Was your digital data compromised? Probably. Here is what you can do to protect yourself and your family.

News of the “Collection #1” data dump has been circulating and reportedly contains 773 million e-mail addresses and 21 million passwords. While this information is troubling, we wanted to remind everyone of some best practices that can help mitigate the downside effect.

What happened

Security researcher TroyHunt recently uncovered and analyzed a collection of e-mail addresses and passwords that has been dubbed “Collection #1.” In total, over 87GB of data contained a treasure trove of information that had been compiled from various older data breaches.

Want to see if your digital data has been compromised? Check out the site HaveIBeenPwned. It was created and is maintained by Hunt. It’s a great free resource people can reference to determine if their e-mail address has been included in a data breach.

4 tips to protect yourself and your compromised data

Data breaches and data dumps are all too common and these security incidents can create a sense of helplessness when it comes to protecting and securing your digital identity. However, there is good news. There are proactive things you can do to protect yourself, your cloud accounts, and your digital identity.

1. Update your digital password. If your e-mail address shows up as being part of a data breach on the HaveIBeenPwned site, you should immediately change your password for any accounts impacted. Unique passwords that are long and strong go a long way to protecting your accounts from being compromised. Password managers, like LastPass or Dashlane are great way to manage all your passwords. [Learn more about creating a strong digital password].
2. Use Multi-factor Authentication (MFA). Even if a cybercriminal has your password, if you have MFA enabled on your accounts, they can’t get in without that second form of authentication. Enable this additional security setting on your email, banking and financial accounts, iCloud/Apple account, online file sharing portals, and anywhere else where you can. [Here is a primer on MFA].
3. Never use your personal information as the answer to security questions or account reset questions. Since bad actors now know your social security number, address, and date of birth (DOB),this information should never be used as an answer to security or account reset questions. Instead, use something random or, better yet, use a random sequence of numbers/letters/symbols as the answer.
4. Beware of phishing related to the attack. With all these big data breaches, cybercriminals have a lot of useful information that can be used to compile full profiles on any specific individual. This personal dossier can be used to target you specifically. For example, a hacker can send you a convincing spear-phishing email with a link or attachment. That link or attachment may contain malware or lead to a phishing site designed to infect your device or steal your passwords to other accounts.

How can Rubica help?

Cybercriminals will sometimes sit on this stolen information and use it later, so attempts to access your accounts or impersonate you may not be immediate. Keep Rubica running on all your devices for an additional layer of security.

If you’re a Rubica customer, Rubica can prevent known malware from being downloaded, block you from going to malicious sites unknowingly, and stop those sites or programs from accessing information on your devices or information you type while on those devices (i.e. passwords).
Rubica Private Client customers have our concierge support team on call for any help you may need, now or later.

As an additional security measure, anytime you’re using public Wi-Fi, connect via Rubica’s virtual private network(VPN) to protect insecure connections. Doing this makes it harder for hackers to steal your login credentials or redirect your computer to a phony banking site. [Learn more about feeling safe on public Wi-Fi].

Not yet a Rubica customer? What are you waiting for? Find the right plan for you today.

Was your digital data compromised? Probably. was originally published in Rubica on Medium, where people are continuing the conversation by highlighting and responding to this story.

The top 6 ways cyber criminals target your kids and what you can do to protect them

Digital security is something that is often talked about as it relates to adults or businesses. However, cyber criminals do not have a problem targeting another group:your kids. A recent study by the Pew Research Center states that about 95% of teens have access to a smartphone. And 45% state they’re online ‘almost constantly.’ With these kind of staggering stats, it is clear that cybersecurity, as it pertains to kids, is something that needs to be a proactive measure.

When you consider the attack surface related to kids, the ways that they are attacked is no different than adults: smartphones, computers, social media, e-mail, and wearables. We’ll share ways your kids are at risk and then how you can protect them.

