Security Learning Archives - Aditi Group Managed IT & Consulting

Stop Insider Theft & USB Drive-By with Zero Trust

computer service — Mon, 18 Nov 2024 21:02:18 +0000

Remember Physical Data Security

Just like fortified castle defenses, most electronic data security focuses on the internet. Phishing emails, malicious websites, unsavory social media links, public Wifi connections, and weak passwords. All are potentially exploited by data thieves. But what about the old school theft? What about in person physical theft of data?

Stealth Storage in a Pocket

Insider theft and passers-by can too quickly pop in a USB drive and terabytes of data quickly and unnoticed. Storage size and data transfer speed are no longer limitations for would be thieves. Today’s reality is that even USB flash drives aka thumb drives can be found for less than $20 for 2TB of storage!

- USB flash drives
- Portable 2.5″ Solid State drives
- Portable 2.5″ hard disk drives
- USB adapters for M2 SSD sticks
- USB A, B, C
- USB 3.0
- mobile phones

Gone In 60 Seconds?

What About Our Ever Present Phones?

And perhaps most stealth of all…the our ever present mobile phones! Who would notice a cell phone connected to a computer? Likely just a battery recharge right? Maybe it’s more. An iPhone can have to 1TB of storage and many Android phones have large storage AND the ability to add microSD cards for even more.

USB Adapter for M.2 Internal SSD

As high as 4TB of space, blazing fast, and small as a stick of gum!

What’s the Risk? What’s At Stake?

Everything valuable to you and your business.

HIPAA breach of protected health information (PHI). Company proprietary secrets. Customer private financial information, including social security numbers and other items covered by GLBA and consumer privacy laws. Book of business – the clientele that you’ve worked so hard to build up over the years. Embarasing photos or insinuating documents.

Breach of privacy laws can mean massive financial penalties by authorities, lawsuits, and potentially even jail time. And your reputation can flip from trusted authority to careless, untrustworthy people to avoid.

Stealth and Easy Use Enables Theft

USB storage devices – portable drives and mobile phones, enable in-person, local theft of data if they are allowed.

Theft happens in one of three ways:

1. The door is left OPEN – the invitation to take unprotected things
2. An OUTSIDER breaks in – hacking and social engineering
3. Someone INSIDE is the thief – you’re given access as a team member

Zero Trust Solution: Block USB

The heavy handed IT admin’s solution is to simply block all USB ports. No more connecting thumb drives, phones, or portable SSDs and HDDs. Blocking USB drive storage can close an overlooked door that few choose to secure. This follows the assumption that files copied or saved to extneral USB connected drives are suspect and not to be trusted. This closes a real and serious security hole. But it also can create a roadblock to work flow by denying USB connected devices that you WANT. So, really a more nuanced and complex strategy is what most people want. And it is what keeps IT admins from implementing it: complexity.

Let Aditi Zero Trust Do the Work

A much more practical path forward to secure your data, while allowing dyanmic workplaces and convenience is with Aditi Zero Trust. Data storage controls can regulate storage options by specific computer, workgroup, user, or even software program. Our set of tools allows us to deal with all of the complexity of enabling software functionality and workflow that you need while locking down and blocking everything else. Aditi Zero Trust is supported 24/7 and we are able to react to any new requests for software changes within a few minutes. So, you get the best overall security while keeping business flowing smoothly.

The post Stop Insider Theft & USB Drive-By with Zero Trust appeared first on Aditi Group Managed IT & Consulting.

How QuickBooks & Lacerte can weaken security and help hackers

computer service — Thu, 10 Oct 2024 23:19:06 +0000

What to do when your software needs Windows Admin rights: safely using QuickBooks & Lacerte

Overview

Lacerte and QuickBooks require Administrative Windows user level permission to keep software updated. This is different than the various QuickBooks user level accounts within QuickBooks. Why does this matter? As we explain in other Aditi Group articles, a key goal of hackers is to get admin rights.

Once a user has Windows admin permissions, he or she can open more doors, access more data and functions, run exploits, change user credentials, and ultimately, get to the goods – sensitive financial info.

Aditi Group uses unique software that allows programs to have Admin rights, without requiring users to be Admins. So programs function correctly, while allowing Windows users work without Admin level rights – in a much more secure mode. Work gets done while blocking potential hackers from greater access.

