The Internet—one of history’s greatest inventions—is also one of history’s greatest platforms for crime. Here are ways things can go very wrong with the Internet of Things.

Med-hacking. Researchers have hacked many medical devices. Though it apparently hasn’t happened in the real world, yet, but it looks like it’s only a matter of time before medical equipment becomes hacked, such as automatic insulin pumps and pacemakers. The FDA is quite new to looking into this potential.

Sauna house. It’s possible for a hacker, if not currently, then in the near future, to get into your connected thermostat and kick it up to 120 degrees. Yes, it’s great to control the thermostat when you’re away from home…but someone else who has too much time on his hands might think that’s great, too!

Smartphones. Maybe one day it will be smarter to go back to the dumb phone. At least a dumb phone can’t be used by a hacker to turn things upside down for you, such as getting ahold of your financial account numbers or sensitive photos.

Your printer can get hacked. Someone could remotely bust into it and view your documents. A crook can infect your home printer with a Trojan to not only spy, but install malware. And if your printer is potentially a target for hackers, imagine what else around your house could be, such as your router and any other gadget that’s connected to the Internet.

From carjack to car-hack. A connected car can be hacked via its wireless enabled radio, with commands then going to the steering wheel or brakes. Know any computer geniuses who hate you and know your car is connected?

Satellite airline equipment is vulnerable to malicious invasions; this has potential repercussions to the communications involving airplanes and ships. This kind of hacking can go as far as tricking a plane to redirect its course.

The TSA carry-on baggage scanner can be hacked into and then used to get weapons past TSA checkpoints. There’s even a feature that can show fake images on the X-ray screen.

So, don’t worry about any of this. But DO something about it. At a minimum lock down your wireless with encryption. Routers come with WPA/2 security and it should be activated. Otherwise deploy antivirus, antispyware, antiphishing and a firewall.

Worms. Most of us probably think of them as those squirmy invertebrates we dissected as a kid or found on the sidewalk after a storm. You might have used them as bait for fishing (not phishing), to pull a prank or have even eaten them (no judgment).

Whether you like worms or not, there’s one kind of worm that definitely isn’t your friend—the computer worm. This kind of worm is a computer program that can replicate and send copies of itself to other computers in a network. Worms are considered a subset of viruses, but unlike viruses they can travel without any human action.

Most worms are designed to exploit known security holes in software, although some spread by tricking Internet users. Mass-mailing worms, for instance, spread via email or instant message (IM). They arrive in message attachments and once you download them the worm silently infects your machine. Peer-to-peer (P2P) networks are another avenue for worms: cybercriminals upload infected files with desirable names to entice users into downloading them. And once you download the file your computer is infected.

Once your machine is infected, the worm can corrupt files, steal sensitive information, install a backdoor giving cybercriminals access to your computer, or modify system settings to make your machine more vulnerable. They can also degrade your Internet connection and overall system performance.

The good news is there are steps you can take to keep your computer from being infected:

Don’t download or open any files on P2P sites.
• Since some worms now have a phishing component—meaning that they try to trick users into running the malicious code—do not click on links in unexpected emails and IMs, or download attachments connected to them.
• Use comprehensive security software, like McAfee LiveSafe™ service, with a software firewall to block unauthorized traffic to and from your computer. Make sure to keep your security software updated.

If you fear that your machine is already infected, immediately run a security scan.

Of course, given the fast-moving nature of Internet worms, your best bet is to be cautious and take steps to avoid getting infected in the first place.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  

Ever wonder just how hackers bust into systems and cause destruction? One reason is because people are still using weak passwords. While your pet’s name and wedding anniversary dates are easy to remember and sentimental to use, this approach makes a hacker’s job all too easy. Here are 10 things you should know about passwords.

1. Never use the same password more than once, because if that account is hacked, and that password is for three other accounts, you’ll get quadruple-hacked.
2. Think of a memorable phrase, then abbreviate it, such as, “My all time favorite movie is Jaws which I’ve seen 19 times.” The password would then be: MatfmiJwis19t.
3. Don’t stick to just letters and numbers. A “character” can be any number of signs. For an even stronger password, add some random characters: MatfmiJ&wis19t!
4. The “dictionary attack” is when a hacker applies software that runs through real words and common number sequences in search of a hit. So if your password is 8642golfer, don’t be surprised if you get hacked.
5. A super strong password may be 12 characters, but not all 12 character passwords are strong. So though 1234poiuyzxc is long, it contains a number sequence and keyboard sequences. Though longer means more possible permutations, it’s still smart to avoid sequences and dictionary words.
6. Another tip is to create a password that reflects the account. So for instance, your Amazon account could be MatfmiJ&wis19t!AMZ.
7. Opt for sites that offer two-step verification. A hacker will need to have possession of your phone or e-mail account in order to use your password, because two-step requires entry of a code that’s sent to your phone or e-mail.
8. If you struggle to remember your passwords, you can store them in a cloud where there’s two-factor authentication. But don’t stop there; preserve your passwords in hardcopy form.
9. A password manager will make things much easier. With one master password, you can enter all of your accounts. Google “password manager”.
10. Don’t check the “remember me” option. Having to type in your password every single time means added protection.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

