Mobile was born with the consumer market in mind. As mobile has developed for consumer use over the past 20-something years, security hasn’t been much of a priority. Now, with a variety of different operating systems and millions of applications, security on mobiles has become a significant problem—especially in a corporate setting. Criminals know that by targeting an employee’s wireless device, they have a good chance of getting onto the corporate network.

The LastWatchdog.com reports, “New research…shows that an estimated one million high-risk Android applications will get introduced into corporate networks this year. Another recent study analyzed two million currently available Android apps, from both third parties and the Google Play store, classifying 293,091 as outright malicious and an additional 150,203 as high risk. When you factor in iOS, Windows Mobile, BlackBerry and…other mobile platforms, the IT landscape is no longer centered on securing an exclusively Windows-based ecosystem.”

Protect yourself (and your employer) by refraining from clicking links in text messages, emails or unfamiliar webpages displayed on your phone’s browser. Set your mobile phone to lock automatically and unlock only when you enter a PIN. Consider investing in a service that locates a lost phone, locks it and, if necessary, wipes the data as well as restores that data on a new phone. Keep your phone’s operating system updated with the latest patches and invest in antivirus protection for your phone.

Use a free VPN service such as Hotspot Shield VPN, to protect your entire web surfing session. Hotspot Shield secures your connection, no matter what kind of wireless you are using—whether you’re at home or in public, on wired or wireless internet. Hotspot Shield does this by ensuring that all web transactions are secured through HTTPS. It also offers an iPhone and Android version.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America.

Know Foursquare? As the company itself puts it, “Discover and share great places with friends. Over 30 million people use Foursquare to make the most of where they are. Discover and learn about great places nearby, search for what you’re craving, and get deals and tips along the way. Best of all, Foursquare is personalized. With every check-in, we get even better at recommending places for you to try.”

Cool! But how does it work?

Foursquare is a location-based social networking website for mobile devices such as smartphones. Users “check in” at venues using a mobile website, text messaging or a device-specific application by selecting from a list of venues the application locates nearby. Location is based on GPS hardware in the mobile device or network location provided by the application. Each check-in awards the user points and sometimes “badges.”

People who use Foursquare are “portable” by nature—in other words, they move around a lot. They also thrive on, and feel the need to connect to, some form of wireless, either on their mobile or their laptop. As a result, Foursquare has become a great tool to find either a free wireless connection or one that requires a password, and that password is available in the comments on Foursquare location listings such as those for coffee shops and restaurants.

Frankly, I don’t use Foursquare like others do because I don’t like telling the world where I’m at. But I do use it to seek out a WiFi connection and its required password.

Another option to get WiFi passwords via Foursquare is to use another app called 4sqwfi in tandem. The 4sqwfi app uses Foursquare’s API and its user-generated venue tips, and its algorithm filters and displays only the relevant venues.

Keep in mind that with all this WiFi use, you want to protect your information. Use a free VPN for WiFi security like Hotspot Shield. It creates a virtual private network (VPN) between your laptop or iPhone and your internet gateway. This impenetrable tunnel prevents snoopers, hackers and ISPs from viewing your web browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America.

Earlier this week McAfee Labs™ released the McAfee Threats Report: First Quarter 2013, which reported that malware shows no sign of changing its steady growth, which has risen steeply during the last two quarters.

Many of the most significant growth trends from previous three quarters actually went into remission, while older types of attacks and what can only be called “retro-malware” experienced significant new growth.

The resurgence of these “retro-malware” includes:

Koobface: This worm targets Facebook, Twitter and other social networking users was first discovered in 2008, and had been relatively flat for the last year yet it tripled in the first quarter of 2013 to levels never previously seen. That’s a record high point and double the size of the prior mark, set in the fourth quarter of 2009. The resurgence demonstrates that the cybercriminal community believes that social networking users constitute a very target-rich environment of potential victims. To avoid falling victim make sure you are careful of what links you click on in social media sites—don’t fall for those too good to be true deals!

Mobile Malware:  Android malware continued to skyrocket, increasing by 40% in Q1. Almost 30% of all mobile malware appeared this quarter. While the overall growth of mobile malware declined slightly this quarter, McAfee Labs expects to see another record year for mobile malware. You need to be proactive and protect your mobile devices with comprehensive security software and pay attention to social engineering attempts to get you to give up your personal information.

Suspect URLs: Cybercriminals continued their movement away from botnets and towards drive-by downloads as the primary distribution mechanism for malware. At the end of March, the total number of suspect URLs tallied by McAfee Labs overtook 64.3 million, which represents a 12% increase over the fourth quarter. This growth is most likely fueled by the fact that these malicious sites are more nimble and less susceptible to law enforcement takedowns. You should take care to make sure you’re using a safe search tool to visit sites that you know are safe before you click.

