5 REASONS WHY CLOUD CAN TRANSFORM YOUR BUSINESS

Businesses are often puzzled by the thought of moving to the cloud. They are concerned with data loss, privacy risks, susceptibility to external attack, internet connectivity etc. But do these concerns outweigh the advantages of cloud computing? or are you afraid of the change?

Comparing the Leading Cloud Providers

Before jumping into the debate lets compare the leading cloud providers on the basis of the two most critical factors- downtime and cost of migrating.
Let’s say you are a growing company with 5,000 site visitors per day and requires a RAM of 8GB and memory of 500GB with 8 core processor. The following image represents the basic comparison between the leading five cloud providers for this scenario. 

Google’s cloud platform should be the ideal choice for this scenario with the downtime of only 4.46 hours for the year 2014 and costing $805 per year. Similarly, the image compares Amazon Web Services(AWS) (2.41 hours), IBM SmartCloud (8.76 hours) and Rackspace (7.52 hour). Microsoft Azure losses out on downtime (39.77 hours) but costs $1,880 per year less than IBM SmartCloud ($2,172 per year) and Rackspace ($2,521 per year). 

Why going for cloud is the best decision for your business?

1.  Cost Efficient

Moving to the cloud saves the upfront cost of purchasing, managing and upgrading the IT systems. Thus using cloud model converts capital expenditure to operational expenditure. Using one-time-payment, ‘pay as you go’ model and other customized packages, organizations can significantly lower their IT costs.

2.  Storage space

Businesses will no longer require file storage, data backup and software programs which take up most of the space as most of the data would be stored in remote cloud servers. Not only cloud frees in-house space but also provides unlimited space in the cloud.

3.  Fault Resilient

While using own servers, you need to buy more hardware than you need in case of failure. In extreme cases, you need to duplicate everything. Moving to cloud eliminates redundancy and susceptibility to outages. Thus migrating to cloud not only adds reliability to the systems but also keeps information highly available.

4.  Scalability

Using cloud computing, businesses can easily expand existing computing resources. For start-ups and growing enterprises, being able to optimize resources from the cloud enables them to escape the large one-off payments of hardware and software, making operational costs minimal.

5.  Lean Management

With cloud, businesses can perform their processes more efficiently. Cloud migration leads existing workforce to focus on their core task of monitoring the infrastructure and improving them. Thus cloud computing leads to lean management and drives profitability.

How can Cloud Consultants help you?

Migration to cloud computing platforms requires essential IT changes and sound knowledge of latest technology. The decision makers should visualize the migration as a business re-engineering process rather than an architectural change. With plethora of options available, business leaders are often confused about which cloud computing technology suits their needs. At this point cloud consultant can help them to choose the service that will empower their current processes.

cloud consultant should the ask the following critical questions to help you define requirements.

  • Do you care where you data is stored and how secure it is?
  • Are your business processes well defined and are they efficient?
  • How much downtime and delay can your business handle?

Knowing these questions will help the consultant find the best services for your business. Thus a consultant should present governance models, security models, performance models, process models and data models in addition to basic infrastructure.

Cloud has certainly changed the dynamics of IT industry. AWS and Microsoft remain the largest cloud providers inclusive of all services. But at the same time cloud consultants play a huge role in empowering the businesses to incorporate innovative solutions and market the cloud-based changes to suit the customers’ needs.

Author: Unknown

Millions of PCs Found Running Outdated Versions of Popular Software

It is 2019, and millions of computers still either have at least one outdated application installed or run outdated operating systems, making themselves vulnerable to online threats and known security vulnerabilities/exploits.

Security vendor Avast has released its PC Trends Report 2019 revealing that millions of users are making themselves vulnerable to cyber attacks by keeping outdated versions of popular applications on their computers.

Probably the most overlooked vectors for any cyber attack is out-of-date programs, which most of the times, is the result of the users’ laziness and company’s administrators ignoring the security updates in a business environment as they can’t afford the downtime.
According to the report [PDF], Adobe Shockwave tops the list of software that most users left outdated on their PCs, followed by VLC Media Player, Skype, Java Runtime Environment, 7-Zip File Manager, and Foxit Reader. The outdated software applications often provide an open door for hackers and cybercriminals to take advantage of security bugs and loopholes in the programs, making them a potential target of cyber attacks. However, it is not only applications but also operating systems that are out of date. Almost 15% of all Windows 7 computers and 9% of all Windows 10 computers are running an outdated version of the operating systems.

