Exposed as in streaking through life naked without a stitch of security. There are things I do and things I don’t do, and no security isn’t on my “do” list. Come on, people!

McAfee used its Windows-based Security Scan Plus scan an average of 17 million PCs per month in 24 different countries. This was the first industry study of its kind, thought to be the most accurate snapshot of consumer PC protection to date.

83% of computers scanned were found to be protected with the basics. Basic security protection includes working antivirus software, anti-spyware protection, and firewalls. That leaves 17% with no or essentially no protection from malware and other threats.

Other key findings include:

Finland is the most protected country with only 9.7% of PCs lacking any security protection

Singapore ranked at the bottom with 21.75% of consumer PCs completely unprotected

11.75% of Singapore’s PCs have security software installed, but it is disabled

Spain had the highest percentage of PCs without any installed basic security protection at 16.33%

The United States is the 5^th least protected country, with 19.32% of Americans browsing the Internet without any protection; 12.25% of consumers have zero security protection installed; 7.07% have security software installed but it is disabled

If you are part of the 17% without security software installed, listen up: there are millions of viruses out there that will ravage your PC to death. Some can make your PC completely inoperable, while others allow criminals to control your PC remotely, making it part of a “botnet,” used for nefarious ends by a criminal network. But worst of all are viruses that allow criminals to access your data in order to steal your identity.

So please, protect your PC with comprehensive security software that includes antivirus, anti-spyware, anti-spam, anti-phishing and firewall protection, and save us all the discomfort of having to look at your naked PC.

Robert Siciliano is an Online Security Evangelist to McAfee. See him on Anderson Cooper discussing mobile security and identity theft.

Please feel free to use this “compliance dashboard” spreadsheet to sustain your PCI compliance journey.

It encompasses:

•  A table of content and navigation links (NEW)
• "Scope" sheet allowing you to define the Card Data Environment (CDE) (NEW)
• An Executive summary showing your progress on your PCI compliance journey based on the selected merchant type (UPDATED)
• Possibility to hide/unhide non applicable requirements associated to the selected Merchant Type.(NEW)
• Graphs (Compliance % and Severity Level per requirements (UPDATED)
• Documentation sheet - List of your documentation (technical, policies and procedures) related to PCI. (NEW)
• All PCI DSS requirements grouped by section
• Guidance associated to each requirements
• The major observation points from the 2011 Verizon PCI Compliance report for each requirement
• The PCI Glossary
• The participants list (NEW Renamed to "PCI Team")
• The list of merchant types
• The compensating controls documentation sheet
• The Validation Instructions for QSA/ISA for each requirement
• Indication of "relevance" by merchant types (A, B, C, C-VT, D). "1" indicates that the requirement is relevant.
• Priority level or milestones from the “prioritized approach” (1-6)
• A column "In Place" (Yes/No/Compensating control Present)
• A column severity equals to the PCIco priority level for not in place requirements (NEW)
• A column "Stage of implementation (if not in place)"
• A column "Estimated date for completion"
• A column "Proofs/Documentation/Comment"
• A column "Remediation plan" (what must be done)
• A Column "Owner" (The individualor department in charge) (NEW: association with the PCI Team)
• A Column "SANS Top 20 Critical Security Controls" matching subcontrols for each PCI requirement wherever possible. (NEW)
• A Sheet " SANS-PCI" Listing all SANS Top 20 Critical Security Controls and Sub-controls together with  PCI requirements partially or fully matching the sub-controls. Also % of match for each SANS Controls. (NEW)
• Links to the PCI 30 seconds newsletters (UPDATED)

Check out the PCI 30 seconds newsletter #20 – PCI DSS and SANS Top 20 Critical Security Controls: The Sumo match. Add get access to the detailed analysis paper. 

https://community.rapid7.com/community/infosec/blog/2012/06/11/pci-30-seconds-newsletter-18-pci-versus-sans-or-minimum-versus-critical

EFTPOS skimming has become increasingly prevalent over the past few years. EFTPOS skimming—which stands for “electronic funds transfers at the point of sale”—involves either replacing the self-swipe point of sale terminals at cash registers with devices that record credit and debit card data, or remotely hacking a retailer’s POS server.