Ransomware: Ransomware has become an increasing problem during the last several quarters, and the situation continues to worsen. With ransomware, cybercriminals hold your computer or mobile device files “hostage” and insist on payment to unlock it. But there are no guarantees that they will “free” your device after you pay. One reason for ransomware’s growth is that it is a very efficient means for criminals to earn money and various anonymous payment services make it hard to track them down. The problem of ransomware will not disappear anytime soon. You should always take precautions to back up your valuable data.

AutoRun malware:  Traditionally, AutoRun worms were distributed via USB thumb drives or CDs. This type of malware can allow an attacker to take control of your system or install password stealers. AutoRun malware has risen rapidly for two quarters and reached a new high, with almost 1.7 million new threats. The spike is likely being driven by the popularity of cloud-based file-sharing services. Having comprehensive security that automatically scans all devices that are attached to your computer and scans your hard drive is a must to protect against this.

Spam: After three years of stagnation, spam email volume rose dramatically. McAfee Labs counted 1.9 trillion messages as of March, which is lower than records levels, but about twice the volume of December 2012. One significant element behind this growth in North America was the return of “pump and dump” spam campaigns, which targeted would-be investors hoping to capitalize on all-time equity market highs.

We are facing an uphill battle against the growing threats and attacks. Fortunately we can protect all our devices including PCs, Macs, smartphones and tablets with one solution, McAfee LiveSafe. Of course you should still take care to educate yourself on the latest threats and techniques that cybercriminals use and be suspicious of anything that doesn’t seem right.

Stay safe!

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube.

A cybercriminal’s full time job is creating new crimes, and he or she will make full use of technology to hide their activities to fool you. And with mobile devices, this is no different.

The threat to our mobile devices is also high because our smartphones are always connected, they usually carry some personal data, and they are even equipped with small cameras, microphones, and positioning devices (just like the spies carried in old movies). And because there are more built-in devices options (like cameras and microphones) compared with computers, it makes the operating systems and apps more complex, increasing the way that cybercriminals can take advantage of any security holes.

But you can focus on doing some things that will help you be more secure when using your mobile devices. We provided five tips here and now here’s five more:

Be careful when “checking in” on social sites: Facebook, FourSquare and other geo-location programs are fun and sometimes you can score some deals for “checking in” at locations, but you also want to be cautious of letting people know where you are – especially if you’re away from home. And you also may want to consider disabling the GPS (global positioning system) on your smartphone or tablet so your photos don’t’ have latitude and longitude information embedded into them when you share them.

Don’t remember it-forget it: Don’t set user name and passwords to be remembered in your mobile browser or in apps and make sure you always log out of accounts when you access them. And like on your computer, make sure you use strong passwords and different passwords for each of your accounts.

Be careful what you share: Yes it’s fine to stay in touch with our friends and family via social networks, but be careful what you share. Even if your privacy settings are set to only let your friends see the information, it’s best to take the approach that once something is online, it lives forever. Think if you’re really ok with your grandmother or boss to see that update, picture or video.

Don’t text or email personal information: While this might seem pretty basic, we may find we need to share credit card numbers or personal details with another person. But this should be done via a secure site or app or use your mobile’s other function (the basic phone part). Emails and texts can be intercepted and then your information can fall into the wrong hands. Also remember that legitimate organizations like banks will not ask you to text personal details like that so if you see requests like that, it’s most likely scam.

Turn off your Bluetooth: If you’re not using this connection, it’s best to turn it off. Not only will this help save your battery life, but it prevents hackers from accessing your device through this technology. Many devices are preset to use default settings that allow other users to connect to your device, sometimes without your knowledge. In some cases, hackers can access a phone’s contacts, calendar, text messages, and more.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  

When devices are lost or hacked and your data is exposed, not only is this a pain to deal with, but you could become a victim of identity theft. Not only do victims of identity theft suffer loss of time  but they also lose money that may not be able to be recovered . In McAfee’s recent study, they found on average that people have over $35,000 worth of digital assets stored on their digital devices, further demonstrating the need to protect your personal data on all of your digital devices.

Studies show that identity theft can take anywhere from one hour to 600 hours to rectify, and so dealing with multiple breaches can potentially add up to several wasted years of your life. Other studies have shown that as many as 25% of victims never fully restores his or her compromised identity. The victim has to deal with it for life. It’s just a constant administrative process that never goes away.

For some people, the consequences of identity theft include financial ruin, wrecked marriages, lost jobs or emotional distress. It can be like a recurring plague. Identity theft is not something you want to happen to you or anyone you love.

What are the most effective ways to protect the data on your devices?

Be careful what you store on your devices. Passwords, driver’s license numbers, credit cards, tax statements—all of these can be used to steal your identity.

Be vigilant about what you post online—Remember online is forever and also hackers use online properties to find out information about you and then use this information to try and lure you to giving them more information through phishing and other tactics.

Use strong passwords—this is often the first line of defense against hackers. Remembers passwords should be at least ten characters in length and ideally use a combination of upper and lower case letters, numbers and symbols and not spell any words or use things like pets’ names or birthdays.