To understand the risk, there could be no better example than the Global WannaCry menace that largely infected networks that used out-of-date operating systems, like Windows XP, for which Microsoft no longer offers technical support.

WannaCry was taking advantage of a dangerous security hole in Microsoft Windows that had already been fixed by the company months before the ransomware threat strikes the whole world.

“Most of us replace our smartphone regularly, but the same cannot be said for our PCs. With the average age of a PC now reaching six years old, we need to be doing more to ensure our devices are not putting us at unnecessary risk,” said Avast President Ondrej Vlcek.

“With the right amount of care, such as cleaning our hardware’s insides using cleaners, optimization and security products, PCs will be safe and reliable for even longer.”

The bottom line: Keeping your operating systems and software applications patched and up-to-date can protect you from cyber attacks and prevent hackers from taking advantage of your vulnerable machine to steal your personal and sensitive data.

Author: Swati Khandelwal

Charity Scams to Watch Out for During the Holidays

‘Tis the season of giving, which means scammers may try to take advantage of your good will. A surprising fact about American donation habits is that everyday folks like yourself are the single largest driver of charitable donations in the United States. Giving USA’s Annual Report on Philanthropy found that individuals gave $286.65 billion in 2017, accounting for 70 percent of all donations in the country.

Last year, Giving Tuesday donations alone grew by 22 percent, with an average household donation of $111. With the seventh annual Giving Tuesday on November 27 fast approaching and technology that makes it increasingly easier to support your favorite causes, it’s more important than ever to keep your guard up before you click the “donate” button.

Charity Scams

Unsolicited donation requests are fairly normal during the holiday season —especially since non-profits depend on year-end giving for the success of their organizations—but look out for a few behaviors as red flags. Overly aggressive pitches including multiple phone calls and emails, or high-pressure tactics that require your immediate donation, should always be avoided. Be on high alert for “phishy” emails and links; make sure to check the sender’s email address and hover over links to reveal their true destination before clicking on them. Even if a website looks legitimate, it may be a spoofed. Check that the domain matches the company you intended to visit. This can be trickier than it sounds. For instance, stjudehospital.com may appear to be genuine, but an easy Google search of “St. Jude Hospital” reveals their actual site to be stjude.org.

If you’re donating to a charity you’ve never worked with before, do a little research before committing your funds. Charity Navigator is a particularly useful resource; just type in the organization’s name and check out their rating. If they are not listed on Charity Navigator, it’s probably best to err on the side of caution and donate your hard-earned dollars elsewhere. Also, be sure to only enter sensitive or personal information into websites that have an SSL certificate; you’ll be able to tell if a page is secure if the link begins with “https”. (This is a great tip for shopping online this holiday season too.) Finally, before making any online donations, make sure you have a strong antivirus program installed that can detect phishing sites and that it’s up-to-date on all your devices.

If you are contacted by a charitable organization by telephone and want to make a donation, don’t give them your credit details over the phone. Have them mail you a donation form for you to evaluate and mail back. Remember: no legitimate charity will ask you to wire them money or pay them in gift cards. If you encounter a charity that is urging you to do so, cut all contact and block them on all platforms.

Bear in mind that not all charity scams are out for money, either—some are hoping to skim personal information. There is absolutely no reason to provide a charitable organization with information like your Social Security Number or driver’s license number—these are major red flags. Also, be especially cautious of requests to send an SMS code to donate via text message.

Social Media Scams

Social media is an easy and typically secure way to donate to legitimate charitable organizations, but scammers know how to use these platforms as well. Social media scams are on the rise, but a little bit of common sense goes a long way with donations on social channels. If you’re looking to donate to someone through a crowdfunding site, be sure the campaign fully answers these questions:

  • Can you verify if the organizer of the campaign has an existing relationship with the intended donation recipient?
  • Is there a plan for how the funds are used to aid the intended recipient?
  • Are verifiable friends and family of the intended recipient making donations and leaving supportive comments?
  • How will the intended recipient access the funds?