Ways your kids are at risk:

1. Mobile apps & games

Kids of all ages play mobile games and use mobile apps –often even on their parents phones or tablets. Be cautious of free games and apps. Many include aggressive advertising (including gambling and dating site ads) and include links to download other games that could contain malware that can infect your devices. Some apps even gain access to the microphone, camera, or can automatically download unwanted items to your device without your knowledge. It may be worth paying more for apps with no ads. At a minimum, teach your kids not to click on ads and about protecting themselves with privacy settings. [Stay tuned for a study on kids apps we’ll be publishing soon].

2. Social media

Social media sites are a great way to stay connected, but can also make private data public or expose your children to cyber-bullying. These sites also have incredible reach, so if kids aren’t careful with privacy settings, it can be easily accessed by cyber criminals. Facebook experienced a data breach that exposed information for about 50 million accounts and it is unclear whether or not attackers also gained access to Instagram accounts — Instagram is reportedly used by 72% of teens each day.

3. Websites

Websites sometimes ask for personal identifying information like birthdate, middle name, address or even family details. This could be used not only to steal their digital identity, but also yours. A fashion social website for teens, i-Dressup, experienced a data breach that exposed information about children, including information about children under the age of 13.

4. Identity theft

Kids are just as at risk as you are to experience identity theft. According to Javelin Strategy & Research, in 2017 more than 1 million children were involved in some type of identity theft or fraud.

5. Smart devices

There is no regulation around smart devices. Unfortunately, when products are new to market, security is often the last thing device makers prioritize. A popular smartwatch by MiSafe was recently discovered to be vulnerable to hacking, which could allow an attacker to track the movements of a child and/or listen to conversations. Other smart devices have given away location data through breaches. Do you want cyber criminals knowing your child’s location?

6. Public Wi-Fi

The more kids rely on computers and smartphones to access digital content, the more tempted they are to access public Wi-Fi in hopes of preserving cell data or getting faster browsing or downloading speeds. The problem with accessing public Wi-Fi is that malicious attackers can set up rogue Networks (e.g. a duplicate Network at Starbucks named “Starbucks Wi-Fi”).These Networks can allow attackers to monitor your traffic and potentially intercept any credentials you type into apps or websites (e.g. e-mail, social media, or banking accounts).

How to protect your kids online

These examples outline various ways that children can be affected by cybercrime. That said, here are some tips you can follow to protect your children from cybercrime:

Secure your kids digital accounts:

• Use strong passwords and never reuse passwords. Use passwords with at least 14 characters, has upper case and lowercase letters, numbers, and at least one special character. Another option is to use a password manager like LastPass or Dashlane. The problem with using simple passwords such as 123456 or password, is that malicious attackers know that people like to use memorable passwords. This gives them the opportunity to easily guess your password and gain access to your online accounts.
• Enable Multi-factor Authentication on all online accounts. Two Factor Auth provides a great site with instructions on adding MFA to many popular websites and social media services. That way even if a cybercriminal has your password, if you have MFA enabled on your accounts, they can’t get in without that second form of authentication. You can’t rely on just a strong password.
• Monitor private settings. Secure digital accounts (particularly social media accounts) by ensuring privacy settings are set correctly and linked 3rd party apps are kept to a minimum.

Protect your kids network:

• Use Rubica, a safe VPN, to secure your kids Wi-Fi connections. Rubica provides a secure and trustworthy connection through an encrypted channel between your devices and websites they visit using Virtual Private Network(VPN) technology. We hide their real IP address to anonymize their devices so it’s difficult for their online activities to be tracked or for their accounts to be hacked. Rubica also has built-in advanced threat protection to automatically protect their device and Internet browsing from threats.

Protect your child’s identity:

• Freeze your child’s credit. It’s free to do as of 9/21/18. This will help ensure cybercriminals aren’t stealing their identity, which can create massive problems once they turn 18 and apply for credit.

Educate your kids:

• Teach them about the security risks that come with geolocation. Remind children that they should be very cautious with sharing their location with people on social media for their own physical safety.
• Teach your kids not to click on ads or suspicious links. Discuss the various types of malware that can infect their computer/smartphone so your children know how to keep their devices safe.

