Zoombombing … the New Social Distancing Phenomenon

Zoombombing … the New Social Distancing Phenomenon

Video calls have gone from a novelty to a necessity practically overnight. The term ‘social distancing’ and the app, Zoom, have both become household names as millions of people are being forced to stay home to help stop the spread of COVID-19. The desire to stay connected with our loved ones and friends during this difficult time has sparked creative ways to virtually stay social through video birthday parties, happy hours, trivia nights, yoga sessions, and even weddings. CNBC reported this week that “the [Zoom] app has been the top free app for iPhones in the United States since March 18 … daily users spiked to 200 million in March, up from 10 million in December.”

 

Before the COVID-19 pandemic, Zoom, a privately-held company headquartered in San Jose, CA, was used mostly for web conferencing webinars. Now it is being used by 90,000 schools across 20 countries. But, there are online security issues with the app and school districts have started to ban Zoom because of them. Why? Because of ‘Zoombombing,’ a phenomenon where uninvited guests (pranksters) join Zoom calls and broadcast porn or shock videos. How? Due to Zoom’s default settings, which don’t require a password to set a meeting and allow any participant to share their screen. Most Zoom meetings have a public link that, if clicked, allow anyone to join.

 

The Verge just reported that “Zoom adjusted their default settings for education accounts last week in an effort to increase security and privacy for meetings.” They also noted, “For everyone else, you’ll need to tweak your Zoom settings to ensure this never happens.” The process isn’t very simple…

 

If you schedule a meeting from the web interface, you won’t see the option to disable screen sharing. Instead:

 – Click on “Settings” in the left-hand menu

– Scroll down to “Screen Sharing” and under “Who Can Share?” click “Host Only”

– Click on “Save”

 

If you forget to change the setting before you start your meeting, there’s a way to modify your settings after it starts:

 – Once your Zoom meeting is running, click the caret to the right of the green “Share Screen” button in the center of the bottom row of icons

– Click “Advanced Sharing Options”

– A dialog box will pop up allowing you to switch screen sharing availability from all participants to the “Only Host”


Yes, these are very confusing times. Stay strong and please don’t hesitate to reach out if you need help. We are available 24/7/365 for you and your family members at 888.966.GUARD (4827) and memberservices@guardwellid.com.

 

 

 

Working from Home Cybersecurity Tips

Working from Home Cybersecurity Tips

Coronavirus has forced millions of Americans to work remotely from their homes. Although working from home helps with social (physical) distancing by preventing the spread of COVID-19, there are many new challenges that have come with teleworking. For example, many states have closed schools for weeks, and for some, the entire rest of the school year. Parents may be juggling work while their children are learning remotely. You may find yourself becoming an expert with practicing mindfulness along with new software and conferencing programs, such as Zoom and GoToMeetings (or if you aren’t, your children blessedly are).

 

As we are being forced to slow down the pace of everyday life, we recognize that a lot of good can come out of this time. But, on the other side of the coin, there is the growing opportunity for cybercriminals to trick us into forking over passwords during this learning transitional period. Reuters reported last week that “some researchers have found hackers masquerading as the U.S. Centers for Disease Control and Prevention in a bid to break into emails or swindle users out of bitcoin, while others have spotted hackers using a malicious virus-themed app to hijack Android phones.” Our blogs last week provided some details on these new scams.

 

The Federal Trade Commission (FTC) has some tips to help protect your devices and personal information while working from home:

Start with cybersecurity basics. Keep your security software up-to-date. Use passwords on all your devices and apps. Make sure the passwords are long, strong and unique. The FTC suggests using at least 12 characters that are a mix of numbers, symbols and capital and lowercase letters.

Secure your home network by starting with your router. Turn on encryption (WPA2 or WPA3), which scrambles information sent over your network so outsiders can’t read it. If no WPA2 or WPA3 options are available with your current router, considering replacing your router altogether.

Keep an eye on your laptop and make sure it is password-protected, locked when you aren’t using it and secure. We suggest that it is never unattended, such as out in plain sight in a vehicle. Even if your doors are locked, windows can easily be broken.

Securely store your physical files. Strong physical security is an important part of cybersecurity. If you don’t have a file cabinet at home that is lockable, consider using a locked room. Read this blog by the FTC to learn more tips about physical security.

Dispose of sensitive data securely. Invest in a shredder if you don’t already have one. Throwing paperwork you no longer need in the garbage or recycling bin can be a treasure for a pirate especially if it includes personal information about customers, vendors or employees.

Follow your employer’s security practices. Since your home is now an extension of your office, make sure that you understand the protocols that your employer has implemented.

 

Be smart. Be vigilant. Be strong. Please don’t hesitate to reach out if you need help. We are available 24/7/365 for you and your family members at 888,966.GUARD (4827) and memberservices@guardwellid.com.

.

And More Coronavirus Scams …

And More Coronavirus Scams …

We are monitoring updates surrounding the coronavirus (COVID-19) pandemic around the clock. This environment is a breeding ground for scams to take advantage of you and your identity. Rest assured that we are here to help and will communicate with you every step of the way.

 

The following is the latest information that we know of regarding coronavirus scams:

 

– The Federal Trade Commission (FTC) sent warning letters to seven sellers of scam coronavirus treatments. The FTC reported that “So far all of the companies have made big changes to their advertising to remove unsupported claims.” That is good news. But, scammers never take a break.

 

– Anyone can set up an e-commerce site and claim they have in-demand products. Be on the lookout for online ads that tout cleaning, household and health/medical supplies. Just because they have a website and you pay money doesn’t mean that you will receive any goods in return. The FTC suggests that you check out any seller by searching online for the person or company name, phone number and email address along with keywords such as “review,” “complaint” or “scam.”