If you cannot easily find the answers to these questions, we recommend you avoid donating to that campaign.

Another pervasive social media scam is celebrity imposters who pretend to raise funds for charities or disaster relief. These imposters use the familiar faces of some of our favorite media personalities to gain our trust and access our wallets. If you have been solicited by a celebrity for donations, stop and take moment before you give. Make sure it’s their official social media page, which can be often verified on Twitter and Facebook by a small blue checkmark next to their name. You may also Google the celebrity’s name and “scam” to see if others have already reported a trap.

Source: @PatrickDempsey on Twitter

Attacks Targeting Seniors

While scams that target our aging loved ones are a problem year-round, the Consumer Financial Protection Bureau says scammers tend to ramp up their efforts during the holidays to take advantage of seasonal generosity. Most charity scams that target seniors are similar to the ones we all face, including phishing emails, phishing sites, and false charities. However, “Grandkid Scams” are a unique variety.

For this type of fraud, an older adult is contacted by someone pretending to be a family member in desperate need of money or assistance, often impersonating a grandchild. Speak with the older adults in your life about the common signs of scams, like misspelled emails and requests for wire transfers, and teach them how to hover over a link to check its destination. Remind them to verify whether a family member is reaching out for money, and check in with them more often leading up to the holidays to catch any potential security issues early.

Stop Attacks Early

Vigilance is key in stopping a potential security breach in its tracks. If you believe you may have unwittingly sent money to a scam charity, reach out to the organization you used to send the money, such as your bank or credit card company. Tell them the transaction was fraudulent and ask them to cancel it, if possible. If you believe your personal information was exposed, you can freeze your credit to prevent any long-term damage. Also, if you think you may have encountered a charity scam of any type, be sure to report it to the FTC to help keep others safe.

Even if you don’t think you have suffered a breach, keep an eye on your credit score and monitor your banking and credit accounts closely this holiday season. Paying a little extra attention will help you act quickly if your information has been compromised, potentially saving you and your family major holiday heartache. For an added layer of protection, secure all of your family’s devices behind a trusted VPN, which will keep your private data encrypted and safe should anyone try to intercept information you send over WiFi.

Author: Tyler Moffitt

Hackers hide cryptocurrency mining malware in Adobe Flash updates

Cryptocurrency scammers have gotten extra creative and are now hiding mining malware in legitimate updates of Adobe Flash Player.

Researchers from cybersecurity firm Palo Alto Networks discovered a fake Flash updater which has been doing the rounds since early August. While it claims to install a legitimate Flash update, the malicious file sneaks in a cryptocurrency mining bot called XMRig (which mines privacy coin Monero).

The fact the scam actually installs a genuine Flash update serves to distract the user from the deceitful goings-on. Many users may be unaware their CPU is now running at full tilt, mining cryptocurrency for someone else.

What’s going on?

While searching for Fake flash updates, the researchers uncovered 113 instances of files with the “AdobeFlashPlayer” prefix hosted on non-Adobe servers.

Palo Alto Networks believes users are directed to these files via spoof URLs. However, the researchers have not been able to confidently conclude how victims arrive at these URLs in the first place.

Palo Alto Networks tested one of the fake URLs and found that there would be no reason to suspect any foul play: the web traffic, on the other hand, told a different story.

After the URL downloads and installs a legitimate Flash update the mining bot connects to a Monero mining pool and gets to work.

 

As is usually the case with cryptocurrency mining malware, the victim’s infected system does all the heavy lifting with no reward. In this case, any mined Monero is redirected to a single wallet.

 

 

Sadly, cryptocurrency mining malware and crypto jacking is not a new phenomenon; and yet again Monero is the coin of choice for the scammers.

Some research has suggested over $250,000 of Monero is mined through illegitimate browser-based mining scripts every month.

Last month the Monero community hit out at the hackers using XMR in these types of illegitimate scams. The Monero Malware Response Workgroup is trying to combat the growing number of Monero-based hacks.

Let’s hope the workgroup gets to work on this one pretty swiftly.

