Security

Jan 25
0

Protect more than data — protect your firm’s identity

Posted by | Articles | No Comments

Data Protection

In this column, we often discuss various means for businesses to protect their own assets. For small businesses especially, it might be easy to imagine assets only as tangible entities: money, employees, equipment and so forth.

But what about protecting the intangible? Even the smallest businesses are storing data digitally. In a greater sense, they are participating in a digital marketplace with websites and social media. And let’s look beyond data. What about protecting a business’s identity itself?

To answer this question, we met with Brad Frazer, a Boise attorney, a partner at Hawley Troxell Attorneys and Counselors, and an expert in all matters related to intellectual property and Internet law. He identified four categories of intellectual property: copyrights, patents, trademarks and trade secrets.

These categories are often confused and misunderstood by business owners, but they are really quite simple to understand.

  • Copyrights give the owner the legal right to exclusive use and distribution.
  • A patent is a set of exclusive rights legally granted in exchange for public disclosure of an invention.
  • Trademarks include logos, brands, labels, signatures, packaging and any other graphical representation of goods or services that can be legally protected.
  • Finally, trade secrets refer to methods, formulas, and procedures that are not available to the general public.

Each of these categories constitutes a business’s identity, yet when most small business owners think of protecting the intangible assets, they think only as far as the data stored on their computers. It’s easy to conceptualize an Excel file containing customer data, or a set of emails stored on an external server. But protecting intellectual property is essential for businesses of every size. Remember, if your business is using the Internet, it is really competing in a global marketplace, and that makes it essential to legally protect your intellectual property.

This protection goes far beyond merely filing trademark and copyright applications. Social media and websites have changed the game when it comes to protecting your brand or business. Anybody with an Internet connection and a handful of change can log on to GoDaddy or Register.com and register a domain name that isn’t in use. (A domain is simply an Internet identifier, such as “custeragency.com,” “nasa.gov,” or “idahostatesman.com.”)

So what happens when somebody decides to take the name of your third-generation family business, register it as a domain and start hosting porn on it? Would that be good for your business identity? What if your biggest competitor grabs it instead?

During our interview, Mr. Frazer gave us some solid advice about registering domain names and social media accounts: “If you don’t, somebody else will.” To extrapolate, he recommends securing at least 20 domains around each trademark held by your business and creating an account on the top 10 social media sites for each trademark.

Creating such a large online presence for each trademark allows legal recourse in the event of intellectual property theft. There really is no excuse for a business to ignore these steps. It might seem like a lot of work, but in reality, it is about an afternoon’s worth of creating free accounts.

Domains are exceptionally cheap, so registering 20 domains might cost a business from $40 to $400 depending on whether the business took advantage of online coupons. Either way, it’s a microscopic investment in preventing someone else from appropriating your company’s identity.

In our next article, we will continue the discussion of intellectual property as it applies to small and medium-sized businesses. In the meantime, take a look at your business’s own online presence. If it’s underwhelming, the least you can do is spend an hour registering social media accounts. Remember: “If you don’t, somebody else will.”

This article originally appeared on the IdahoStatesman website.

Sep 24
0

Protecting human assets (Pt. 2): Be wary of computers marketed to seniors

Posted by | Articles, Series | No Comments

Part 2 of a 2 Part Series

It’s hard enough for the average user to stay safe online.

For those who don’t fall into the tech-savvy demographic, it can become nightmarish.

In this column, Part 2 of our series on protecting human assets in a technological world, we focus on the elderly. While there are plenty of seniors who are passionate about the newest technology, many are content to minimize or eliminate their use of the Internet. A 2014 survey found that while close to 90 percent of millennials own smartphones, the number drops to under 40 percent for those over age 65.

If you try to persuade an elderly relative into getting more connected with technology, understand that your efforts may be a double-edged sword. While you might feel frustrated that your parents can’t see your latest tweet every 10 seconds, it can be dangerous to throw an inexperienced user into the depths of the technological wasteland without the right equipment. Someone just learning to navigate the Internet is a minnow swimming with sharks. The elderly are high-value targets by scammers for this very reason.

