Consumer Protection | Business Protection

Understanding the U.S. Cybersecurity Legislation

April 23rd, 2012

Jackie here, with AllClear ID. Helping our you to protect your identity is one of our top goals here at AllClear ID. For that reason we are always interested in anything security related in the news, in Washington and around the US, like the US Cybersecurity Legislation.

April 23, 2012 marked the start of “Cybersecurity Week” with multiple cybersecurity bills set to go to voting in the House and Senate. Many of the bills are highly controversial and could carry long lasting implications for both cyber security and civil liberties. We look forward to seeing how our lawmakers will shape national policy in the coming weeks.

Let’s take a look at a few of the proposed bills.

Cyber  Intelligence Sharing and Protection Act or CISPA (H.R. 3523)- The Cyber Intelligence Sharing and Protection Act, also known as CISPA, authorizes the government and private companies to share information to protect networks and the country from potential cyber threats. It is a proposed amendment to the National Security Act of 1947. Critics of this bill worry that the bill gives too much freedom to government agencies by adding a cybersecurity exception to many of the privacy protections now in place. The full text of CISPA is available here.

Promoting and Enhancing Cyber Security and Information Sharing Effectiveness Act or PRECISE (H.R. 3674)- This bill is heavily supported by the Homeland Security Committee and is quite similar to CISPA, but with more restrictions and exceptions to how information can be shared. This bill is not as popular with House leadership and is currently not expected to go up for vote during “Cybersecurity Week”. Read the full text of this bill here.

Cybersecurity Act of 2012 (S. 2105)- The Cyber Security Act of 2012 is an act that gives the Department of Homeland Security the right to assess the potential risks and problems with various infrastructure systems that are deemed critical to the United States. Critical systems are those that could wreak havoc on the US if compromised through massive citizen death or injury, economic damage or national security concerns. These critical infrastructure systems would be able to create their own security protocols, but they would need to meet minimum standards developed by the Department of Homeland Security. Companies would receive protection from civil liabilities due to cybersecurity risks if they meet and maintain the minimum required standards. Read the full text here.

The next few months should prove interesting as lawmakers race to create cybersecurity legislation to better protect networks and national security. These proposed laws and the many others currently under consideration may change the way that your information is protected and shared.

Tags: , , , , , , , , , ,

4 Ways Cybercriminals Use Mobile to Attack

April 19th, 2012

Allison here, with AllClear ID. It’s clear to most people that cybercriminals can get into mobile devices or use mobile technology to steal identities. But, just how are they doing this? What should consumers be aware of when using their smartphones or surfing the web on the go? Here are four ways that cybercriminals have been known to use mobile and mobile devices to attack:

  1. Search Poisoning – Mobile search is still in its infancy, and many haven’t optimized their websites for mobile search. Therefore, there’s been an opportunity for cybercriminals to “poison” search results by having their rogue sites rank for popular key terms. By having their sites rank so highly, people click on the links thinking they’re legitimate, but end up going to malicious sites with malware. This practice is also increasing with image searches, which are harder for the search engines to track and to get rid of.
  2. QR Codes – QR codes are those funny boxes that businesses place with their ads. Use your smartphone to read the code, and then you receive a coupon, sign up for a newsletter, or even scan to call. For the most part they are fine, but cybercriminals are now using them to lure people to malicious website. To check a QR code for legitimacy, use a scanning app that lets you see the URL before you scan it. This way, you can see where it leads. Also, don’t provide log in or personal information when you come to the website from a QR code. This is a red flag for a phishing attempt, and is a way for cybercriminals to steal identities.
  3. Rogue Apps – It’s projected that there will be 183 billion app downloads by 2015. Cybercriminals are taking advantage of the growing ubiquity of apps by creating apps of their own, and releasing them onto the market. These apps can inject malware into your mobile device, or can be granted access to your location, photo library, and other personal information. These rogue apps have even made their way into Google’s and Apple’s app stores! To protect yourself from these apps, don’t grant them access, especially if it seems suspicious (like a game app wanting access to your phone book). Also take a look at the reviews before purchasing or downloading the app. Be wary of those with negative complaints, or without any reviews at all.
  4. Fake Wi-Fi Hotspots – This problem is most common in public places, such as airports and coffee shops. You’re on the go, and you just want to check your email. Cybercriminals have set up fake wi-fi hotspots in public place where people expect free wireless access to be able to watch what everyone is doing and steal passwords and other personal information. If you’re surfing the web in a public place and are unsure if it’s secure, or even real, then keep your activities to web browsing. Don’t log into anything, and certainly don’t do anything that involves your personal information.

Tags: , , , , , , , , ,