Step Up Security

Perhaps you’ve noticed it in your email inbox or text messages: there is a recent uptick in the number of attempts to gain private information that compromises your personal and financial security, as well as that of organizations and corporations. According to a recent report from Proofpoint, email-based phishing attempts became increasingly successful in 2021, as did ransomware attacks. As many as 83 percent of organizations said they experienced a successful email-based phishing attack in 2021, compared to 57 percent in 2020. These upticks appear to be continuing in 2022. Across a variety of industries, phishing attacks are becoming more prolific and targeting employees from entry-level to executives. That means it’s more important than ever to protect yourself and your business by exercising vigilant technology safety protocols and learning best prevention practices. The U.S. Cyberinfrastructure and Security Agency (CISA) offers the following tips that can help you and your organization avoid these attacks. Understand the threat. Phishing is a form of a social engineering attack, which means that common social norms are used to gain and compromise information about a company and its technology systems. Messages claim to be legitimate communications from vendors, banks, employees and other business contacts, but are really fraudulent attempts to obtain confidential information from recipients. The imposter may even offer information that claims to support their identity. Be skeptical, even when a message appears to be from a trusted source. An attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. They could also pose as a vendor who needs account information changed or even an internal employee who claims to need verification of information. When users respond with the requested details, hackers can...

Laptop Ban Update

The Department of Homeland Security releases new air travel security regulations, but there’s no need to leave your laptop at home…yet. Responding to pressure from US airlines fearing adverse economic impacts as a result of a widened ban on in-flight electronics, the Department of Homeland Security (DHS) decided not to extend its laptop ban beyond airports already included in the electronics prohibition.  European airlines were especially vocal about their opposition. Alexandre de Juniac, director general, and chief executive of the group, which represents 265 airlines, wrote in a letter to Kelly and Violeta Bulc, the E.U.’s top transportation official that expanding the ban could cost $1.1 billion a year in lost productivity, travel time and “passenger well-being.” While those fears have been put to rest, for now, foreign and domestic airports and airlines will nevertheless face stricter security requirements moving forward as part of the DHS plan to anticipate threats before they become a reality. “The United States and the global aviation community face an adaptive and agile enemy,” DHS said in a statement. “Terrorist groups continue to target passenger aircraft, and we have seen a ‘spider web’ of threats to commercial aviation as terrorist pursue new attack methods.” Stay of Execution Currently, flights originating from eight countries – Egypt, Jordan, Kuwait, Morocco, Qatar, Saudi Arabia, Turkey and the United Arab Emirates – must relegate any electronic bigger than a cell phone to the cargo hold. Airlines affected by the electronics restriction saw passenger numbers drop dramatically, prompting airlines from other countries to vigorously lobby against extending the ban. Ultimately, the DHS dodged the issue, preferring instead to focus on upgrading security on the ground. While European airlines greeted the DHS announcement with studied relief, de Juniac remained cautious about the financial ramifications of the new safety...

Election Hack

With the presidential election only a few weeks away, questions swirl about the vulnerability of electronic voting machines. Today’s voting systems run the gamut from punch cards to touchscreens. This November, three-quarters of U.S. voters will cast a paper ballot, but the other 25% are triggering concern. As electronic voting machines get older and less secure, the question becomes: just how safe is our vote? Over at Wired, Brian Barrett investigates the vulnerabilities of America’s electronic voting machines. Though he makes sure to emphasize there’s “no evidence of direct voting machine interference to date,” he concedes the research is grim. Susceptibility to malware and denial of service attacks has repeatedly been demonstrated. In some cases, compromising an electronic voting machine could be as easy as jumping onto an unsecured Wi-Fi network. Just last year Virginia decertified 3000 WINVote touchscreen voting machines when serious security problems were exposed, including “a poorly secured Wi-Fi feature for tallying votes.” At the time, Jeremy Epstein, a computer scientist with SRI International, noted, ““anyone with even a modicum of training could have succeeded,” including someone within a half-mile of a polling pace outfitted with “a rudimentary antenna built using a Pringles can.” Hacking the Vote Aging operating systems provide the biggest opportunity for would-be hackers. As Barrett explains, most electronic voting machines use some variation of Windows XP, which hasn’t received a security patch in over two years. Unfortunately, most of the voting computers are at least a decade old, and just not equipped to deal with a sophisticated attack. “People weren’t thinking about voting system security or all the additional challenges that come with electronic voting systems,” Brennan Center’s Lawrence Norden tells Wired. “Moving to electronic voting systems solved a lot of problems, but created a lot of...