QuickBooks is synonymous with personal and business accounting. Nearly every bank and online investment account allows you to export transaction history and account data in QuickBooks file format. Even better, you can connect financial institutions directly to your QuickBooks software to sync data automatically. It’s the most widely used accounting and bookkeeping software for small businesses.

Another in the Intuit portfolio is tax preparation software Lacerte. Acquired by Intuit in 1998 for $400 million, it’s not one of the more known Intuit names, but there is a large base of CPA’s and tax preparers. Both progams are part of the ever growing portfolio of Intuit, current owner TurboTax, Credit Karma and Mailchimp.

Administrator Rights

QuickBooks and Lacerte require Windows Admin user account credentials to run updates, which, during tax season, can be frequent. Aditi Group has seen updates daily, and even more than once a day at times. And tax prep offices may be running a slew of different tax years simultaneously, each one requiring different Lacerte program version.

These means QB and Lacerte users need to be made Windows Admin level to keep the office running with their core software. The violates a basic principle of security: only use the level of access you need right now.

Don’t work in Admin mode all the time. Use non-admin accounts for daily work. Use Admin accounts to make changes, review issues, and access resources for special action. See what Google recommends to administrators:

What Does Google Say to Admins?

Don’t stay logged into Admin or use Admin accounts for everyday work. Google, like most sources, cautions against remaining logged in as an admin, or in the context of Google Workspace (aka Apps), as Super Admin.

Prime Hacker Targets

Financial professionals who deal in analyzing, tracking, managing, and reporting on money are prime target for hackers. Especially Tax Accountants and Tax Preparers. Your valuable info, including your social security number, is the golden key that credit thieves are looking for. Not only can fraudsters potentially create new credit accounts in your name, but they can also potentially file for tax refunds in your name, and to be collected by them. In fact, tax return fraud is such a huge problem in recent years that the IRS flags millions of returns as potentially fraudulent and requires tax user verification. An untold number of fraudulent returns make it through the system.

As we write this, October 15th is fast approaching and smack in the middle of national Cybersecurity Awareness month. It’s fitting. Hackers know that it’s “silly season” as some tax preparers call it. They know that heavily loaded staff working long, late hours can more easily click on a phishing email link instead of a legit message from a client and accidentally let in a potential hacker.

Feeling the Pressure

Tax Seasons Around the Year

As the tax filing dates grow closer for individuals in April and October and for business with their tax filing deadlines, the pressure cooker in many tax prep offices heats up and up. Clients (hey, that’s people like you and me) tend to wait until the deadline and then some, to get data, and I mean all the records to the tax prep offices. And then we demand that OUR filings are submitted on time. And hey, where’s my refund?

Monthly Close & Reporting Deadlines

When CPA’s and bookkeepers aren’t hustling with tax prep or filing steps, they’re keenly aware of the regular reporting that many business leaders require to pace company progress and manage the tactical and strategic plans through the year. Like tax filing dates, these end of month, quarter and yearly points mean more work and more pressure clients to get data processed and reports done.

<< IT Managers’ Dream

The fantasy for many a CISO or IT manager is to fully lock down every computer. No one gets admin rights but them. No one else can make changes, install risky software, use weak passwords, move data with insecure ways, or otherwise erode the secure defenses our IT leaders put in place.

>> IT Reality

Keeping offices in forward motion and appeasing staff traditionally means trade-offs. We vote for quick and easy over secure and thorough and secure. The real picture is too often weak or compromised security to allow programs and people to get the job done. Thieves pray on the security trade-offs and compromises we make for convenience. Something to exploit!

Elevation Control Solution

Aditi Group employs a software system that allows us to exercise granularly assigned rights and privileges to both programs and people. Those rights can be set with a variety of factors which gives IT managed service providers like us at Aditi Group, the ability to approve Lacerte and QuickBooks for Windows administrative permission, while keeping users are non-admins. So, users, including hackers, can’t directly get to the admin privileges.

Enjoy the Security & Productivity Rewards

We can have our cake AND eat it too. We can now effectively and securely enable powerful software tools while reducing cybersecurity risks. This is the not the end-all, be-all for security, but it significantly reduces risk of hacking of valuable financial data. And that can be the difference between having a thriving accounting, bookkeeping, or tax preparation business and lawsuits and penalties for allowing hackers to get to client data.

The post How QuickBooks & Lacerte can weaken security and help hackers appeared first on Aditi Group Managed IT & Consulting.

