity theft recovery plan, with guidance including how to place a fraud alert on your credit files, check your credit reports, and take other steps to stop the identity theft from harming other of your accounts. IdentityTheft.gov also will help you resolve other identity theft problems.

Remember, though — filing the Affidavit doesn’t eliminate the need to pay your taxes. If you couldn’t e-file your tax return, you’ll still need to mail it to the IRS and pay any taxes you owe.

New Android Malware Secretly Records Phone Calls and Steals Private Data

Security researchers at Cisco Talos have uncovered variants of a new Android Trojan that are being distributed in the wild disguising as a fake anti-virus application, dubbed "Naver Defender."

Dubbed KevDroid, the malware is a remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls.

Talos researchers published Monday technical details about two recent variants of KevDroid detected in the wild, following the initial discovery of the Trojan by South Korean cybersecurity firm ESTsecurity two weeks ago.

The most recent variant of KevDroid malware, detected in March this year, has the following capabilities:

  • record phone calls & audio
  • steal web history and files
  • gain root access
  • steal call logs, SMS, emails
  • collect device' location at every 10 seconds
  • collect a list of installed applications

How to Keep Your Smartphone Secure

Android users are advised to regularly cross-check apps installed on their devices to find and remove if any malicious/unknown/unnecessary app is there in the list without your knowledge or consent.

Such Android malware can be used to target your devices as well, so you if own an Android device, you are strongly recommended to follow these simple steps to help avoid this happening to you:

  • Never install applications from 3rd-party stores.
  • Ensure that you have already opted for Google Play Protect.
  • Enable 'verify apps' feature from settings.
  • Keep "unknown sources" disabled while not using it.
  • Install anti-virus and security software from a well-known cybersecurity vendor.
  • Regularly back up your phone.
  • Always use an encryption application for protecting any sensitive information on your phone.
  • Never open documents that you are not expecting, even if it looks like it's from someone you know.
  • Protect your devices with pin or password lock so that nobody can gain unauthorized access to your device when remains unattended.
  • Keep your device always up-to-date with the latest security patches.