Get Rubica — the strongest layer of protection:

• Installing Rubica on all your kids devices will be the most efficient approach you can take in securing your family’s digital life and devices. Any device (even when connected to public Wi-Fi) will be protected from phishing and malicious sites, malicious pop-ups and downloads, malware and device infection, man-in-the-middle attacks and Internet traffic interception while using Rubica. Rubica protects your family’s devices 24/7 from any location with both technical tools and a human cyber analyst team on the frontlines.

Technology is a great way for children to learn and stay connected with family and friends. Although the cyber landscape can and does target children, the aforementioned tips can help ensure your children are safe while using their digital devices. For an additional layer of security, Rubica can protect your children’s devices from insecure connections, known phishing links, and known malware.

MAYBE YOU’RE SECURE ONLINE, BUT ARE YOUR KIDS? was originally published in Rubica on Medium, where people are continuing the conversation by highlighting and responding to this story.

When it comes to technology and specifically cybersecurity, it can be overwhelming to keep all the tech terminology straight. Consider the various terms and acronyms that can be found in recent headlines: VPN, DDoS, Bitcoin, Zero-Day, and Data Breach. If you aren’t a cybersecurity expert, it can be easy to get confused with so many technical terms. Rather than try to explain every single term related to cybersecurity, let’s focus on defining one category — Malware.

The word malware has become synonymous with viruses and ransomware as a way to define some type of software that can infect and compromise a computer/digital device.However, it is important to understand all of the differences, so you can defend yourself against different malware variants.

Spyware — how it spies on you, and what to do:

Spyware is probably the easiest term to define because it does exactly what its name states — it spies on you. The ultimate goal of spyware is to gather information about users or devices. This can be done by tracking activity on your browser or computer or logging information (e.g. keylogger).

One of the most common forms of disseminating spyware to devices is via browser extensions, such as Chrome Extensions. Recent discoveries by security researchers have found various Chrome extensions that spy on user browsing and social media habits. Other ways spyware is disseminated is via rogue/malicious apps.

At the bare minimum, the best way to combat spyware on a computer is to ensure you have an up to date Antivirus program running on your computer. In terms of combatting spyware on mobile devices, it is highly recommended that you don’t jailbreak your devices and only download apps from official channels such as the iTunes Store or the Google Play Store. While there have been instances where apps with spyware have circumvented Apple and Google’s security controls, it is still the best recommended practice to avoid 3rd party app stores because malicious attackers actively put compromised apps in these stores.

Trojan –how it takes over your devices and what to do

A Trojan, or Trojan Horse, is malicious software/code that can be used to gain control over a device. One key difference with Trojans is that it can’t replicate, as other viruses can. Some common types of Trojans include: Backdoor, Exploit, Banker, and Remote Access. Trojans go a step beyond spyware with the end game of gaining access to your device for various reasons (e.g. exfiltrating data, remote access, etc.).

One of the most popular ways of disseminating Trojans is via e-mail. We have all seen e-mails that contain a seemingly innocuous attachment such as a picture or video file. If the attachment is opened, it can allow a Trojan to be installed on your computer or smartphone.

As with Spyware, an up to date Antivirus program will help keep you protected from Trojans on a computer. In addition, being vigilant with what you are downloading or installing on your devices goes a long way to combatting accidental Trojan installation. It’s also better to download software directly from a company’s website (e.g. downloading a program from the actual website such as Slack from Slack’s website, Dropbox from Dropbox’s website, etc.)

Ransomware — how it tries to hold you hostage, and what you can do:

The most destructive form of malware is called Ransomware. As the name implies, ransomware attempts to hold your devices/data hostage in hopes of scoring a ransom. Common forms of Ransomware encrypt your computer and display a notification that your files have been encrypted and in order for you to get the decryption key, you need to pay a sum of money, typically in Bitcoin, in order to protect the attackers from being tracked. Ransomware can be transmitted via a phishing link, an attachment in an e-mail, or a malicious program.

Luckily, several Antivirus companies have decryption tools for various ransomware variants that are free to download and use. The best ways to combat being infected with ransomware is to ensure you have up to date backups of your computer/devices and exercise strong cyber.

But wait, it can get worse?