Beware Ransomware

Last month, the Los Angeles Department of Health Services became the latest victim in a string of ransomware demands hitting the healthcare industry. Though not as severe as the ransomware attack on Hollywood Presbyterian Medical Center earlier this year demanding $17,000 in bitcoin, Department officials were quick to act on the threat. The Los Angeles Department of Health Services was able to contain the damage to five work computers thanks to preemptive security measures. Because employees have limited access to the department’s database, the ransomware attack was unable to spread. When asked about the nature of the attack, Director of USC’s Center for Computer Systems Security Clifford Neuman explained, “Since this one affected only a few employees’ systems and does not appear to have spread further, it was likely one of these non-targeted pieces of malware.” Exploiting Vulnerabilities Non-targeted malware describes how attackers access a victim’s device. Whether the ransomware sneaks in through an email, an attachment or even a camouflaged link, once triggered, the result is a total lockdown of the infected device through encryption of the contents. Paying the ransom releases the data and returns control of the device to the victim. Ransom prices can vary from small sums to thousands of dollars. Until recently, Apple devices and systems had not been widely affected, but news of ransomware malware lurking inside a recent update for Transmission highlighted vulnerabilities inherent in all online activities. While in the past ransomware primarily struck individuals, in recent months attacks have kicked up a notch. The latest victims are large, data-rich institutions like hospitals and government services. “Since the New Year, the healthcare industry has experienced an uptick in ransomware incidents,” county spokesman David Sommers told the LA times, reiterating that the county has “be successful in...

Embracing Tech

Renters of all ages have rising expectations for technology features in their rentals. While splurging on gadgets would certainly catch your prospects’ attention, that approach isn’t the most budget-friendly. You’ll want features that offer the biggest bang for your buck! We’ve evaluated a few tech toys that combine resident appeal, utility, and longevity. USB Compatible Outlets These little guys allow residents to charge phones, tablets, and other mobile devices without displacing lamps and small appliances. Installing USB compatible outlets can offer significant savings for older properties, which often lack the quantity of outlets available in newer properties. Residents will need fewer extension cords and power strips, which reduces the risk of hazardous overloads and costly fires. USB outlets are affordably priced and can be installed in less than ten minutes. With so many USB-reliant devices, they are unlikely to become outdated soon, making them a terrific investment. Home Automation Home automation wins over the hearts of many: tech gurus love controlling their homes from their tablets; those who love to save savor the $180 savings per year thanks to a remotely programmable thermostat; tenants who enjoy convenience appreciate starting the coffee maker from bed or turning off the iron once they’ve left the house; renters who are concerned with safety rely on Bluetooth-controlled locks that regulate access to their home using customizable codes. Most renters can find something to appreciate about home automation, which gives your property a competitive edge over properties without it. The downside is that home automation technology can be costly to install and maintain. Depending on the features, home automation systems can cost upwards of $1,000 per unit. More advanced systems also require additional labor and time costs; there is very little research to depict the ROI in multifamily installations...

