3 BEST VPNS FOR ANDROID

Summary:  Using the internet on an Android phone or tablet with the default settings leaves you very vulnerable online.

It means hackers can gain access to your personal information and control your device. A Virtual Private Network, or VPN, will protect your Android device.

A VPN encrypts your presence online so that someone cannot remotely put malware on your smartphone or tablet, download apps, or steal personal details.

To be fully protected online when using Android, get Express VPN today.

 

 

NOT USING A VPN IS DANGEROUS

My Android smartphone started doing some really weird things last year.  It began to download apps all by itself.

When I started flicking through the home screens on my phone I noticed random app icons that were never there before.

I certainly never downloaded them and I have no idea how they got there. Even though I deleted the apps from the device, new apps kept reappearing every few days.

It was through a friend I realized my Android phone had been hacked and I needed protection.

Infiltrating an Android device is actually more straightforward than you might think.   For example, if you regularly use public Wi-Fi, it is easy for a trained hacker to gain access to your device.

Some common signs that your device has been hacked include:

  • Battery being drained quicker than usual due to malware
  • Internet data is being used up quicker than normal
  • Apps are being downloaded without your consent

If any of these issues are happening to your Android device then you need to take action.  You should run an anti-virus and clean your phone, but this is just a reactive measure.

You also need to be proactive to stop it from happening in the future.

MY 3 BEST ANDROID VPN RECOMMENDATIONS

There are so many VPN services out there that claim to be the best.  However, I speak from personal experience on what the top 3 services are for Android operating systems.

I take my security very seriously now.  After my device was hacked last year, I went through several VPN services before I found one that I was comfortable with.

I want to help you guys protect your data and your information and this is why I have decided to share my top 3 recommendations with you.

#1 EXPRESS VPN – 9.5/10 – THE BEST VPN FOR YOUR ANDROID DEVICE

Express VPN should be your first choice to protect your Android device.

They have over 100 VPN locations in 78 countries, which provides you an incredible number of options regardless of your location.

Express VPN also provides its users unlimited bandwidth, unlimited speeds, zero logging of your Internet activity, ease of use and their reliability is through the roof with 99.9% uptime rate.

Needless to say, Express VPN is a reliable service that is perfect for your Android.

Express VPN is affordable, only $8.32 a month with a 12-month subscription and they offer a 30-day money back guarantee.

You also get world-class live chat and email support 24/7, and Express VPN boasts an impressive average response time of under 30 minutes.

Downloading the app and using the service is super easy, too. Since we are concerned with security we have to mention how Express VPN protects you, with 256-bit encryption.

The experts at Express VPN provide this high level of encryption to ensure your security and privacy.

When combined with their speeds and customer service, it’s easy to see why Express VPN is our top choice for your Android.

To get the best protection and service available for your Android, check out Express VPN here.

#2 IPVANISH – 7/10 – HARDER TO USE ANDROID APP

IPVanish also have an Android app but it is not as easy to use as Express VPN and also has a slow customer support team.

I have friends who are not great with new technology. It takes them a while to figure out how to use different apps and software.

With Express VPN they could open up the app and be secured in seconds.

It is much harder to use the IPVanish app. If you don’t have a lot of time to spare then you should get the Android software from Express VPN instead.

Another problem with IPVanish is that their customer service is really slow. I had issues installing the app on my Android device and need to contact their support team.

It took hours from submitting my support ticket to receiving a reply. With Express VPN I had a response in minutes and a solution to my problem within the hour.

If you want to use a reliable and simple Android app that will allow you to use the internet anonymously then get Express VPN.

You can visit the IPVanish website here.

 

– See more at: https://securethoughts.com/3-best-vpns-android/#sthash.p2u8ZsKL.dpuf

What can you learn from the VTech breach

The breach of VTech by an unknown cyber-criminal continues to escalate. After initial reports of a breach exposing personally identifiable data of it’s customers (despite VTech’s statement otherwise), the hacker released a limited set of personal messages and photos from VTech customers to prove a near-complete compromise.