 

– Anyone can also set up a fake charity to take advantage of a major health crisis. These scammers take advantage of your generosity and have names that are extremely close to the names of real charities. The FTC remarked that “Money lost to bogus charities means less donations to help those in need.” We suggest that you visit http://www.ftc.gov/charity to help you research charities. Also, if/when you do give, pay safely by credit card and never by gift card or wire transfer.

 

– As well, anyone can pretend to be someone you know. “Scammers use fake emails or texts to get you to share valuable personal information – like account numbers, Social Security numbers, or your login IDs and passwords.” If you accidentally click on a link, they can get access to your computer, network and/or install ransomware and other programs on your equipment that can lock you out. Please protect your smart phone and computer by keeping your software up to date and using multi-factor authentication. Backing up your data on a regular basis is also recommended.

 

– Surprisingly robocalls “pitching everything from scam coronavirus treatments to work-at-home schemes” are still in full force. Do not answer unless the call shows up as a contact in your phone. Let voicemail filter your messages. For more information on robocalls, visit https://www.consumer.ftc.gov/articles/0259-robocalls.

 

We understand that all of this is indeed nerve-wracking. One of the great things about our business is that we are always working in the moment … situations such as the coronavirus do not rattle our operations and team members. Not only do we have a team at a centralized location, but we have also always worked remotely. We will continue to be available for you 24 hours a day, 7 days a week, 365 days a year. We hope that this gives you some peace of mind knowing that we are on top of this crisis and will continue to communicate any dangerous scams related to the outbreak as soon as possible.

 

As always, please contact us immediately if you have any concerns at 888.966.GUARD (4827) or memberservices@guardwellid.com.

 

 

Do You Know What Alexa, Google and Siri Are Up To?

Do You Know What Alexa, Google and Siri Are Up To?

Not everyone has a smart speaker in their home or office, but most of us do have a smart phone. When setting up your device, you were likely asked whether or not you wanted to activate your assistant. Doing so doesn’t take very long … you say a few phrases when prompted so it can get to know your voice and that’s pretty much it … you officially have a virtual assistant. Have you ever wondered how your assistant actually works?

 

Virtual assistants, such as Amazon’s Alexa, Apple’s Siri and Google’s Assistant, use artificial intelligence (AI) to parse what is said or typed and then provide useful information back. Want to know something quickly without lifting a finger? Simply say a wakeword phrase such as, “Hey Siri,” or whatever your smart application is called, and ask away. You could say, “Who wrote Gone with the Wind?” or “What is 23.5 times 6?” or “Play I Can’t Get No Satisfaction.” When you talk to a smart phone or speaker, you know that your voice is being recorded and that there will be a result – sometimes it’s an answer, other times the correct action is taken or occasionally there may be an inquiry back to clarify the request. But, just as false starts happen in races, false positive recordings can be triggered by something as simple as someone zipping up their jeans because it sounds to Siri like the person’s muffled voice. If you have ever experienced Siri being accidentally activated during a time when not requested, you know that it can be a bit embarrassing … and a little unnerving.

 

If privacy is a big concern of yours, you might want to throw your smart speaker or device out the window. These instruments are indeed paying attention to us, but does this mean that they can listen and record all of the time? Amazon hopes so. A newly revealed patent application filed by the company is raising privacy concerns over an envisaged upgrade to the company’s smart speaker systems. This change would mean that, by default, the devices end up listening to and recording everything you say in their presence. The idea is similar to Apple’s live photos, where video is recorded before and after a user takes a picture. Since the application is being asked to do something for us, then we are basically acknowledging that our privacy isn’t desired at that point in time.

 

Amazon.com, Inc. employs thousands globally to help improve the Alexa digital assistant through its line of Echo speakers. Rene Ritchie explained in his latest blog (July 28, 2019) titled Why People Are Freaking Out Over Siri Privacy Right Now, that “the team listens to voice recordings captured in homes and offices. The recordings are transcribed, annotated and then fed back into the software as part of an effort to eliminate gaps in Alexa’s understanding of human speech and help it better respond to commands.” Ritchie remarked, “If Amazon does decide to use the tech in its products, it’s unclear whether customers would be able to opt out of the ‘always on’ recording.”

 

Ritchie continued on with detail about Amazon’s patent application. “While the patent application explains devices would record audio in 10 to 30 second increments and automatically delete unneeded clips, privacy experts say it is cause for concern because it demonstrates tech companies’ growing ability to surveil customers at all times and potentially misuse collected information.”

 

Let’s take a glance at another tech giant, Apple, who recently told The Guardian: “A small portion of Siri requests are analyzed to improve Siri and dictation. User requests are not associated with the user’s Apple ID. Siri responses are analyzed in secure facilities and all reviewers are under the obligation to adhere to Apple’s strict confidentiality requirements.” The company added that a very small random subset, less than 1% of daily Siri activations, are used for grading, like whether the request was intentional or a false positive that accidentally triggered Siri, or if the response was helpful. They added that those snippets used for grading are typically only a few seconds long.  But, what if those few seconds just happen to be you discussing a very private medical issue with your doctor or a very sensitive issue with a family member? How can you prevent being part of a company’s grading process? Currently, the only way to have peace of mind that a random stranger won’t listen in on your Apple device is to stop using Siri entirely.

 

Heidi Messer for The New York Times wrote that “consumers should not be so paranoid about privacy. “The right to absolute privacy no longer exists and excessive regulation of tech companies will only stifle innovation and prevent job creation.” Privacy in the digital age may not be completely deceased but it is hanging on by its fingernails. Just remember, when you agree to use these products, you’re often giving up much more than you think.