Protect all your devices—PCs, Macs, tablets and smartphones with comprehensive security, like McAfee^® LiveSafe^™ that includes:

Basic security like antivirus, anti-spyware, anti-phishing, anti-spam and a firewall

Remote locate and lock software to track and lock your PCs, tablets and smartphones if they are lost or stolen.

Password management software to help you securely manage all your usernames/passwords and with one click securely login to any site from any of your devices.

Secure online storage for your most sensitive documents that is only accessible with your face and voice.

Our use of digital devices bring great flexibility and convenience that most of us have come to rely on. It’s up to us to also take steps to make sure we are protecting ourselves and our family, our data and identity.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube.

Cybercrime is one of the most lucrative illegal businesses of our time, and it shows no signs of slowing down. Over the last decade, cybercriminals have developed new and increasingly sophisticated ways of capitalizing on the explo­sion of Internet users, and they face little danger of being caught. Meanwhile, consumers are con­fronted with greater risks to their money and information each year.

The proliferation of mobile devices has provided a new opportunity for cybercriminals. With mobile shipments now outpacing PC shipments, there is now a large enough pool for the cybercriminals to start to leverage this base to make money.

Here are 5 quick tips to help you protect your mobile device and your data on the device.

Put a PIN on it – As a first basic step make sure you use a PIN code or password to lock your device and make sure it is set to auto-lock after a period of time.

Think before you click: Being on the go is convenient, but in our rush to respond, we don’t always take the time to look carefully at texts, email and social posts to make sure they are valid. Always be careful when clicking on links that you receive from anyone.

Don’t be app happy: Be careful what apps you download and where you download them from. Most malicious software for mobile devices is distributed through “bad” apps.

Be careful where you search: Double-check a website’s address and make sure that it appears legitimate by reviewing the URL or rather than doing a search for a site, type in the correct address in the URL bar to avoid running into any phony sites.

Secure your device:  Make sure all your mobile devices have comprehensive security software, like McAfee Mobile Security or McAfee LiveSafe (for all your devices) that protects you from threats, helps you avoid risky websites and malicious apps, and in the event of loss or theft, lets you remotely backup, lock and if necessary, wipe all the data from your mobile device.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! 

Banks rely on usernames and passwords as a layer of protection and authentication to prevent criminals from accessing your accounts. However researchers now show that your password—even though it may be a relatively “strong” one, might not be strong enough.

When you create a password and provide it to a website, that site is supposed to then convert them to “hashes” as Ars Technica explains “Instead, they work only with these so-called one-way hashes, which are incapable of being mathematically converted back into the letters, numbers, and symbols originally chosen by the user. In the event of a security breach that exposes the password data, an attacker still must painstakingly guess the plaintext for each hash—for instance, they must guess that “5f4dcc3b5aa765d61d8327deb882cf99″ is the MD5 hashes for “password”.

But Ars did an experiment with some newbie technologist all the way up to expert hackers to see what they could do to crack the hash.

“The characteristics that made “momof3g8kids” and “Oscar+emmy2″ easy to remember are precisely the things that allowed them to be cracked. Their basic components—”mom,” “kids,” “oscar,” “emmy,” and numbers—are a core part of even basic password-cracking lists. The increasing power of hardware and specialized software makes it trivial for crackers to combine these ingredients in literally billions of slightly different permutations. Unless the user takes great care, passwords that are easy to remember are sitting ducks in the hands of crackers.”

How to get hacked

Dictionary attacks: Avoid consecutive keyboard combinations— such as qwerty or asdfg. Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like “John the Ripper” or similar programs.

Simple passwords: Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color/song, etc. When 32 million passwords were exposed in a breach last year, almost 1% of victims were using “123456.” The next most popular password was “12345.” Other common choices are “111111,” “princess,” “qwerty,” and “abc123.”

Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims.

Protect yourself:

1. Make sure you use different passwords for each of your accounts.
2. Be sure no one watches when you enter your password.
3. Always log off if you leave your device and anyone is around—it only takes a moment for someone to steal or change the password.
4. Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.
5. Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.
6. Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.
7. Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
8. Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
9. Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Remember, the more the merrier.

10. Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!” I wish.

11. Use the keyboard as a palette to create shapes. %tgbHU8*- Follow that on the keyboard. It’s a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard. Use W if you are feeling all crazy.

12. Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? —This one says “To be or not to be?”

13. It’s okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.

14. You can also write a “tip sheet” which will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example above, your “tip sheet” might read “To be, or not to be?”

15. Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and heed its advice.

While you must do your part to manage effective passwords, banks are working in the background to add additional layers of security to protect you. For example, financial institutions are incorporating complex device identification, which looks at numerous characteristics of the online transaction including the device you are using to connect. iovation, an Oregon-based security firm, goes a step further offering Device Reputation, which builds on complex device identification with real-time risk assessments. iovation knows the reputations of over 1.3 billion devices in iovation’s device reputation knowledge base. By knowing a devices reputation, banks can better determine whether a particular device is trustworthy before a transaction has been approved.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video.