Author:  Matthew Beedham

Windows file may be secretly hoarding your passwords and emails

If you’re one of the people who own a stylus or touchscreen-capable Windows PC, then there’s a high chance there’s a file on your computer that has slowly collected sensitive data for the past months or even years.

This file is named WaitList.dat, and according to Digital Forensics and Incident Response (DFIR) expert Barnaby Skeggs, this file is only found on touchscreen-capable Windows PCs where the user has enabled the handwriting recognition feature [1, 2] that automatically translates stylus/touchscreen scribbles into formatted text.

The handwriting to formatted text conversion feature has been added in Windows 8, which means the WaitList.dat file has been around for years.

The role of this file is to store text to help Windows improve its handwriting recognition feature, in order to recognize and suggest corrections or words a user is using more often than others.

“In my testing, population of WaitList.dat commences after you begin using handwriting gestures,” Skeggs told ZDNet in an interview. “This ‘flicks the switch’ (registry key) to turn the text harvester functionality (which generates WaitList.dat) on.” “Once it is on, text from every document and email which is indexed by the Windows Search Indexer service is stored in WaitList.dat. Not just the files interacted via the touchscreen writing feature,” Skeggs says.

Since the Windows Search Indexer service powers the system-wide Windows Search functionality, this means data from all text-based files found on a computer, such as emails or Office documents, is gathered inside the WaitList.dat file. This doesn’t include only metadata, but the actual document’s text.

“The user doesn’t even have to open the file/email, so long as there is a copy of the file on disk, and the file’s format is supported by the Microsoft Search Indexer service,” Skeggs told ZDNet.

“On my PC, and in my many test cases, WaitList.dat contained a text extract of every document or email file on the system, even if the source file had since been deleted,” the researcher added.

Furthermore, Skeggs says WaitList.dat can be used to recover text from deleted documents.

“If the source file is deleted, the index remains in WaitList.dat, preserving a text index of the file,” he says. This provides crucial forensic evidence for analysts like Skeggs that a file and its content had once existed on a PC.

The technique and the existence of this file have been one of the best-kept secrets in the world of DFIR and infosec experts. Skeggs wrote a blog post about the WaitList.dat file back in 2016, but his discovery got little coverage, mostly because his initial analysis focused on the DFIR aspect and not on the privacy concerns that may arise from this file’s existence on a computer.

But last month, Skeggs tweeted about an interesting scenario. For example, if an attacker has access to a system or has infected that system with malware, and he needs to collect passwords that have not been stored inside browser databases or password manager vaults, WaitList.dat provides an alternative method of recovering a large number of passwords in one quick swoop.

Skeggs says that instead of searching the entire disk for documents that may contain passwords, an attacker or malware strain can easily grab the WaitList.dat and search for passwords using simple PowerShell commands.

Skeggs has not contacted Microsoft about his findings, as he, himself, recognized that this was a part of an intended functionality in the Windows OS, and not a vulnerability.

This file is not dangerous unless users enable the handwriting recognition feature, and even in those scenarios, unless a threat actor compromises the user’s system, either through malware or via physical access.

While this may not be an actual security issue, users focused on their data privacy should be aware that by using the handwriting recognition feature, they may be inadvertently creating a giant database of all the text-based files found on their systems in one central location.

According to Skeggs, the default location of this file is at:

C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization\TextHarvester\WaitList.dat

Not all users may be storing passwords in emails or text-based files on their PCs, but those who do are advised to delete the file or disable “Personalised Handwriting Recognition” feature in their operating system’s settings panel.

Back in 2016, Skeggs also released two apps[12] for analyzing and extracting details about the text harvested in WaitList.dat files.

Author:  Catalin Cimpanu for Zero Day

Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability

The Bitcoin Core development team has released an important update to patch a major DDoS vulnerability in its underlying software that could have been fatal to the Bitcoin Network, which is usually known as the most hack-proof and secure blockchain.