It’s been a bad week for VTech. Make no mistake, VTech is the victim of a crime. However the more immediate issue is the potential fallout for their customers and their children. And it’s here that VTech’s initial response has made things worse not better. Thankfully, they’ve adjusted course in the last 24 hrs and are being more open with information.

Let’s learn from this. Here’s what you can do as a defender to make sure your organization is better prepared to handle a breach.

Communicate Openly

The time to figure out your post-breach communications plan is now. When you’re dealing with the fallout from a breach, you want to be able to implement a step-by-step plan that is appropriate for the situation.

Here’s a basic outline of what you’re going to need;

  • An open and honest email to customers that contains;
    • specifics of the data that was stolen
    • contact information to speak to someone fully informed of the situation and ready to respond immediately to their concerns (e.g., customer care)
    • an apology
    • a timeline for future communications
  • A press release that contains;
    • specifics of the data that was stolen
    • the steps you’ve taken to inform your customers
    • a media contact for comment and additional information
  • An open and honest communication to stakeholders that contains;
    • specifics of the data that was stolen
    • what is know so far about the mechanics of the breach
    • the steps you’ve already taken in response
    • the steps you plan to take
    • who is the lead for communications
  • A public URL that you can use to gather information (like an FAQ)
    • this should be constantly updated as the situation evolves
    • use this as the default resource to send everyone to
    • don’t hide this away on a corporate site. Make sure it’s visible where your customers visit

These items should be written ahead of time in a customizable template. Remember this is in addition to the internal response that you’ll require.

When you realize that you’ve been hacked, here are the steps you need to take to effectively communicate;

  • acknowledge that there has been a breach and that you’re actively investigating it
  • identify and inform affected customers
  • publish the public URL for general awareness
  • inform and brief stakeholders
  • issue a press release with critical information and a point of contact

All of these should be written in a tone that is clear and apologetic. Don’t needlessly muddy the waters (e.g., VTech’s re-definition of personally identifiable information), try to deflect blame, or raise the point that your a victim too. You can provide an explanation and get into the specifics of how this happened afterwards.

The immediate goal is to reduce the impact of the breach.

This means ensuring that your customers have the necessary information as quickly as possible. If they need to take action of some sort (cancel credit cards, change account credentials, etc.), you want them to be made aware so they can reduce the chances of something bad happening.

Act Decisively

Once you start to respond to an incident, the process has 5 key steps;

  1. detect
  2. analyze
  3. contain
  4. eradicate
  5. recovery

These steps are bookended by “prepare” and “improve/learn” and together these steps form the foundation of a solid incident response (IR) process.

Most often, the biggest challenges are faced in the “contain” step. This is often when the IR team is faced with tough decisions that directly impact the business.

VTech issued the following update on their FAQ 01-Dec-2015;

“As a precautionary measure, we have suspended Learning Lodge, the Kid Connect network and the following websites temporarily whilst we conduct a thorough security assessment.”

This is not something that any organization ever wants to have to write. But it’s 100% the right call despite the potential impact to the bottom line.

When is the right time to make this type of call? There’s no firm rule. It’s a judgement call based on the information you have at the time.

What you can do to make this easier is to work out possible scenarios ahead of time. This is an extremely difficult exercise to work through as it assumes your other work in defending the organization has failed. But it’s critical to work through these scenarios in theory and in practice (called a game day) in order to write a playbook for IR.

Part of this exercise is to determine who in the organization has the required authority to make the decision to shut down services. Hopefully you never have to make that call. But if you reach that point, you need to know who to call.

All of the processes you have in place with your security practice work towards never having to make a call to shutdown services. If you’re hacked and you have to make that call, you’re far better off working from the playbook you wrote ahead of time instead of calling an audible.

Know Your Exposure

The most important thing you can do now to reduce the impact of being hacked is to review the data your are collecting and storing. By creating an inventory of the type of data you have, it is much easier to evaluate the risk you’re facing.

With the list in hand, you want to run through a very simple exercise. Put each data point on it’s own sticky note. Use the stickies to combine various data points to create different points of view.

The goal of this play on usability card sorting is to find which data points pose more risk to your business when they are linked to other data points.