What’s the Score? National Vulnerability Database

computer service — Wed, 10 Apr 2024 20:27:26 +0000

Weakness Scoring System

Our Federal government division witin the Department of Commerce, under the National Institute of Standards and Technology, NIST, has a National Vulnerability Databaase designed to help the public, and especially the technical administrators of IT systems to guage potential weaknesses or vulnerabilities in software and hardware systems.

NIST has been working with private industry and other public sector organizations to rate and maintain a catalog of IT threats. Originally started in 1999 under another name, and as an effort between NIST, SANS institute, and othrs, under the name ICAT or Internet Category Attack Toolkit. It evolved and even faced death by lack of budgets until rebranded as NVD in 2005 and supported more fully.

Example: 7.8 Severity Linux Vulnerability

This page is an excellent example of the use, and also of how technical it is. https://nvd.nist.gov/vuln/detail/CVE-2021-46936

The post What’s the Score? National Vulnerability Database appeared first on Aditi Group Managed IT & Consulting.

Is Blockchain a Security Savior for Healthcare and Us All?

Cyber Guru — Thu, 03 Nov 2022 19:49:44 +0000

The Goals of Blockchain: Trust and Security

What is Blockchain? Blockchain explained for non-coders

Blockchain is a way of recording that sequentially links every revision of a a record, in a distributed / shared log (or ledger for finance folks). Every transaction is recorded in an every growing record chain.

Featues of Blockchain Records

decentralized digital record ledger
data records (blocks) are tied together in time sequence
any change to a record adds a new block
nothing can be deleted or changed without a record as evidence
“tamper proof”
can be used for any kind of data
distributed network – doesn’t reside on just one computer or desk

Security and Trust

Blockchain brings the promise of trusted data, and impossible…or very low probability of fakes. It can allow a person to own their own data and share it with the world as they choose. Panacea.

Code Is Opportunity

But this is code and electronics. There is always some relative weakness. Code is the realm of hacks.

Crypto hacks have shown that environments where blockchain are used are not unlike other things in the cyber world. Regardless of how trusted or secure a blockchain inidivudal record is, the the application or system it’s used in is vulnerable to the same old cybersecurity problems that befall everyone else.

Two main ways: stolen keys (the passwords), and exploiting bugs in code. Here are some expensive examples:

The Nine Largest Crypto Hacks in 2022

The biggest cryptocurrency hacks of all time

Where is Blockchain Used? Is it Here Yet?

Blockchain is being introduced in the background with the big insurers, banks, pharma, governments, etc. For most of us, we won’t see it or it won’t affect us for a while (some years). Blockchain is really only encoutered by most people who invest in or read about crypto currencies. What blockchain offers crypto is the distributed, trusted accounting that is needed when there is no central bank. It’s the perfect and obvious applicaiton for this new way of tracking transactions.

Healthcare Blockchain & How It’s Used

Blockchain methodology and application are still in the infancy stages for the healthcare industry as a whole. There is an ever increasing number of companies applying blockchain in different ways.

Some create trusted data share groups. These allow us patients – us individuals to own and control our personal medical history records. We can choose who we allow to view and add to our records. And they can’t be tampered with. That’s real power in the hands of the people.

Some healthcare blockchain companies and projects focus on the validation of drug history, DNA info, etc. This is similar to traceability that supply chains are generally concerned with. Knowing the history or the full life path of who touched an item from raw material and out and into the marketplace, is important for controlling quality, safety, and accountability for problems.

Other blockchain tech companies just create data network protocols (the code stuff) or hardware (like crypto currency wallets). These support products and services advance the practicality and usefulness of blockchain in healthcare.

Why Aren’t We All Using Blockchain?

What’s the Holdup? We need trusted, secure solutions today!

The Performance Problem

Blockchains also suffer from a capacity problem. That’s the reason one crypto currency has not really won out yet. Each transaction must be written somewhere. Therefore, the greatest strides have been done through supply chain. Once the object has been delivered, it can be archived or erased. Food is the one application that holds the greatest promise. A head of lettuce grown in a field can be tracked until sold. If a contamination is discovered, tracking to the field, within a farm, can be pulled out of the blockchain in an instant.

Cons for using blockchain are processing speed and resources needed. It can consume a lot of computing power to solve the complex cryptographic equations for validating a record to be added to a chain. For crypto currencies, this is one way you get paid – by “mining” or by computing a new record. It takes time, so fewer transactions per second and computing power and electrical power. Both cost money…real money. : )

Healthcare faces the same limits as currency. People live a long time. Each prescription, procedure, etc. must be kept for the life of the individual. The cloud is not limitless. Everything has a capacity.