The DDoS vulnerability, identified as CVE-2018-17144, has been found in the Bitcoin Core wallet software, which could potentially be exploited by anyone capable of mining BTC to crash Bitcoin Core nodes running software versions 0.14.0 to 0.16.2. In other words, Bitcoin miners could have brought down the entire blockchain either by overflooding the block with duplicate transactions, resulting in blockage of transaction confirmation from other people or by flooding the nodes of the Bitcoin P2P network and over-utilizing the bandwidth.
The vulnerability had been around since March last year, but the team says nobody noticed the bug or nobody was willing to incur the expense of exploiting it.
According to the bitcoin core developers, all recent versions of the BTC system are possibly vulnerable to the Distributed Denial of Service (DDoS) attacks, though there’s a catch—attacking Bitcoin is not cheap.
The DDoS attack on the BTC network would cost miners 12.5 bitcoins, which is equal to almost $80,000 (£60,000), in order to perform successfully. The Bitcoin Core team has patched the vulnerability and are urging miners to update with the latest Bitcoin Core 0.16.3 version as soon as possible.

Although the team says that the miners running Bitcoin Core only occasionally are not in danger of such attacks, it would obviously be recommended to upgrade to the latest software version as soon as possible just to be on the safe side.
In addition to the DDoS vulnerability, the latest version also includes patches for a non-insignificant number of minor bugs, related to consensus, RPC and other APIs, invalid error flags, and documentation.
After upgrading to the latest version—the process that will take five minutes to half an hour depending upon the processing power of your computer—users should note that the new wallet will have to redownload the entire blockchain.

Author: Swati Khandelwal

Here Are the Most In-Demand Freelance Skills for 2018

Whatever your freelance jam is right now, most of us could use a boost to the bank account whenever possible. You might be working on a book, or building up your Etsy site for dog sweaters, or gearing up to open a tiny-but-adorable café in an upcoming market, but that doesn’t mean you can’t take time out to do some extra work on the side. A side hustle for your side hustle, if you will.

Or maybe you want to just focus on a high-earning freelance career right now, and that’s all you’re in it for. If so, we salute you! Either way, here are some of the fields you might look into; these are among the most in-demand areas for freelancers right now, and if you strike while the iron is hot, you might just be able to stack up some serious cash.

Writing and Editing

As the interwebs gets bigger and better, websites need to keep filling up their sites with more and more clever, well-written words. That’s where you come in! Content creation simply means writing good articles for sites in a timely (very timely) manner. That might mean whipping out a post every day or turning around a couple of posts a week. The pieces might be long or they might be short; the key is that if you really want to build your brand this way, make sure they are consistently compelling and well-done.

If content creation isn’t your jam, consider looking into copywriting. Sounds similar, but it’s actually pretty different. Whereas content writing will have you generating cohesive articles, copywriting tends to be shorter and punchier; think of advertising copy, social media zingers, and mass emails or alerts. You might also look into business writing, or B2B (business-to-business) writing. This includes things like annual reports, newsletters, and profiles of company bigwigs.

If you have any of these skills and are also wise in the ways of SEO, well then, you’re sitting on a virtual freelancing goldmine.

All Things Digital

It should come as no surprise that industries are heavily on the lookout for people with specialized computing skillsFreelancers International, a company that posts freelancers’ profiles for businesses to search, notes that some of the most enticing job skills in the gig economy at the moment include Final Cut Pro X, vulnerability assessment/penetration testing, and even artificial intelligence.

Final Cut Pro X is the latest iteration of a popular video-editing tool, vulnerability assessment/penetration testing looks into how vulnerable companies are to hacking or phishing; and of course, artificial intelligence is saturating every part of our lives, from ridesharing apps to digital assistants.

You might be more surprised to find out that website-building is still in just as high demand as it has been for years (apparently, even the most independent among us haven’t picked up the ball on learning the simplest of online marketing tools). While anyone can build their own website through services like Wix or Squarespace, not everyone wants to, has the time to, or is confident enough that it won’t come out looking like a modern-day rendering of Atari.

Graphic Design

No company is complete without its brand, and graphic designers are always in demand for that reason. This type of branding extends to everything from websites to logos to business cards to social-media accounts, and in an ever-more-saturated market, most companies are champing at the bit to find creative people who can set them apart visually. Employers will likely want to know what tools you use to create your designs (even if they don’t understand those tools themselves); Forbes reports that Adobe InDesign was the number one fastest-growing skill in Q3 of 2017.