If we take the VTech example, their app store requires a billing address, the social app links parents and children, and the messaging server temporarily stores photos and private messages. Individually each of these data points poses a risk. Combined, that risk escalates dramatically.

Mapping out all possible connection between all of the data points you collect & store let’s you better identify risks and set the appropriate mitigations.

Those mitigation could entail;

  • not storing the data at all
  • isolating the data in separate backend systems
  • ensuring that your monitoring practice is looking for warning signs of data aggregation

Until you map out the entire landscape of data you store & collect, you won’t know what level of risk you’re facing. Without that knowledge, how can you formulate an effective defence?

Prepare For The Worst

No one wants to be hacked. It’s a security team’s worst nightmare. You can reduce the impact of a breach by taking steps now.

  • Set out a communications plan. Create a few templates for key communications so you can fill in the details during the incident in order to reduce your response time
  • Practice and planning are key. Work through possible response scenarios ahead of time. Practice them. Make sure you know who has the authority to suspend services if you need to take dramatic steps to contain a breach
  • Know what data you are collecting and where you store it. Understand how those data points can be combined and how those combination affect the risk (and value) of the data. Add additional protections as appropriate

When you’re focusing on keeping the lights on or, worse, getting them back on. The last thing you want to do is to shoot from the hip. Writing out a clear playbook for all aspects of incident response is the key to a successful response.

How to Protect your Business from Cyber Crimes

When you hear about major cyber crimes such as the Home Depot and Target security breaches, you probably can’t help but to worry about the security of your own business. Cyber criminals seek out sensitive data, and every business is at risk. But just like you put a security system on your home or an alarm on your car, you can put a metaphorical security fence around your business’s data, too.

The best way to protect yourself, of course, is to identify potential risks and combat them. Here are a few ways you can do that.

Issue: Crimeware. Also known as malware, these are essentially viruses that infiltrate your systems, compromising servers, desktops, and data.
Protection: Ensure you have installed up-to-date anti-virus and anti-malware programs, browsers, and firewalls. Block your systems from Java browser plugins and implement configuration-change monitoring.

Issue: Employee or insider abuse of privileges.
Protection: Require logins for every aspect of your data and keep track of these. Review user accounts so that you can identify abnormal behavior. Audit accounts regularly and monitor any data transfers that go outside of your organization.

Issue: Espionage – the infiltration and gathering of data from outsiders.
Protection: Ensure that all software is patched, especially in areas of weakness, and that anti-virus software is up-to-date.  Keep track of data analytics and train your employees to recognize abnormalities. Make use of secure cloud-based office phones and cloud-based servers to properly track network and application activity – this will help you to better identify inconsistencies.

Issue: POS intrusions, or the access of POS systems by outsiders.
Protection: Limit or ban the access of POS systems from third parties. Enforce the use of password access and keep track of all logins. Limit or prevent the use of POS systems to browse the web or perform any other non-work-related tasks.

Issue: Card skimmers, or the collection of credit card or other payment data. Once a customer has their card skimmed via your company’s data, it’s unlikely that they’ll trust payment with your company again.
Protection: Train employees to spot suspicious behavior and regularly inspect credit card swipers at any brick-and-mortar sale location. Install tamper-evident controls and safety measures such as mirrors on ATMs.

Issue: Other errors
Protection: Have a third-party company manage or maintain your cloud servers if your business doesn’t have the capacity to train your existing IT team. Encrypt all data. Stay on top of software or business system updates and keep all employees in the loop to avoid any application misuses or data breaches.

What is the Cost of a Cyber Attack?

Even as we shift our focus more and more toward tech security, it’s not perfect (and it’s unlikely that it ever will be). Even major corporations are at risk for – and have fallen victim to, quite recently – security breaches, whether it was in the form of leaked credit card information, hacked e-mails, or any other form of information compromise. A breach in cyber security is a threat to profits, to customer loyalty, and to the business’s security in general. Let’s take a closer look at what it means if your company’s virtual data isn’t secure.