The post Is Blockchain a Security Savior for Healthcare and Us All? appeared first on Aditi Group Managed IT & Consulting.

Data Security Risks and Importance of Cybersecurity

Cyber Guru — Tue, 11 Oct 2022 15:35:11 +0000

Listen in as we kick off Cybersecurity Month with another great interview by Dorothy Cociu on the Benefits Executive Roundtable. In this show we discuss hot security topics and security breaches in 2022 and 2021. Find out what’s been happening and what you can avoid being a statistic!

Listen and follow the podcast series Benefits Executive Roundtable:

https://advancedbenefitconsulting.com/s4e6-data-security-risks-and-importance-of-cybersecurity-part-1/?

The post Data Security Risks and Importance of Cybersecurity appeared first on Aditi Group Managed IT & Consulting.

Cybersecurity 2.0 – The Latest on Cyber-Attacks, Ransomware and the Need for Risk Assessments

Security Expert — Fri, 20 May 2022 21:28:53 +0000

Aditi co-founders Ted Mayeshiba and Ted Flittner are interviewed in this lengthy article written by Dorothy Cociu, President of Advanced Benefit Consulting. We invite you to learn more about current computer and phone electronic data security threats and how to avoid some of them.

Highlight Topics Include

Are banking apps safe?
Microsoft Breach by Lapsus$ Hacker Group, March 2022
The risks of using QR codes
Crypto currency
The need for risk assessments – an ongoing security tool

Read the article at Advanced Benefit Consulting

https://advancedbenefitconsulting.com/cybersecurity-2-0-the-latest-on-cyber-attacks-ransomware-and-the-need-for-risk-assessments/

Read the article in the California Broker magazine, June 2022 issue

Read the article in the STATEment May / June 2022 issue

The post Cybersecurity 2.0 – The Latest on Cyber-Attacks, Ransomware and the Need for Risk Assessments appeared first on Aditi Group Managed IT & Consulting.

8th Annual World Password Day – Have We Learned Yet?

Security Expert — Thu, 05 May 2022 19:08:02 +0000

8th Time, No Charm

Today marks the 8th annual World Password Day as first started by Intel in 2013. So, the question is: have we learned anything since the first Password Day? Have we become any more secure?

Survey Says

2021 and 2022 surveys from password keeper software companies like LastPass and NordPass and telecom providers like Verizon all say NO. Recent surveys still, sadly point to top, most commonly used ones as:

123456
password
qwerty
password1
variations on these age old defaults

Make Your Move

With lots of articles reminding us this week, we urge you to take this moment to become more secure.

Aditi’s password security recommednations include:

A) Use 8-10 characters or more

B) Include mixed letters, numbers, upper/lower case, special characters

C) No names, dates, or easily guessed personal info about you

D) Unique – don’t re-use paswords for multiple accounts

E) Don’t leave them lying around

F) Use multifactor or 2-factor authentication too

Keep Passwords Locked Up

Use some kind of password record keeper so you use LONG, STRONG, and UNIQUE passwords. If you are trying to relying on remembering all your passwords, you’ll be too tempted to use the same one everywhere or keep them too simple or based on info about you that others could find on social media. There are lots of solutions including web based and offline, locally stored software tools.

The post 8th Annual World Password Day – Have We Learned Yet? appeared first on Aditi Group Managed IT & Consulting.

The Basics of Social Engineering

Ted Mayeshiba — Thu, 04 Jun 2020 00:13:47 +0000

Where Are You Most Vulnerable?

Hackers understand that employees are often the weakest link in an organization’s security. That’s why 98% of cyber attacks rely on some type of social engineering, costing companies $billions every year.

Are you familiar with these new Cyber criminal techniques that can leverage ANY connected employee to breach your security?

As an increasing number of employees are forced to work remotely during the COVID-19 crisis, IT networks have become even more vulnerable to cyber-attack, especially when users connect over unsecure Wi-Fi and/or Home Networks with their personal devices.

In addition to raising awareness about new security threats for your employees, we’ve included 8 tips to help teleworkers (and any connected employees) improve security. You’ll also see recommendations on how ongoing Cyber Security Awareness Training is crucial to a strong defense.