Now that a basic baseline has been established for what’s the difference between Malware, Spyware, Trojans, and Ransomware, the real monkey wrench in all of this is that they can all be combined. For example, you may see a tip calculator app on a 3rd party Google Play Store that seems to have all of the functionality you are looking for, so you download it and install it on your Droid smartphone. What you have actually done is install an app that contains both Spyware and Trojan payloads within the app. The spyware component may monitor your GPS location and browsing habits. The trojan component may create a backdoor that could allow an attacker to gain remote access over your smartphone. This is where being vigilant with what you install on your devices comes into play and could have prevented the infection in the first place.

It can be overwhelming to navigate around all forms of malware that could compromise your computer or mobile device. Thankfully, there is a better solution that can act as a safety net for times when you may have a lapse in judgment and accidentally click on a malicious attachment or download a rogue app on your smartphone.

Rubica provides an additional layer of security that can detect malicious malware like activity on devices (e.g. spyware behavior and data exfiltration). When it comes to your digital devices, these devices are essentially an extension of ourselves. Rubica provides peace of mind in knowing that you are protected from numerous digital attacks for a nominal price.

Spyware, Trojans, Ransomware Oh My! What Are The Differences And How To Protect Yourself was originally published in Rubica on Medium, where people are continuing the conversation by highlighting and responding to this story.

Cybersecurity is a cat and mouse game between users and malicious attackers. With all of the reports of data breaches and device exploits in the news, it can be difficult to fully understand what you, the user, can do to protect yourself from cyber attackers. As we have all learned, sometimes the simplest solution can be the best solution to a problem.

When it comes to password habits, it is staggering to see how many people use a variant of “1234” as either their entire password or part of their password. Security researcher, Troy Hunt — who is the creator of HaveIBeenPwned, released some mind-boggling stats around the number of weak passwords that have been part of data breaches and password dumps. This is a list of ten of the worst passwords Troy found:

With a sample set of 6.8 million passwords from a data breach, 86% of those passwords were categorized as weak/terrible.

What’s the big deal if I use “12345” as my password?

You may be wondering, “What is the big deal if I want to use “12345” as my password?” The problem with using this type of password is that cyber attackers know that people like to use simple passwords such as this. This gives them the opportunity to easily guess your password and gain access to your online accounts.

To make matters worse, studies have shown that although people know that they shouldn’t reuse passwords, they still do. Earlier this year, LastPass conducted a survey and found that in a sample set of around 2,000 users, 91% of the participants said they knew that reusing passwords is bad, but 59% of the participants said they reused passwords anyway.

“91% of participants knew that reusing passwords is bad, but 59% of participants said they reused passwords anyway.” — LastPass Survey

Whenever a data breach happens, cyber attackers will gather information about a user (e.g. name, e-mail address, exposed password, etc.) and then try the exposed password on multiple sites. For example, if an online retailer experiences a data breach and exposes passwords, an attacker can take the information from the data breach and try the passwords for a user on social media sites, banking sites, etc.

3 tips for securing your password from cyber criminals

Just like with sports, you don’t want to give your opponent an advantage. There are simple things you can do to ensure you’re not “low hanging fruit” for cyber attackers.

• Use a password manager to not only organize and maintain passwords, but also to create passwords. Password managers, such as Dashlane and LastPass have built-in password generators that create unique, long, strong, passwords.
• Use a strong form of Multifactor Authentication (MFA). SMS is a weak form of MFA and should only be used as a last resort. Hardware such as a Yubikey provides the strongest form of MFA with an Authenticator App (e.g. Google, Microsoft, Authy) as the next strongest option for MFA.
• If you don’t want to use a password manager, you can use a mnemonic trick to remember passwords such as the first letter from lyrics in a song or a phrase, and add a special character or two(e.g. TtLshiWwyauatwshLaditS$& — Twinkle Twinkle Little Star).

By following these tips, you can help ensure that your password hygiene is strong and ensure that you are no longer part of the low hanging fruit that cyber attackers can easily exploit.

If protecting yourself, your family and your data is important to you, learn more about how Rubica provides enterprise-grade cybersecurity for individuals, families and teams.