The Average Loss per Cyber Attack is $3,220,000
…Not to mention that that number is higher in the United States. Here in the US, a major company can lose out on $5,850,000 when it suffers a major attack, which is the highest average net loss in the world. Germany pulls in second at $4,740,000 lost on average, and not even France or the UK can compare.

The Cost of Additional IT Security is Nothing in Comparison to Potential Losses
Obviously, the only way to prevent these massive losses due to cyber-attacks is to increase cyber security. The problem is that most companies don’t want to make this investment, as it sometimes comes with a bit pricetag. What these companies don’t realize is that, according to IBM, a stronger security presence could save a company up to $14 per lost data record. Bigger amounts of data compromised means bigger losses – but effectively, this means that the average company could increase their IT spending by $330,000 and still break even should there be an attack.

Companies Spend the Least on Data Center Systems
It’s plain to see that the digital world’s economy has grown at a staggering rate, thanks to the rise of mobile devices and cloud-based services. However, not many companies are investing on bigger, better data center systems. Telecom services rake in 8 times more revenue per year than data center systems; however, investing in better data center systems could mean investing in better security. Hopefully there is an upward trend to come.

Certain Industries Feel it the Worst
Every industry is at risk for data breaches, but a few are the biggest targets: banking, retail, IT, and hospitality. It seems that education, transportation, and entertainment, on the other hand, are the least at risk. Whether your business is in any of these industries should play a role in how seriously you’re taking cyber security.

Managing Shadow IT

By Rachel Holdgrafer, Business Content Editor, Code42

Code42_Shadow_IT“Shadow IT,” or solutions not specified or deployed by the IT department, now account for 35 percent of enterprise applications. Research shows an increase in IT shadow spend with numbers projected to grow another 20 percent by the end of 2015.

Experts agree that shadow IT is here to stay, particularly the growing tendency to use cloud services for collaboration, storage and customer relationship management.

Enterprise organizations can’t afford to bypass the productivity and profitability that comes with a happy and enabled mobile workforce. However, the utilization of SaaS that IT has not vetted and approved may expose regulated or protected personal data, which a business is responsible for remediating.

California leads the way in the privacy arena with the Security Breach Notification Law and Online Privacy Protection Act. The Federal Trade Commission is the primary U.S. enforcer of national privacy laws, with other national and state agencies authorized to enforce additional privacy laws in vertical industries such as banking and health care.

Sanctions and remedies for non-compliance with FTC data protection laws include penalties of up to US $16,000 for each offense. The FTC can also obtain an injunction, restitution to consumers, and repayment of investigation and prosecution costs. Criminal penalties include imprisonment for up to ten years. In 2006, a data broker agreed to pay US $15 million to settle charges filed by the FTC for failing to adequately protect the data of millions of consumers. Settlements with government agencies can also include onerous reporting requirements, audits and monitoring by third-parties. A major retailer that settled charges of failing to adequately protect customer’s credit card numbers agreed to allow comprehensive audits of its data security system for 20 years.

So, what is the answer? How do you start to get a handle on shadow IT?

Ask.
Ask employees which cloud services they are using. You might also need to utilize a combination of automated and manual discovery tools to get a complete picture of what programs employees are using and what data is hosted and shared in provider clouds. These “cloud consumption” dashboards can monitor and assess cloud usage and detect encryption tools at each host.

Protect your data.
Implement automatic backup of all endpoint data in the enterprise to capture a real-time view of where employee data lives, when and where it moves and who has touched it—even as it moves to and from non-approved clouds.

Act fast when the inevitable happens.
The reality is a breach may be inevitable, but you can recover. With continuous and automatic endpoint backup, IT can quickly evaluate the content of files believed to have been breached and act in good faith to lessen the impact. Additionally, understanding what was stolen allows a company to make an accurate disclosure and manage consumer confidence issues.

For CIOs and IT staff accustomed to maintaining complete control over their digital ecosystems, relinquishing even a bit of this control can be terrifying—even in the name of productivity. And yet, with a security strategy that focuses on complete data visibility, they can empower mobile workers while minimizing the risks associated with the dark side of shadow IT.