While users are regularly encouraged to keep their anti-virus definitions and software up-to-date, 6% percent of users NEVER receive any type of security awareness training, while another 33% receive only once per year or when they join the company.

Key Security Lingo

Every employee should also become familiar with the latest phishing and ransomware strategies to prevent becoming that weak link.

Phishing (or Spear Fishing)

Vishing

Pretexting

Business E-Mail Compromise (BEC)

Baiting

From an IT Security perspective, the term “social engineering” refers to cybercriminals using any number of psychological tricks to get users to perform actions (click on an email or link) or divulge personal or confidential information.
While technical hackers seek vulnerabilities in the networks or software, social engineering cybercriminals exploit an end user’s tendency to trust.

Other types of social engineering may include creating distrust, or starting conflicts by altering private or corporate communications. There are literally thousands of variations to social engineering attacks, limited only by the criminal’s imagination.

Phishing (or Spear Fishing)

Phishing is the most common type of social engineering attack. Hackers pose as a trusted source (a friend, boss, colleague, bank official, government agency, etc.) and concoct a seemingly logical scenario for handing over login credentials or other sensitive personal data.

The cybercriminal may obtain your email address from a compromised email account or web directory and then go “Phishing,” sending general emails to everyone, or go “spear fishing,” personalizing an email for just you.

The email will contain:

A link that you just have to click on, taking you to a website that asks for your personal information and/or automatically downloads malware
An attachment of pictures, music, movie, document, etc., that has malicious software embedded.

Vishing

Another type of phishing, using voice instead of text. The cybercriminal recreates an IVR (Interactive Voice Response) system of a trusted company, attaches it to a toll-free number and tricks you into responding to the cell phone prompts with your personal information.

Pretexting

Pretexting is a social engineering technique of presenting oneself as someone else in a fictional situation in order to obtain private information.

This may be another phishing exploit, or use baiting techniques, but it’s all about developing a believable story, which may include:

Urgent request for help. Your ’friend’ is stuck in another country and needs money to get home or to pay a fine. Or the CEO sends an email titled “URGENT!!!!!,” with a message containing spelling mistakes.

Ask you to donate to a fundraiser, or some other cause. Disaster relief, political campaign, or charity needs money and/or your personal information to keep you informed.

Notify you that you’re a ‘winner.’ This phishing attack claims to be from a lottery, or a dead relative, or the millionth person to click on their site, etc. In order to receive your “prize” you will need to provide your bank routing number along with other details to steal your identity.

Pose as tech support or other professional. Also considered a “Quid Pro Quo” attack, the cyber-criminal is responding to an issue, and requests information, and/or a download of a scanner (malicious software) to scan your system. The criminal may be quite helpful and provide productivity tips while stealing your identity.

Serious Business Pre Text

One form of pretexting, called Business E-Mail Compromise (BEC) uses a variety of tactics to con the company into wiring funds. The cybercriminal group likely gains access through spear-phishing and/or malware, and then spends weeks or months discovering the organization’s billing process, vendor payments, and the CEO’s email style and travel schedule.
Then when the CEO is out of office, the scammers send a targeted email posing as the CEO to the finance officer (bookkeeper, accountant, controller, or CFO ) requesting an immediate wire transfer. The vendor will sound familiar though the account numbers will be slightly different.

If undetected, the initial and subsequent requests will cost the company thousands if not hundreds of thousands of dollars.

Baiting

This type of social engineering scheme dangles malicious devices inside a seemingly harmless carrier, hoping someone will “take the bait.”

These schemes are often found on Peer-to-Peer sites offering a recent movie, or music to download, but they’re also found on social networking sites, job posting sites, online auctions and e-commerce sites.

The post The Basics of Social Engineering appeared first on Aditi Group Managed IT & Consulting.

Separate the Kingdom with a VLAN

computer service — Tue, 21 Apr 2020 23:07:14 +0000

You’re working at home. Only YOU should be able to access the company data. It also crops up in offices with different divisions or departments. Not just anyone and everyone should be able to view, copy, edit or worse, DELETE, the files that don’t pertain to them.

You’ve Gotta Keep ‘Em Separated

We all do it. We are told we should do it. Keep ’em separated. Don’t put all of your eggs in one basket. Keep the hot side hot and cold side cold. We do it in school. We divide groups so that they don’t mix with each other, when it’s really important to keep things pure.

A fundamental tenet of security is to keep minimize access to just those who need it. Health and Human Services tells health providers through HIPAA requirements to give people, including staff, access to the “minimum necessary”.