Yardi Store Mar24

Yardi Store

Yardi announced today that it has completed an examination of its security and internal controls for 2014 and has received its final SSAE 16 SOC 1 Type 2 report for its Store Enterprise and Store Advantage applications. Formerly known as SAS 70, SOC 1 is published by the AICPA (American Institute of CPAs®) under the attestation standard SSAE 16 and involves undergoing an examination of policies, operating procedures and controls related to financial reporting of user entities by an independent auditor to objectively validate that the service organization meets its declared control objectives. Store Enterprise and Store Advantage are the only management software solutions in the self storage industry to obtain SOC 1 Type 2 compliance for eight consecutive years. “We take our clients’ needs very seriously and go above and beyond basic requirements to guarantee the safety and security of our systems and their data,” said James Hafen, self storage industry principal at Yardi. “Our largest customers include publicly traded REITs, and they rely on our SOC 1 compliance to ensure that the mission-critical management systems they employ to operate their businesses are absolutely sound.” Hafen added: “Our compliance efforts ultimately benefit all of our customers, not just the larger players. Compliance with this standard requires stringent internal policies related to software development and storing and accessing data and related hardware. As a result of our commitment, all customers can rest assured that Yardi is doing everything it can to ensure their data and systems are secure.” Now in its fourth decade, Yardi® is committed to the design, development and support of software for real estate investment management and property management, and includes leading self storage management software in its family of trusted solutions to help self storage operators increase revenue, become more...

Bitdefender BOX

As soon as the first smart home device launched, I’ve started wondering: who was going to put a leash on what we now call The Internet of Things. Surely all with an interest in this age of ultra-connectivity and smart devices have had at least one vision where all these things around us turned against us and took over. Sounds scary, no? Just recently, Stephen Hawking’s warning regarding artificial intelligence and how it could end humankind made international news. The first test space for the internet of things and artificial intelligence is the “smart home.” We are now witnessing the evolution from building and home automation to smart homes: this evolution is driven by the progressing maturity of the Internet of Things and the use of artificial intelligence. Current significant technological challenges revolve around the immaturity of home intelligence and the means and ways to “educate” it. Romanian antivirus firm Bitdefender strives to do just that, although not directly. Bitdefender BOX is a physical network device described as “the security solution for the Internet of Things,” but not only that. The BOX is claimed to be a defense against all security layers, usually sold only to businesses, such as botnets, phishing, data theft, or everyday malware. The hardware piece took over one year of assiduous work to be complete was designed to secure not only PCs, but also tablets, smartphones, smart TVs, smart fridges, lighting systems, and alarm systems connected to Wi-Fi. Bitdefender BOX is a fascinating hybrid between a router, network firewall, and intrusion prevention system. Its specifications are far from impressive – single-core 400 MHz MIPS microprocessor, 16 MB Flash memory, 64-MB DDR2 RAM, two 10/100 Ethernet ports and a wireless chipset that supports the 802.11b/g/n Wi-Fi needs, capable of speeds of...

The New Black

The world is realizing more of the gadgetry from James Bond’s reality, and it’s about time. But we’re not talking about underwater jet packs or a BMW equipped with missiles. Secure phones that ensure secret-agent level privacy are in demand across consumer sectors. They’re even being made by military contractors. Boeing has unveiled a secure smartphone that marks a unique departure for the Chicago-based aerospace and defense company, best known for making jetliners. In order to accomplish defense and security missions, security and flexibility are key factors, and their smartphone is primarily aimed at government agencies and contractors who need to keep their data secure. Made in the United States after 36 months of development-stage, the Boeing Black Smartphone features a 4.3-inch qHD (540 x 960) pixels handset with dual SIM cards, to enable it to access multiple cell networks. The battery stops at 1590 mAh, and has Bluetooth v2.1 + EDR-enabled connectivity. It runs on Android OS and its key features include disk encryption designed to store sensitive information securely, hardware Root of Trust to ensure software authenticity, a Hardware Crypto Engine to protect stored and transmitted data, Embedded Secure Components to enable trusted operations, Trusted Platform Modules to provide secure key storage, Secure Boot to maintain device image integrity, and “hardware modularity” for multiple modularity capabilities. However, the central security feature of the Boeing Black is the PureSecure, an architectural foundation “built upon layers of trust from embedded hardware, operating system policy controls and compatibility with leading mobile-device management systems.” In addition to all these, the smartphone includes the ability to communicate via satellite transceivers and “discrete radio channels”, advanced location tracking and biometric sensors. But what takes this mobile device to another level is that on top of the call encryption...