The key to getting seniors connected while keeping them safe is to find a happy medium, a device that allows the new user to experience what technology has to offer without creating frustration or danger.

One option is a type of computer designed for the elderly. Companies such as Telikin and The Wow Computer have popped up recently, selling computers with ultrasimplified user interfaces to get seniors performing basic tasks such as sending emails and browsing the web. Telikin claims it’s “the world’s easiest computer.” The Wow Computer advertises that its product is “so easy to use, you won’t have to ask your children or grandchildren for help.”

But do these products do the job? Are they worth the price?

These computers often come in the form of all-in-one touchscreen units with large-print icons designed to make navigation easy. If you want to send an email, you just push the big button that says “E-Mail.” Press “Search” and the user can open a web browser. It’s all reminiscent of a late-’90s AOL interface. It makes basic tasks effortless while preventing the user from feeling that he or she may break something.

What’s under the hood? As it turns out, these machines are similar and share similar prices. The Telikin Elite II holds an MSRP of $1,249. That’s almost as much as a new i7 iMac. If you’re expecting similar components to the iMac, however, think again. The Telikin Elite II comes equipped with an Intel Celeron processor, a 500GB SATA hard drive and a mere 2GB of RAM.

These are extremely low-budget parts for a 2015 computer. A traditional desktop with these same components sells for around $200 at Wal-Mart.

Perhaps the custom operating system justifies the other $1,049? As it turns out, all these machines run versions of Linux, the free open-source operating system used on everything from desktops to DVRs. The manufacturer has simply added a user interface to an existing framework.

On the plus side, Linux is generally extremely secure and has a lower malware risk than Windows or Mac computers. Even so, while these systems may indeed make using the Internet easier for seniors, it’s hard to justify needless spending on old hardware and free operating systems. Everything offered by these machines can be replicated at home for a fraction of the cost.

Because Linux is free, you can legally download your flavor (known as a “distribution”) of choice, burn it onto a CD or DVD, and install it on almost any PC — even one with relatively poor specs. There are even Linux distributions preconfigured for the elderly, such as “Eldy Linux,” which has the very same kind of simplified, large button interface. With a $100 Craigslist, computer and a free copy of Eldy Linux, the same experience of a Telikin can be re-created for next to nothing. Even paying a technology consultant to do the installation is far cheaper than buying a specialized computer for seniors.

Want to try it yourself? The official documentation for Ubuntu, the most common Linux distribution, offers a straightforward tutorial on how to turn a downloaded distribution into a Linux installation disc. Check it out at https://help.ubuntu.com/community/BurningIsoHowto.

A decade ago, today’s world of Internet-connected refrigerators, wireless battery charging, and the ubiquitous social encouragement to publicly share every thought would have felt like the setting of a science-fiction novel. At the turn of the millennium, the worst trap a user could expect to fall into was replying to an email from a foreign prince wanting to share bank accounts. Today malware can automatically install itself onto a computer, silently conduct a wire transfer, and then use that device to hack somebody else — no prince required.

For seniors, a simplified Linux system might be a viable alternative to a traditional computer both in security and user-friendliness. Read beyond the advertising and examine exactly what you’re buying, or you might waste money on a Pinto advertised as a Porsche. Install Linux yourself or hire a competent tech person to do so, and you’ll end up with a better product at a fraction of the cost.

Written in collaboration with Dylan Evans, Reveal’s vice president of operations.

This article originally appeared on the IdahoStatesman website.

 

Aug 20
0

Protecting human assets (Pt. 1): Phones for Kids

Posted by | Articles, Series | No Comments

Part 1 of a 2 Part Series

Safeguarding Kids

Each month in this column, we explore ways to safeguard things that are important to you: your assets. Usually, we focus on intangible assets like your credit card number, your identity and company trade secrets. But when you ask people what is most important to them, their families are usually at the top of the list. Having your credit card number stolen makes for a stressful experience, but it pales in comparison to the feeling of having a child or elderly parent’s safety compromised.

