Securing Home Network

While filing your taxes using your personal computer at home, did you feel the information in your PC are all safe and secured? I usually get little nervous connecting my PC to any free WI-FI available in a coffee shop or free wireless zones. I feel much better and safer using the internet at my own home network but when I read some articles on identity thefts and data breach, I doubt if my home network is secured enough to protect my electronic information. We know that securing home network can ensure the users can use the internet safely, but the question is – are we following the steps properly? I have seen a lot of promotional efforts by many internet service providers like Cox and Century link on applying extra level of security in home network and the importance of encrypting electronic information. However, many average users still do not realize that just using encryption might not be enough. While setting up wireless or wired home networks, many average users rush through the steps to get their Internet connectivity working as quickly as possible, and by doing so they may be skipping certain important security steps that may open a window for hackers to get into their home network. This security breach can result in unauthorized access of personal data from the home computers. Depending on the nature of the incident, a security breach can be anything from low-risk to highly critical.

Within an organization, security breaches are typically monitored, identified and mitigated by a software or hardware firewall, but home network may lack some of those features due to cost factors related with security software or due to home owners not having good knowledge on network security. Besides stealing personal data, often the hackers want to gain access into others’ computer so they can use it to launch attacks on other computer systems and hide their true location as they launch cyber-attacks. These hackers are always discovering new security holes to exploit in computer software; hence, it becomes a sole responsibility of the computer owner to install the patches to cover any security hole. Having a good understanding of security configuration of modem, router and setting up firewall, installing patches and anti-virus software can turn out to be very effective while protecting home computer network.  Physical security of the networking devices is also equally importance which many home owners need to maintain.

Federal Communication Commission recommends users to use Wi-Fi Protected Access II (WPA2) which is the most effective standard for encryption available today. Home network owners can use the recommended solutions which are also advised by FCC and NSA to protect their network from the intruders, hackers and identity thieves. Home owners should not be sharing their WI-FI password to their guests at all, instead they can setup a guest WI-FI account that many new routers include in features these days. Having an unsecure home network can be considered similar to leaving your car door open for someone to enter and steal it. Intruders may park their car within the WI-FI range to the house and try to hack into the home network, so home owners need to pay special attention to any suspicious vehicle parked near home within the WIF-FI access zone.

I really enjoyed using the new app named “Nextdoor”, which can be considered as social networking site for neighbors. I have received many helpful tips and suggestions from my neighbors related with securing the neighborhoods, also many have been reporting any suspicious activities in their area and notifying neighbors to take precaution. In my opinion, with the rapidly changing technologies - home owners should migrate to modern operating system and platform and update existing applications, as the latest versions always have improved security features. I strongly agree that security-conscious technology users within home network can surely keep the intruders away.

References:

FCC (n.d). Protecting Your Wireless Network. Retrieved March 23rd, 2015 from http://www.fcc.gov/guides/protecting-your-wireless-network

Geier, E. (2014). 8 ways to improve wired network security. Retrieved March 23rd, 2015 from http://www.networkworld.com/article/2175048/wireless/8-ways-to-improve-wired-network-security.html

Krebs. B (2011). New Tools Bypass Wireless Router Security. Retrieved March 26th, 2015 from https://krebsonsecurity.com/2011/12/new-tools-bypass-wireless-router-security/

Health Care Service Data Breach

While driving to work this morning I heard in FM radio about yet another data breach, this time the victims were the customers of Premera Blue Cross, which is a major health care service. As I used to have health insurance service via Blue Cross Blue Shield until last year, the news made me quite curious and little worried, so I surfed online to find more on what really happened.

An intrusion into the Premera Blue Cross’s network may have resulted in the breach of financial and medical records of 11 million customers. The company said its investigation revealed that the initial attack occurred on May 5, 2014 and they found out about this attack only on January 29, 2015. In their statement the company said that the incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and our affiliate brands Vivacity and Connexion Insurance Solution.

“Our investigation determined that the attackers may have gained unauthorized access to applicants and members’ information, which could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information. This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska.

“Individualswho do business with us and provided us with their email address, personal bankaccount number or social security number are also affected. The investigationhas not determined that any such data was removed from our systems.  Wealso have no evidence to date that such data has been used inappropriately.”