IDC, an IT analyst firm, estimates that the mobile worker population could reach 1.3 billion by 2015, meaning, they access workplace data outside the workplace. This is risky because it exposes data to hackers.

In fact, the safety of what’s displayed on the computer screen in public is of huge concern. The 3M Visual Data Breach Risk Assessment Study provides some troubling findings.

First off, 67 percent of workers expose company data beyond the workplace, including very sensitive information. Typically, the employee has no idea how risky this is. It’s as easy as the crook capturing data, that’s displayed on a screen, with a smartphone camera as he passes by or secretly looks on continuously from nearby.

And there’s little corporate policy in place to guard against this. The study says that 70 percent of professional employees admitted their company lacked any explicit policy on conducting business in public. And 79 percent reported that their employer didn’t even have a policy on privacy filter use.

Either communication about policies with employees is feeble, or attention to visual policy from the decision makers is lacking.

An increasing number of people are taking their online work to public places, but if they knew that company data was properly protected from roving snoops, they’d be more productive. Companies need to take more seriously the issue of visual privacy and this includes equipping employees with tools of protection. Below are more findings.

Type of Data Handled in Public

• Internal financials: 41.77%
• Private HR data: 33.17%
• Trade secrets: 32.17%
• Credit card numbers: 26.18%
• SSNs: 23.94%
• Medical data: 15.34%

Only three percent of the respondents said that there were restrictions imposed on some corporate roles working in public. Eleven percent didn’t even know what their employer’s policy was.

One way to make headway is a privacy filter because it blocks the lateral views of computer screens. Eighty percent of the people in the study said they’d use a device with a filter.

Another factor is that of enlightening workers about the whole issue. An enlightened employee is more likely to conduct public online business with their back to a wall.

Additional Results

• In general, work is not allowed in public: 16%
• No explicit policy on public working: 70%
• To the worker, privacy is very important: 70%; somewhat important: 30%; not very important: 4%; not important at all: 1%.
• Only 35 percent of workers opted to use a kiosk machine with a privacy filter when presented with two machines: one with and one without the privacy filter.

The study concludes that businesses are sadly lacking in security tactics relating to data that’s stored, transmitted, used and displayed. This is a weak link in the chain of sensitive information. Any effective IT security strategy needs to address this issue and take it right down the line to the last employee.

IT people need to beef up their opinions about cloud security, says a recent report by the Ponemon Institute called “Data Breach: The Cloud Multiplier Effect.”

Yes, data breaches occur in the cloud. In fact, it can be triple the cost of a data breach involving a brick and mortar medium.

The report put together data from the responses of over 600 IT and IT security people in the U.S. The report has three observations:

• Many of the respondents don’t think that their companies are adequately inspecting cloud services for security.
• The cost of a data breach can be pricey.
• When a business attempts to bring its own cloud, this is the costliest for high value intellectual property.

More Results

• 72% of the participants thought that their cloud service providers would fail to notify them of a breach if it involved theft of sensitive company data.
• 71% believed this would be the same outcome for customer data breaches.

Many company decision makers don’t think they have a whole lot of understanding into how much data or what kind is stored in a cloud.

• 90% thought that a breach could result when backups and storage of classified data were increased by 50 percent over a period of 12 months.
• 65% believed that if the data center were moved from the U.S. to a location offshore, a breach could result.

All of these findings mentioned here are the result of self-estimations rather than objective analysis of real breaches.

Ponemon also determined that if a breach involved at least 100,000 records of stolen personal data, the economic impact could jump from an average of $2.4 million to $4 million, up to $7.3 million. For a breach of confidential or high-value IP data, the impact would soar from $3 million to $5.4 million.