While the digital advancements we see daily can sometimes make life easier, they can also make it more complicated and make the act of maintaining a safe environment far more difficult, especially for parents. As of 2011, one in five elementary school students owned a cell phone. Instead of playing pretend and building sand castles, they are spending recess on Snapchat and Facebook. Many young children are exposed to smartphones as infants; instead of handing their little babies rattles, overstressed mothers are reaching more and more for their phones and tablets.

Arming your 9-year-old with a bright shiny new iPhone might make him the coolest kid on the playground, but it also paints a target on his head for both schoolyard and adult thieves. The expression “taking candy from a baby” becomes far more tempting to a thief when that candy is a $400 toy.

If you’re buying a phone for a child, at least consider what you actually want. Do you just want a reliable means of communication in case of emergency? Non-smart “feature phones” are still widely available from every major carrier, especially for their no-contract plans. These phones come in a variety of sizes and user interfaces: flip phones, Blackberry lookalikes with full keyboards, touchscreens and more. They cost somewhere around $10 for the phone and $25 per month for unlimited minutes. There are no malicious apps to download and no time wasted in class on Facebook.

If you really feel your child needs a smartphone, take precautions. Certain apps have user interfaces more suited to children. A parent sets up the main administrative account, locked with a password, and determines which apps and features the child can use. The phone is then put into a simple mode that allows only those. The appropriately titled “Kid Mode” by Zoodles (a default on newer HTC phones) is the most commonly seen app of this kind for Android devices.

For iPhones and iPads, consider the options in the “Settings” panel. The “Guided Access” option (Settings > General > Accessibility > Guided Access) allows someone to lock a device to allow the use of only a single app. All other features are locked until the user enters the correct PIN. This is useful if you load a game on your own device and hand it to your child.

An even more important collection of settings is found in the “Restrictions” panel (Settings > General > Restrictions). This allows an administrator (such as a parent) to control exactly what the device is and isn’t allowed to do. Parents can disable in-app purchases, control the types of websites that are available through Safari (or disable it altogether), and limit or remove a child’s ability to play games or add friends in the Apple Game Center.

There is one distinct advantage to giving your offspring a smartphone: You now have a GPS tracker on your child, and he or she will never want to leave it behind. Apps like Cerberus, PhoneSheriff, NetNanny and My Mobile Watchdog allow parents to precisely pinpoint a child’s GPS location, listen in on her conversations and intercept her communications.

Having access to this information may seem intrusive, but consider: If your child was communicating with a dangerous individual online, you’d be the first to know. In the horrifying possibility of a child abduction, having access to the phone’s GPS location could mean the difference between life and death.

As with any scientific advancements, smartphone technology can be applied positively or negatively. Parents need to be aware of these options to make educated decisions about how to approach the smartphone issue with their kids.

Notably, many of these same concepts can also be used to help the elderly, including a parent with dementia or failing health. Keeping track of a parent’s location and helping to block bad web content can prevent your parent from getting scammed or being physically injured. A number of technological advancements are marketed directly at the elderly, such as emergency cellphone wristbands, remote monitoring systems for nursing homes, and most interestingly a special type of desktop computer that provides a simplified user interface for the elderly.

These kinds of computers come with a specific set of advantages and disadvantages, and as with all new technology there are many consumer questions that need answered. Are they really useful? Are they worth the money over a standard computer? What are the alternatives? Next month, we will continue our “Human Asset” series by looking at these elderly targeted computers in depth, as well as a handful of alternative solutions.

Written in collaboration with information security expert Dylan Evans, Reveal’s vice president of operations.

This article originally appeared on the IdahoStatesman website.

Jun 16
0

A laptop with company data is stolen. Now what?

Posted by | Articles | No Comments

My client was in a panic.

It was a Friday and I had just wrapped up a case when the phone rang.

“I need to get my laptop back,” he said, conversational formalities left at a minimum. “It has everything. All my company files, all my passwords. Everything.” The man’s voice revealed a cocktail of frustration and anger with a generous twist of helplessness.