Why It Matters – Real Life Implications

Dividing computers or workers from each other into groups is a way to minimize the risk that the wrong people view data they shouldn’t. It also keeps people from altering data they shouldn’t. And it one of the strongest ways of keeping hackers from getting access to the whole kingdom once they get through one tiny crack in the wall.

Reflecting back on some of the largest data breaches on record, we see a common pattern. Hackers get access to one computer. Then they move out and over to other computers and shared devices – file folders, data bases, etc. Target’s breach of 70 million credit card users that took place on Black Friday is a poignant example of hackers getting to one computer and moving up, over, and into other data systems. Ultimately from one computer at a subcontract air conditioning service company into the Target financial systems.

Separate Physical Networks

Physical Local Area Network (LAN)

Easy enough to imagine a large office building with different networks that employees log into. Sure. Big offices often have numerous file servers. And the most basic method for keeping things split art is to hard wire the network cables that connect each computer to a specific server. Physical separation makes sense and is easy to understand. But it’s not always the most practical.

Virtual Networks

Virtual Local Area Network (VLAN)

What Does Virtual Network Mean?

Virtual networks share the same physical network connections – same wires, same routers and switches. But they are kept separate through software. Sophisticated server software, now routine for big businesses, allow networks to be created virtually. Once done, users on one VLAN have no ability to connect with users on another VLAN. They’re kept apart even though they use the same hardware.

Isn’t That the Same As My Home Guest Network?

No. Yes. Maybe. Sort of. It depends on details of the router and how the networks are set up on the router. Most “Guest” networks are not functioning as separate VLANs. In most cases, guest network users have the same resource access as primary network users. And everyone is on the same domain and ultimately, hackers can move from Guest to the Ring doorbell, Alexa or your computer with the family financial portfolio on it.

A guest network puts into place an ACL (access control list) that prohibits users from that SSID from accessing any network that is private.
10.x.x.x/8, 192.168.x.x/16, or 172.16.x.x/12

2.4GHz, 5GHz, and Guest WiFi Networks

Your 2.4 GHz and 5 GHz primary and “guest” network settings on that router from AT&T, Cox, Spectrum or Comcast all tie to the same “Home” network. Depending on the router make and model, your Guest WifFi network could be set by default (factory settings) to only allow internet traffic, and not to allow it to share other Home network resources. So, for the casual user, it means they can’t see your IP camera or your printer. But advanced users and hackers can scan other addresses on the network and get access.

Separation with VLAN and Managed Switches

A Managed Switch is the piece of hardware that allows us to create virtual or logical separate groups. A managed switch is not the same as a Router. A Router is a Layer 3 network device and it connects the outside world – the internet – with the devices inside.

Get Your VLAN at Home

VLANs can be developed with more advanced network components than the typical home parts. Combine a Managed Switch with a wireless access point (AP) and you’ve got the hardware for creating a true VLAN. You don’t need an expensive 48-port commercial grade managed switch, but you do want a managed switch. And APs like Ubiquity offers are more what you’re looking for instead of your typical WiFi-Router. It does take more time to setup and learn, but the results are real network security and real separation of resources.

Separate Kids, Parents Personal, and Business

The real security pay-off is in creating separate areas where kids can user the internet with their bad judgement and ask-questions-later enthusiasm for web surfing. You can create KIDS, PARENTS, and WORK networks and truly keep them separated.

Professional Guidance

Aditi Group can provide the hardware and installation and setup of home and small business networks including VLANs, VPNs, Firewalls, and more. Call us if you need help keeping your business secure for your Work At Home office.

The post Separate the Kingdom with a VLAN appeared first on Aditi Group Managed IT & Consulting.

What’s the harm in sharing your mobile number?

Ted Mayeshiba — Tue, 22 Oct 2019 14:24:31 +0000

For some of you, it has (prior to this) been routine to punch in your phone number as an identifier for “club reward” points at the grocery store or other retail location. Yet, for many of us, mobile phone numbers especially follow us from apartment to apartment to home. We don’t change that number often, if at all. It therefore, becomes a good identifier of who we are and tied with other publicly available information, becomes the key to unlock a lot of digital information. The article linked below shows the surprise findings of a tech journalist when he gave his mobile number to a security researcher. (click the picture)

The post What’s the harm in sharing your mobile number? appeared first on Aditi Group Managed IT & Consulting.