In addition to the self-reporting loophole, the report had a low response rate: Only 4.2 percent of the targeted 16,330 people responded, and in the end, only 3.8 percent were actually used. Nevertheless, you can’t ignore that even self-estimated attitudes paint a dismal picture of how cloud security is regarded.

The good old days were when today’s college kids’ parents lugged their typewriters into their dorm room, and they communicated to people via the phone on their room’s wall. Their biggest worry was someone stealing their popcorn maker. Nowadays, college kids need to beware of remote invasions by thieves.

Major educational institutions have reported numerous data breaches; they come from criminals but also result from professors being careless with laptops and students on open WiFi.

Why are colleges hotspots for hackers? There’s all sorts of users on insecure networks, not to mention a wealth of data. So it’s no longer just warning your kids not to walk the campus alone at night or to stay away from drugs and alcohol.

Students can have a tendency to reuse the same password—anything to make college life less hectic. All accounts should have a different password. And don’t use a password like GoSpartans. Make it nonsensical and full of different characters.

Social engineering. College kids can be easily tricked into making the wrong clicks. A malicious e-mail can pose, for instance, as something from the university. The student gets suckered into clicking on a link that then downloads the computer with malware. A student may be tricked into clicking on a “video link” to view something hot, only to instead download a virus.

Students should look for signs of a scam like bad grammar and spelling in the “official notice” and other suspicious things. Though it’s of utmost importance to have antivirus and antimalware, these won’t stop a thief from using the student’s credit card number after the student is tricked into giving it on a phony website.

College kids also have a tendency to go nuts on social media, posting continuous updates of their day-to-day actions. If the student’s Facebook page is chockfull of personal information, a crook who has the student’s e-mail address could use this information to figure out the student’s answer to security questions and then gain entry to their accounts. This is why two-factor authentication is so important. The thief can’t possibly bust into an account if they need a special one time PIN code with the password usually delivered via a text on their mobile.

Unprotected Wi-Fi. Not all campuses provide secure Wi-Fi, and the presence of antivirus, antiphishing, antispyware and firewalls don’t guarantee all levels of protection. To play it safe, students should never visit bank account sites, insurance carrier sites and other such sites while using public Wi-Fi. Better yet install Hotspot Shield to lock down and encrypt any unsecured WiFi.

Connection salad. Campuses are full of all sorts of connected devices, from phones and tablets to nutrition trackers and other gadgets. Everyone has a device, creating a hodgepodge of connections that puts students and everyone else on campus at risk for a data breach. These Internet of Things devices need their latest software updates and firmware updates. Keep them safe from physical theft too. Shut them off when not in use.

Password protect devices: We lose stuff and stuff gets stolen. While it is certainly more convenient to not password protect a mobile, laptop or tablet, it is also an identity waiting to be stolen. Everything needs a password and don’t share that password with anyone but parents. Because when you are sleeping some night, a drunk college dormate will come log in and start posing as you on social posting disparaging stuff that will last forever.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. 

Don’t blame the hackers; don’t blame the bank; apparently it’s the victim’s fault that a Missouri escrow firm was robbed of $440,000 in a cybercrime, says a report on computerworld.com.

The attack occurred in 2010, but the appeals court’s March 2013 ruling declared that the firm, Choice Escrow and Title LLC, can’t hold its bank accountable. The victimized firm might even have to pay the bank’s attorney fees. The court says that the firm failed to abide by the bank’s recommended security procedures.

BancorpSouth Bank was sued by Choice Escrow following a cyber assault in which the password and username to the firm’s online bank account was stolen.

The victim asserted that the bank failed to implement sufficient security measures, allowing the attack to take place. The firm also insisted that the bank should have detected that the wire transfer of the money to Cyprus was fraudulent because it was initiated outside the U.S.—an unprecedented type of transaction.

BancorpSouth’s defense was that Choice Escrow failed to instill the security precautions for wire transfers that the bank recommended.

At first it seems like the bank here is bucking culpability, but according to the bank:

• It had controls in place for Choice Escrow to use.
• The bank requested that the firm use a dual-control process for wire transfer requests that would require two people to sign.
• The bank asked the firm to enforce an upper limit on wire transfers.
• Choice failed to follow these two recommendations.

The bank also points out that the wire transfer was started by someone who used the firm’s legitimate banking credentials, along with a computer that seemed to belong to the company. Had the company followed the bank’s recommendations, the crime may not have occurred.

Stealing legitimate banking credentials and using them to initiate criminal wire transfers to overseas accounts is nothing new to cyber criminals. This crime causes disputes between banks and their customers and heightens awareness over how much responsibility each entity should carry.