In one such case, Romanian hackers are alleged to have remotely accessed hundreds of small businesses’ POS systems and stealing enough credit card data to rack up fraudulent charges totaling over $3 million. The hackers’ targets included more than 150 Subway restaurant franchises and at least 50 smaller retailers.

Officials report a wave of credit and debit card attacks, involving point of sale terminal swapping, data skimming, and hacking into payment processors. The U.S. Secret Service, for example, will not disclose details about specific cases, but confirmed, “they are conducting a multi-state, multi-country investigation into this string of crimes.”

Meanwhile, the Oklahoma Bankers Association has stated, “It is beyond apparent our bankers are taking great losses on these cards and we also need to explore creative ideas to mitigate these losses. It is in the best interest of retailers, bankers, processors and card providers to find ways to limit these losses so that debit and credit cards can remain a viable method of payment.”

When the use of these stolen credit cards go online, iovation’s ReputationManager 360 helps banks and online merchants avoid fraud losses by detecting high-risk behavior and stopping cybercriminals in their tracks. iovation’s device identification and device reputation technology assesses risk on activities taking place at various points within an online site such as account creation, logging in, updating account information, attempting a purchase, or transferring funds. These checks can be customized and fine-tuned to suit the needs of a particular business, detecting fraudulent and risky behavior in order to identify and block cybercriminals for good.

Robert Siciliano, personal security and identity theft expert contributor to iovation.

Spammers send unwanted emails or texts that are both annoying and frightening. Most spam messages are useless advertisements selling stuff you don’t need or want.

In 1995, 8,069 unique pieces of malware were detected. One out of 20 emails were spam, and the Melissa virus infected hundreds of thousands. By 2010, 54 million unique pieces of malware were detected and more than 90% of all email was spam.

SMS spam (or spam via texting) is so prevalent today because those sending it are often scammers using robocall techniques that sequentially dial numbers in any area code and extension. An online search for “mass sms software” turns up plenty of free and low-fee programs that facilitate mass texting.

Also, when you enter your mobile number on a website you might end up clicking a terms of service agreement where you allow the company to send you text advertisements. And entering your information on a mobile app is no different. If you are not careful, you could unknowingly be opening yourself up to spam from the app and any third parties they work with.

While spam is mostly annoying, it can also pose some risks to you. You could even be tricked into paying for products and services that turn out to be illegitimate or nonexistent. Spam can also be used to distribute Trojans, spyware, and exploit code that can infect your mobile device or steal your information.

To protect yourself from SMS spam, you should:

Unsubscribe to unwanted text messages – Try to reduce the amount of marketing lists that have your mobile number, If you haven’t signed up to receive text messages from an organization and don’t recognize the sender, don’t open the text or unsubscribe from the list, since this lets the spammer know that your phone is active. The best thing to do is just delete the message.

Protect your mobile phone number – Don’t give your mobile number to companies or people you don’t know. And, if you do need to give out your mobile number, make sure you should understand the company’s privacy policy to see if your information is being shared with any third parties.

Use great caution when opening attachments - Never open unsolicited business emails, or attachments that you’re not expecting—even from people you know.

Watch out for phishing scams. Don’t click on links in text messages. Instead, open your mobile browser and visit the site directly.

Do not reply to spam. Never send your credit card information, Social Security number, and other private information via email or instant message.

Watch your permissions – Make sure you know what information your apps have access to as you may be allowing them to send you text messages by just downloading the app. Read the reviews and privacy policy for the app.

Taking the time to practice some simple steps will help protect you against the risks of spam.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. 

Phishing occurs when scammers send emails that appear to have been sent by legitimate, trusted organizations in order to lure recipients into clicking links and entering login data and other credentials. SMiShing is a version of phishing in which scammers send text messages rather than emails, which, as with phishing emails, appear to have been sent by a legitimate, trusted organization. The terms reference a scammers’ strategy of fishing for personal information.

For instance, you could receive an email or text message from someone posing as your credit card company, asking you to confirm your account numbers or passwords.  It’s much easier to fall for these tricks on your mobile device because a lot of the things you can do to check if an email is legitimate are not available.

For instance, because of the limited screen space on your mobile device, you probably can’t see a site’s full web address, or an email sender’s full return address. Without being able to see a full address, it’s difficult to tell if the website or sender is legitimate. You also can’t “hover over” a link like you can from your computer and get a preview of a linked word or graphic.