 

Take Advantage Of Network Security – An Ounce Of Prevention Is Worth A Pound Of Cure

In the minutes, hours and days that follow a widespread, widely publicized data breach, most companies scramble, amping up their security measures in an effort to overcompensate for their lack of proactive preparation. A Forrester Research study revealed that more than 45 percent of businesses opt to increase security and audit requirements after an attack occurs. But as our grandmothers always say, an ounce of prevention is worth a pound of cure. Basically, Grandma was trying to say that a proactive approach to security—versus a reactive one—helps to ensure that your business is protected without having to learn the hard way.

While a lax data security plan may be the most detrimental of business strategies, a close second is taking a “one and done” approach. In reality, true data and network protection requires constant effort —it’s not a checklist to be completed, filed away and forgotten. System security, as a whole, is a moving target with new threats and vulnerabilities popping every day and from all angles. Which means one security solution may become outdated just as quickly as it was implemented. Without dedicated resources and the training required to implement and monitor advanced security solutions, organizations are basically sitting ducks, putting their corporate assets at greater risk.

Network Security

So where do you start? System protection begins with a thorough risk vulnerability assessment—and trust me, there are plenty of vulnerabilities to look for. For example, consider the impact of Bring-Your-Own Device (BYOD), with its myriad of points at which employees may unknowingly compromise corporate network security. Or take into account the rising threat and increased variety of Distributed Denial of Service (DDoS) attacks. From organized crime rings to hacktivists to foreign government hacking attempts, the complexities and motives are changing by the day.

By identifying the most vulnerable points within your current system and workflow, you can then start to draft a strategy and analyze potential solutions. Creating a customized security plan, one that’s tailored to addressing those vulnerabilities head-on, is foundational to a solid strategy. Your plan may include simple items, such as creating and implementing a formal BYOD policy. Or you may need more comprehensive protection, enhancing your network and cloud security through a Managed Service Provider (MSP) or bringing in a variety of tactical solutions, such as firewalls, antivirus, OS hardening, intrusion detection and web filtering as applicable. A complete security solution should protect your data and applications from all angles — network, cloud and employee communication—to mitigate any threat to your data.

Part of a successful security plan, however, is allocating enough staff and resources to support that plan. The best-protected systems are those that are constantly managed by a dedicated IT team. If, in your risk assessment efforts, you find that you’re lacking resources to provide ongoing support and monitoring, a Managed Network Security Solution may be the answer.

Our Managed Network Security Solutions provide not only security, but also the team that can support your security mission. We offer 24 x 7 x 365 management and monitoring, going beyond protecting PC desktops with custom, comprehensive real-time protection against attacks, defending and protecting your entire office-computing environment against the latest generation of Internet threats.

Take the first step toward achieving system security and contact a Prime representative today. Remember that ounce of protection? When we’re talking about data security, it’s worth WAY more than a pound of cure.

Business IT: It’s all in the Fundamentals

Here are some basics in Business IT Security. It is almost like football :

  1. Block and Tackle- your safety depends on it.
  2. Have an Executable Plan and Stick to it.
  3. Don’t get Juked

Like they say, “Everything else is commentary, go learn it!”.

Security: Blocking and Tackling

While there’s no such thing as an IT environment that is 100 percent secure, taking fundamental steps to assess and  harden IT systems is the basic “blocking and tackling” of IT security that removes the root cause of the vast majority of breaches. These steps include:

» Assess and inventory configurations on all servers and devices, and compare the results to some under-stood, recognized security standard (like CIS, NIST, or ISO 27001)

» Gain immediate, real-time insight into any changes to the files, configurations items and states that define this security standard

Blocking and tackling for security professionals means going back to basics and eliminating the “easy ins” preyed on by attackers, like open ports and unused services, the use of default or easily guessed administrator passwords, or improperly configured firewalls.

Blocking and tackling for IT security teams also means keeping continuous watch on these systems, to detect the clues that indicate attacks in progress, like security controls disabled by anti-forensic activities, oddly elevated permissions or unexpected changes to critical files.

Security configuration management solutions are built to make these issues visible to IT security professionals, and to give them the information and tools they need to manage them in the most automated way possible.