Remember that if you are marketing yourself as an ass-kicking graphic designer, you’ll need to have a website that reflects it.

Social-Media Marketing

It sounds kind of quaint next to all the other digital jobs, doesn’t it? But yes, social-media marketing is still just as important as it was three years ago, and for folks who aren’t digital natives, it can seem daunting (the idea of ruining your company’s brand in 140 poorly-chosen characters is enough to bring even the most confident of managers to their knees). This might mean simply populating a company’s social-media feeds, or it might mean creating and implementing more thorough strategies and reporting back to higher-ups about their results.

Some companies might be interested in hiring you for Instagram marketing alone, as it’s quickly becoming the most popular social-media channel. This might include being deeply familiar with all the tools on Instagram, knowing how often and when to post for maximum engagement, and knowing how to create and disseminate hashtags.

Whether you’re learning some of these skills for the first time or gathering your decades of experience to launch into the freelancing headfirst, just know that there is a world of opportunity there, should you choose to accept it.

Author: Jessica Ogilvie

Apple Bans Crypto Mining Apps

Apple Bans All Cryptocurrency Mining Apps from App Store

Apple has made several policy changes over the last few days that will effectively ban all cryptocurrency mining features from apps in the App Store. This change comes not long after Apple removed an app called Calender 2, which silently began background mining for Monero but later reappeared without its mining functionality. Due to the relatively weak hardware found in Apple devices, it would take a considerable amount of time and processing power to make mining even the easiest currencies feasible.

Hackers Steal Payment Info from Major UK Retailer

These past week officials announced that Dixons Carphone, a large electronics retailer from the UK, suffered a major breach of their payment systems nearly a year ago. The identified systems contained payment data for nearly 6 million customers, though most were protected by the use of a chip-and-PIN authentication system. Additional customer information was also compromised, though the full extent of the fraud being committed with the stolen information is still unclear.

Spanish Soccer App Found Spying on Users

A new app has been circulating through the Android marketplace recently that appears to be a normal sports app, but requests access to the device’s microphone and GPS location to spy on unauthorized viewing of broadcast sports. While the creator of the app, Spain’s top-flight soccer league, has gone on to defend its actions based on the annual losses from illegally broadcasted games, the recent revelation has brought in thousands of 1-star reviews for the app which currently has over 10 million downloads.

Top-level Domains Contain Highest Danger Risks

With just over 1,500 top-level domains (TLDs) like .com, .biz, and .work currently registered, it seems surprising that most sub-domains were linked to some form of spam or malware distribution. The worst offender was the .men TLD which was discovered to have 55% of 65,000 sub-domains registered as “bad” within the last month. The main reason for this influx of spammers is the extremely low cost of purchasing within these TLDs. Most sub-domains are available for less than $1 and can be sold in massive quantities to anyone interested.

Unguarded Botnet Server Reveals 43 Million Email Addresses

Researchers have stumbled onto a command and control server belonging to a botnet that has been distributing both Trik and Gandcrab ransomware. The server itself contained over 2000 text files, each holding an average of 20,000 unique email addresses, likely being used to facilitate other email spammers. A total of 43.5 million unique addresses were found. While many of the emails are likely from other data breaches in the past, they span over 100 individual domains from countries around the world.

Author: Connor Madsen

American Cybercrime: The Riskiest States in 2018

Nearly 50 percent of Americans don’t use antivirus software

That’s right; something as basic as installing internet security software (which we all know we’re supposed to use) is completely ignored by about half the US. You’d be amazed how common this and other risky online behaviors are. We did a survey of people’s internet habits across the United States, and the numbers aren’t pretty.

For reference, some very common (and very risky) online behaviors include:

  • Not using antivirus software
  • Sharing your account passwords
  • Using too-simple passwords, or reusing the same password for multiple accounts
  • Not using an ad or pop-up blocker
  • Opening emails, clicking links, and downloading files from unknown sources
  • Not installing security on mobile devices

State-by-state Breakdown of the Riskiest Cyber Behaviors

We analyzed all 50 states and Washington, D.C., to rank them on their cyber hygiene habits. This ranking system uses positive and negative survey questions weighted by the relative importance of each question. These questions address several topics, including infection incidents, identity theft, password habits, computer sharing, software update habits, antivirus/internet security usage, backup habits, understanding of phishing, etc.