Protecting Data

As the digital storehouse of sensitive data grows, the quest for secure authentication continues. Heartbleed jarred many of us. Data on our most popular (and presumably better protected) sites was exposed and, in some cases, compromised. The introduction of biometrics was a step in the right direction but Heartbleed reminded us that biometrics only protect a device; currently, such technology doesn’t fend off hackers from laptops, desktops, and the individual websites and apps that we use each day. Most of our data is still protected via password and even the cleverest passwords meet their match when hackers are intent to crack them. This poses a huge hurdle for companies whose user passwords protect countless pieces of sensitive client information. Fast Identity Online Alliance (FIDO), whose members include the likes of Google and PayPal, seek ways to decrease dependency on passwords. Its goal is to develop “technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users.” In other words, create simpler, stronger authentication. One of FIDO’s most recent innovations is a piece of hardware, simply called the authenticator, that may replace individual passwords. The hardware will communicate directly with the websites that you’re visiting, creating a distinct digital key for each digital lock. No access information is stored remotely, reducing hackers’ access to pools of passwords and the information that they protect. The hardware itself may rely on biometric access to prevent misuse if lost or stolen. FIDO’s authenticator is still under development but its business potential is evident. Employers could issue the hardware to employees, limiting potential human errors. Employees would not have to worry about changing passwords every 90 days, creating weak passwords, forgetting or sharing their credentials. Even if a device is a...

Averting Data Disaster Apr30

Averting Data Disaster...

With an interest in marketing, job title based in IT, a strong grasp of social media and a passion for real-life residents, Bill Szczytko has earned a following as someone who can be counted on to deliver prescient insight about apartment management. His network of contacts in the industry is nationwide, and he effectively uses Twitter to gain a grasp of what fellow multifamily professionals are talking about this very minute. He’ll appear at the upcoming Apartment Internet Marketing  conference next Monday and Tuesday in California, where he’ll  talk about avoiding landmines while doing business online. He shared a sneak peek into what those landmines look like in a recent interview. What are the most worrisome threats that multifamily firms might face from hacking? Szczytko: The most worrisome threat we face is our own complacency. Hackers want one thing. Information. This information can be social security numbers, credit card numbers, and bank account information. Some try to obtain this information for the fun of it but most use this information to make money. There are many ways they try to get it. Viruses, phishing schemes, brunt force attacks, and hacking weak user account information. Most threats can be avoided just by being smart about how you surf the internet and the kinds of passwords you create. What best practices are necessary for a  company seeking to protect itself in the online realm? Szczytko:  It’s essential that you have several things in place. First, is a password policy that walks a good line between passwords people can remember and security. Second, is a form of antivirus running on the company machines. The best antivirus is always you but it’s hard to get people up to the same level in regards to what is dangerous online...

The Kill Switch

Today’s smartphones hold more private data than a credit card. A credit card comes with a “kill switch” but your smartphone does not. If your credit card is stolen, you can have it disabled. Any access to your account using the old card number will be forbidden. Yet if your smartphone is stolen, you and your company are more vulnerable than ever. A few developers have created software that disables mobile devices. All that would be required to activate the kill switch is a verification  process, much like what is undergone when you’re canceling credit card. Companies and individuals can potentially save a lot of money and effort when kill switch technology hits the market. A kill switch can provide improved security for businesses by keeping private data out of the wrong hands. The 2013 Cost of Data Breach Study issued by Ponemon suggests that US companies have the most costly data breaches at $199 per record. This brings total costs to about $5.4 million annually. Cybercrime that may come as a result of compromised data leads to $300 billion to $1 trillion in damages. Companies could greatly decrease the cleanup costs of data breaches with a kill switch on corporate smartphones, tablets, and laptops. Companies can also protect themselves against disgruntled and negligent employees. Cisco reports that: 20 percent of IT professionals said disgruntled employees were their biggest concern in the insider threat arena 39 percent of IT professionals were more concerned about the threat from their own employees than the threat from outside hackers. 11 percent of employees reported that they or fellow employees accessed unauthorized information and sold it for profit, or stole computers. If a company is able to disarm its issued devices when needed, the company will be better...