The company will be notifying the affected customers via letters and it has announced to offer two years of free credit monitoring services through big-three credit bureau Experian. The company further mentioned that it is working with security firm Mandiant and the FBI in the investigation.

The days of massive data breaches in major retailers and health care services are far from over. In my opinion they are targeted because their system holds the millions of users records and information. If I was one of those 11 million customers who get letter indicating my information has been hacked and I have been offered two years of free credit monitoring, I do not think I will feel better about getting free credit monitoring offer for two years. When the customers provide their information to the health care provider, trust was the main factor and the company has lost that now. I think it was their responsibility to ensure the information is not exposed to the intruders and I still do not understand how something big like this was identified after more than 8 months.  The company mentioned in its website that “The security of our members’ personal information is a top priority”, but at this time they seemed to have lost their members’ trust already.

Reference:

Krebs on Security (2015). Premera Blue Cross Breach Exposes Financial, Medical Records.  Retrieved from https://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/

Data breach at major retailer

Sometimes I wonder how many credit cards do I have. I think I got about 10 different credit and debit cards; and if I include the rewards plus gift cards, my purse becomes a tiny fat briefcase. I don’t feel safe to have all those cards in my purse while getting out of the house, so I usually put only the cards in my purse that I plan to use during that week/month. There were times when I used to have couple of credit cards from well recognized credit card companies only, but now I have about six or seven credit cards just from the retailers and stores that I visit regularly, i.e, Yonkers, Sears, Walmart and so on. When I heard about the data breach in Target back in 2013, I first questioned to myself if I own a credit card from this store. I felt relief that I did not own any card from Target, but when I read the news that guest accounts had been impacted as well and information had been stolen, I was full of worries.

Approximately 40 million credit and debit card accounts of Target customers might had been impacted between Nov. 27 and Dec. 15, 2013. The company announced that if the customers shopped at Target between Nov. 27 and Dec. 15, 2013, they should keep a close eye for any suspicious or unusual activity on any credit or debit card accounts that they used while shopping during that time. The hackers had gained access to guest credit and debit card information and certain guest personal information was also taken. The information included names, mailing addresses, email addresses or phone numbers.  The company mentioned that up to 70 million individuals might be affected and they were committed to making this right and were investing in the internal processes and systems needed to reduce the likelihood that this ever happens again.

I live close to Target store and I had been there during that time frame for shopping and groceries. I did check my credit and debit card transactions during that time period but did not see any suspicious transactions, but I was really paying more attention to see if there was any major transaction that happened. What if the hackers had charged $1 to my credit card account indicating a service or membership fee? I would probably have ignored it as it was $1 only, but now when I read into this more – what if they had stolen $1 from each of those 70 million individuals impacted?

We all should know that online information we provide in today’s world is not going to be 100 % secured, all we can do is try our best effort to secure the information. Once I figured out I had visited target store during that time frame and had used my credit card, I called my credit card company and reported this. They issued me a new card and suggested me to pay more attention to my credit transactions and statements.  Based on my experience with Target’s data breach, I agree with below suggestion from the retailer which we can do to avoid social engineering scams:

Ø  Keep an eye on your monthly statements. If youraccount information is stolen, fraudsters can use it to charge purchases orcommit crimes in your name. Watch for unusual charges such as “membership fees”and other goods or services you didn’t authorize. If you see a charge you don’trecognize, contact your account provider immediately.

Reference:

 Target (n.d.). Data Breach FAQ. Retrieved March 17^th, 2015 from https://corporate.target.com/about/shopping-experience/payment-card-issue-FAQ

Little about myself and the blog

Hello everyone,

My name is Sabina Shrestha and I am currently enrolled at Bellevue University for Masters in Management Information System degree program. I am currently in the midway towards achieving this success and throughout this journey I have learned a lot about Information Systems and Technology. I did my undergrad in Aviation major and am currently working in aviation field; so learning about information systems and technology has been a complete new and wonderful experience for me so far and I have been enjoying it a lot. The posts in this blog will be based on my researches and findings on managing information security and I will surely add the references to any information I find useful from various sources. 

Thank you!

-Sabina