Another factor is the “always on” nature of mobile devices. Most mobile users are more likely to immediately read their email messages and forget to apply their security practices, such as checking to see if an email is from someone they know and if any included links appear real. Because messages are checked continuously, you are more likely to encounter phishing attacks within the first few hours of launch, before security filters have a chance to mitigate the threat.

If you do click on a dangerous search result or stumble upon a malicious webpage, you could wind up accidentally downloading malware onto your phone, or simply run into inappropriate content.

To protect yourself from a mobile phishing scam, you should:

Don’t click on any links from people or companies you don’t know

Even if you do know the person or company who sent the email or text, take the time to double-check a website’s address and make sure that it appears legitimate.

Be wary of any retail site with deeply discounted prices, and always check other users’ comments and reviews before purchasing online.

Rather than doing a search for your bank’s website, type in the correct address to avoid running into any phony sites, or use your bank’s official app.

Use a comprehensive mobile security product such as McAfee® Mobile Security, which offers mobile antivirus protection, safe search, backup and restore functions, call and text filtering and the ability to locate your phone and wipe personal information in the case of loss.

The best protection from this scam is awareness. Once you understand how it works, you are better positioned to recognize mobile phishing, and how to avoid clicking links within emails or text messages or otherwise responding to such ruses.

Robert Siciliano is an Online Security Evangelist to McAfee. 

Going “Green” isn’t a fad, it’s necessary to save the planet. If you have watched any of the documentaries on the Discovery Channel about how the polar icecaps are melting then you might have the same sick feeling in the pit of your stomach like I do.  Conservatively, sea levels will rise around 2 feet in the next 100 years, and that’s just the beginning.

The Small Business Administration and numerous other resources are available to help small business go green.

Whether you own or lease your building, you typically need lighting, heating, air conditioning, power for office equipment, and other services to stay in business. This guide will help your business be more energy efficient.

Become Energy Efficient: Virtually any small business can improve its energy efficiency easily and cost-effectively, using the numerous resources that are available both from ENERGY STAR and a wide variety of other organizations.

Energy Saving Tips: Good energy management is good business. The prudent and conservative use of energy is one of the easiest and most cost effective steps you can take to cut operating costs and increase profitability.

Calculate Energy Savings: Get tools and resources to help you calculate energy savings from your energy efficient upgrades.

Sustainable Business Practices: After making energy efficient upgrades, you may also want to consider taking additional steps to implement sustainable business practices that help protect the environment.

Energy Efficient Upgrades: Learn about energy efficient upgrades you can make to your facilities to lower energy costs and conserve energy.

For Specific Businesses: The types of energy efficiency upgrades that provide the largest cost savings depend on the kind of business you are running.

State and Local Energy Efficiency Programs: Here you will find a listing of state, local and regional programs that help small businesses become energy efficient. These programs offer financial assistance in the form of grants and loans for making energy efficient upgrades.

The clock is ticking. The time is now. Let’s work together to save our planet.

Robert Siciliano personal and small business security specialist to ADT Small Business Security.

Go through your smartphone right now. Look at each app and seriously consider whether you need it. If not, delete it. Then, determine which of the free apps are worth upgrading to the paid versions, since free apps that contain advertising that puts an additional drain on your battery.

Using a special energy-profiling tool, researchers from Microsoft and Purdue University found that when a mobile is run over a 3G connection, Android and Windows Mobile apps operating third-party ad services dedicate up to 75% of their power requirements to ads rather than game play.

Applications often communicate with their sources, transferring data back and forth between your mobile phone and the app’s home server. This information could be about you, gleaned from your mobile use, or it could be new advertising. The most effective way to deal with this is to either delete the app, or in some cases you are given an option to prevent it from running in the background.

But don’t stop there. There are numerous other battery drains affecting your smartphone. To preserve battery life:

Set your phone to lock automatically after being idle for one minute

Disable Wi-Fi and Bluetooth when they are not in use

Disable all unnecessary notifications

Disable any unused location services

It’s also a good idea to get yourself set up with extra chargers for your car, travel bag, and various rooms of your home. I like getting a mix of extra long and very short cables for different applications. They can often be found inexpensively on eBay.

Robert Siciliano is an Online Security Evangelist to McAfee.