Florida wins the dubious distinction of riskiest state with the worst cyber hygiene. But before anyone pokes fun, we’d like to point out that the average resident of any state in the nation has pretty poor cyber hygiene. Only 6 states in the nation had good cyber hygiene scores.

Impacts of Risky Behavior

When you engage practice poor cyber hygiene, you’re not just running the risk of getting infected or losing a few files.

In our research, we asked respondents who had suffered identity theft, “what were the main consequences of the identity theft incident?” Some of the self-reported fall-out was both surprising and tragic, including responses like a divorced spousebankruptcyfailed to obtain a mortgagehad to get a second jobhad to sell the houseincreased alcohol consumptiondelayed retirement, and diminished physical health.

When we consider that identity theft can mean such devastating consequences as divorce, bankruptcy, and even damage to our health, it becomes clear just how important good cyber hygiene really is.

What the Riskiest States are Doing Wrong

Stats from the 5 riskiest states (Florida, Wyoming, Montana, New Mexico, and Illinois):

  • Identity theft had little to no impact on their cyber hygiene habits. That means even after learning the consequences first hand, very few people changed their habits.
  • These states had the highest per-person average (28 percent) of having experienced 10+ malware infections in a single year.
  • 50 percent+ of respondents in Florida, Illinois, Montana, and 45 percent of respondents from New Mexico and Wyoming said they don’t use any kind of antivirus or internet security.
  • 47 percent of respondents never back up their data.
  • An average of 72 percent share their passwords.

What the Safest States are Doing Right

The 5 safest states had many behaviors in common that kept them ahead of the malware curve.

  • Following cases of identity theft, nearly 80 percent of respondents from the 5 safest states reported that they had altered their online habits, and almost 60 percent changed their passwords.
  • Only 14.4 percent of respondents the safe states experienced 10 or more infections a year.
  • The safest states typically reported running paid-for antivirus/security solutions, rather than freeware, unlike their risky counterparts.
  • Finally, nearly half (43 percent) of the 5 safest states automatically update their operating systems, and 35 percent of respondents regularly back up their data, either on a daily or continuous basis.
  • And of the top 4, password sharing was hardly an issue (88 percent of respondents from those states reported they don’t share passwords at all.)

The Role of Demographics and additional findings

Given Florida’s reputation as a retirement hotspot, we wanted to point out that 50 percent of Florida’s respondents in our study were age 30 or below, and the national average of respondents aged 30 or below was 47 percent. This means age demographics in our survey were consistent throughout all 50 states and D.C. and our responses actually skew younger rather than older.

How to Increase Your Personal Cyber Hygiene Score (It’s not too late!)

Here’s a quick to-do list that will help keep you safe from malware, identity theft, and other online risks. It’s not as hard as you might think.

  1. Use antivirus software. And keep in mind, while there are plenty of free tools out there that are better than nothing, you get what you pay for. Your online security, and that of your family is worth a little investment.
  2. Create strong passwords for each account, change them often, make sure each one is unique, and, if possible, add spaces for increased security. If you’re worried about keeping track of them all, use a password manager.
  3. Stop sharing your login credentials with friends, family, and coworkers. We mean it.
  4. Closely monitor your financial accounts for any fraudulent activity, and consider using a credit monitoring or identity protection service.
  5. Regularly update your operating system and software applications. Lots of infections start by exploiting out-of-date systems.
  6. Don’t open emails from people you don’t know, and don’t download anything from an email unless you’re certain it’s legitimate. And if you get a message that appears to be from an official or financial institution asking you to take an action, don’t click any links. Go straight to the institution’s official website, or call them to confirm whether the message you received was real.
  7. Back up your files and important data regularly to a secure cloud or physical drive.

There are a lot of risks out there, and as an internet user, you have a responsibility to use good judgment when you work, bank, shop, browse, and take other actions online. But by following these easy tips, you can dramatically change your cyber hygiene score, and reduce your risk of falling victim to cybercrime.

Author: Tyler Moffitt