He explained the situation in succinct detail. My client had arrived in Boise the previous night on a business trip. After an exhausting day, he managed to drag his luggage up to the fifth floor of his hotel, and all that mattered was getting a few hours of sleep before his morning flight. He inadvertently left one important piece of luggage sitting out in the hallway: his briefcase, containing a company laptop and a notebook with a detailed list of every user account and password he had ever used. It was a security consultant’s nightmare.

Of course, the briefcase had vanished the next morning like smoke in a rainstorm. To make matters worse, the fifth-floor security camera was out of order that night. It seemed almost too convenient and led me first to suspect a member of the hotel staff.

But the briefcase could just as easily have been a target of opportunity. Staff, hotel guests, guests of guests, even a pizza guy could have been a suspect. With the camera out, there wasn’t anything to go on.

Fortunately, the same level of obsessive-compulsiveness that led my client to record his passwords also caused him to write down the serial number of his laptop. Before he called me, he filed a police report, detailing every crack and bump of his missing laptop. If it showed up in a pawn shop, the police would know, but short of that, there wasn’t anything else they could do.

The more I thought about it, the more it made sense that the thief wasn’t a pro. The thief had likely been in the hall, spied the briefcase late at night, and thought he or she could make a quick buck. It wasn’t likely the thief was experienced in fencing stolen goods. To put it simply, the culprit probably wasn’t very smart. Since I knew the laptop’s serial number and model, I turned to the most likely place a less-than-brilliant criminal would try to flip it: Craigslist.

Sure enough, a quick search of the manufacturer turned up an ad posted eight hours earlier. The price was a good $200 under the item’s market value, which told me the seller either had no idea what he or she was selling or wanted to move it quickly. Probably both. A quick phone call later and I had an appointment with the seller in an hour.

The laptop matched the description of my client’s, down to the slightly uneven touchpad and the sticky “3” key. A quick glance at the BIOS – which I explained to the seller was to check the processor speed – revealed the serial number. It was a match, of course. I handed the woman the cash (I had already recorded the serial number of each bill) and went on my way, discreetly recording her license plate number and address. The client had his laptop back. I was sure that once I passed that information along to the police, he’d have his book of passwords back as well – hopefully just in time to feed them into an industrial shredder.

This case is a prime example of why data security is important, especially when traveling. My client’s laptop was password-protected. That was a nice start, but without encryption, it doesn’t mean much to someone with even a modicum of computer skill. It means even less if you keep your laptop bundled with a book of passwords. It’s like taping your house key to your front door with a neon sign that says “OPEN ME.”

Password security is one of the most important concepts in digital security. Any password that needs to be written down might as well never be used at all. Memorization is key and cannot be emphasized enough. Anytime you write down a password, you are risking unauthorized access.

I recommend using a password system that combines, at least, three separate memorable elements, such as a four-digit PIN, an important phrase (possibly spelled backward), and another keyword. For example, if my anniversary is May 25, my dog’s name is Oberon, and my favorite color is green, I may have “05Norebogreen25” as my password. Or maybe I’ll have “GreeNorebo0525.” Come up with a system that works for you.

Had my client’s laptop been encrypted (and not bundled with the password book), he wouldn’t have needed to worry about important company data falling into the wrong hands. Sure, he’d have been out a few hundred dollars, but the larger risk would be mitigated because all data on the hard drive would be unreadable without the password. If his business instituted a companywide encryption policy, the risk would be far less severe.

I managed to recover my client’s laptop – and, more importantly, find the thief – only because he recorded the serial number. It wasn’t recorded because of a company policy, but due to an employee attentive to detail. If a company takes the time to log and categorize its technological devices, the record allows the potential for recovery in the case of theft. A little preventative effort goes a long way.

This article originally appeared on the IdahoStatesman website.

Apr 14
0

Arming your home with security cameras is easy today

Posted by | Articles | No Comments

Security is a difficult product to sell.

Like insurance, it never seems necessary on a good day. Until a driver gets t-boned in the middle of an intersection, the last thing on the driver’s mind is whether or not she has the right kind of coverage.

As a security consultant, I am often called in after a metaphorical crash – a break-in, a digital intrusion, an employee dipping into the till. The common thread among incidents like these is that they are all damage control. Adding cameras or installing a network intrusion detection system won’t prevent the original incident but allows the business to better defend against future threats.

Even when a business is adequately protected, my experience has taught me that the same business owners often neglect protecting their own homes. Thankfully, security does not have to be a luxury item. The security hardware available to the public is more affordable than ever, and the quality of the equipment is unprecedented. You don’t have to hire a security consultant to protect your home. Regardless of your budget, there is almost assuredly a solution at your price point.

A camera system is one of the essential pieces of physical security hardware available, and thankfully it’s easier than ever for a nontechnical person to work with one. To have a working camera system, you will need just two components: the cameras themselves and a digital video recorder (DVR) designed to work with them.

You may be familiar with television DVRs. These are similar. All the cameras tie into the DVR, which operates as a computer and manages to record. Sometimes users will set up certain cameras to record only motion, but the most common configuration is to just let the cameras run all the time.

After the DVR’s hard drive has filled up with video, it seamlessly “rolls over the tape” and starts overwriting the earliest entries. Ideally, the DVR should retain at least 15-30 days of video for residential use, in the case of a break-in or other incident. This allows enough time to back up any relevant footage for law enforcement.

In the past, one of the primary difficulties faced by do-it-yourself security installers was cabling. Each camera had to be hard-wired into the DVR, which meant that homeowners either had to get creative with potentially hundreds of feet of wire or leave their homes looking like a rat’s nest. Crawling around in attics was a bare minimum, and to some that didn’t justify the effort.

Thankfully, that excuse can now be retired. Wireless cameras and DVRs are now commonplace and make setting up a system a breeze. You don’t even need wireless Internet; the cameras and DVR communicate directly using radio, so there’s no need to put on your network engineer hat. In most cases it’s as simple as powering on the cameras and the DVR, and then clicking “add cameras” from within the DVR’s interface. Assuming the cameras are in range, they should start working immediately. (If you’re putting cameras in a 10-story mansion, you may wish to run cable instead because of the distance, but hopefully, you can afford to pay somebody for that.)

An important consideration for DIY security is that the location of your DVR is important. If a thief decides to break in and sees your DVR sitting on the shelf with your Blu-Ray player, you can kiss your footage – and any chance of catching the thief – goodbye. Ideally, the DVR should be in a locked room or cabinet and should not be apparent to the naked eye. Even if the cameras are in plain view, a thief won’t likely spend a lot of extra time hunting for a DVR, although if it’s in plain view you can bet he’ll take it. This is another advantage of wireless systems.

How many cameras do you need? Some homeowners can get by with two while others use 16 or more. This is often dictated by price. A decent-quality wireless DVR with two cameras will run around $500, and the price increases with the number of cameras. Modern DVRs make it easy to add new cameras – especially if you’re wireless – so it’s a perfectly valid approach to start small and work your way up. Homeowners need to ask themselves what needs to be protected, and what angles will allow a positive identification of a bad guy if the worst happens.

Entrances and exits like the front door, back door and garage are essential angles to cover. These might require trial and error to get right. Sometimes the shift in lighting from opening an outside door can cause a person to appear as a silhouette, obscuring any identifying details. Make sure you test your system thoroughly to make sure you can actually see your subjects when that door opens. Other key angles may be locations where valuables are kept, anywhere firearms are stored and children’s bedrooms. Each home has its own needs and challenges. Nobody knows those better than the homeowner.

The most important consideration with your camera system is testing it. It doesn’t matter if you bought ten $2,000 omnidirectional cameras if you forgot to turn the recording on. This sounds silly, but I have seen this time and again even in large corporate environments. Take the time to read the manual to whatever DVR you bought and learn exactly how to determine if you’re recording, and explicitly verify that regularly. Check on your DVR at least once a week to make sure everything is still running and recording.

You might need it someday.

This article originally appeared on the IdahoStatesman website.