How to create strong digital passwords was originally published in Rubica on Medium, where people are continuing the conversation by highlighting and responding to this story.

According to Adobe Analytics, a record $19.62 billion was spent online between Black Friday and Cyber Monday in 2017. There is no doubt that Cyber Monday is a great time to get cheap electronics and other potential gift items. However, it is important not to cheap out on your cybersecurity when you do your Cyber Monday shopping.

Malicious attackers know that people love a good deal and can target shoppers with the promise of cheap goods on a malicious site. With $2 billion of Cyber Monday’s sales coming from mobile devices last year, it is imperative that you take proactive steps to protect your purchases.

Here are some tips to keep you safe on Cyber Monday:

Protect your Network:

• Use secure WiFi connections. When at home, make sure your WiFi network is set up with WPA2 encryption. When using public WiFi, use a virtual private network (VPN) to protect insecure connections, such as a hotel or airport WiFi. Doing this makes it harder for hackers to steal your login credentials or redirect your computer to a phony banking site.

Protect your devices:

• Ensure you have Antivirus installed on your computer and keep it up to date with the latest virus definitions. If you download any malicious files from a purported Cyber Monday website, an up to date Antivirus can help protect your computer.
• Be mindful when clicking on links you may see on social media for Cyber Monday deals, as they could potentially be phishing links that will redirect you to a malicious website.
• Make sure your browser (e.g. Chrome, Firefox, Safari) is up to date. This can help protect against known vulnerabilities that an attacker may leverage on a maliciously crafted website that has alleged Cyber Monday deals.

Protect your online accounts:

• Don’t reuse passwords on websites. Each website should have a unique password. A password manager can help you keep your passwords organized. With the amount of corporate cyberbreaches, hackers have many people’s passwords. You don’t want them to use a stolen password to access your other accounts.
• Use a strong password that is at least 14 characters long, has upper case and lowercase letters, numbers, and at least one special character. Common passwords like 1234 or password1 are too easy for cybercriminals to guess.
• Add multi factor authentication (MFA) to all online accounts that offer this security option. Two Factor Auth is a great website that has instructions on setting up MFA for many popular sites. If your password is compromised, accounts with MFA will require an additional step before a cybercriminal can gain access to your account.

Protect your purchases:

• Use a credit card when you make Cyber Monday purchases. Credit cards have more protection under the Fair Credit Billing Act that make it easier to dispute fraudulent charges in the event your credit card is compromised. Additionally, you’re only on the hook for up to $50 when fraudulent charges occur on your credit card. Fraud protection for debit cards is not always as robust or easy to navigate compared to a credit card. You may run into problems when disputing charges on a debit card and it can possibly take longer to resolve.
• If a Cyber Monday deal is only obtainable via Bitcoin, it may be in your best interest to skip said deal. While Bitcoin is a legitimate way of transmitting money, most online retailers aren’t actively accepting Bitcoin payments and there is no Bitcoin fraud protection. Don’t store your credit card on websites. Instead, store them in a password manager (e.g. LastPass, Dashlane) for easy use with “form fill/autofill.” This can help protect your credit card number in the event that website’s servers are compromised.

Just as you protect your home with an alarm system, guard dog, and home owner insurance, it’s important to take precautionary measures to protect your digital identify, data, and privacy.

If you’re ready to keep your family safe and private in the digital world, Rubica’s full-service cybersecurity solution protects you from:

• Phishing & malicious sites
• Malicious pop-ups & downloads
• Malware & device infection
• Identity theft
• Cryptocurrency-theft & unauthorized crypto-mining
• Man-in-the-middle attacks & privacy threats (internet traffic interception)

More than software with VPN technology, our cyber ops team — formerly with top security organizations like NSA, US Navy, and Scotland Yard — work from a US-based ops center to monitor your data 24/7 and identify threats based on your personal behavioral patterns.

Investing in Rubica and a password manager will not only protect your purchases, but also protect your family from cybercriminals.

How to protect yourself while shopping online on Cyber Monday was originally published in Rubica on Medium, where people are continuing the conversation by highlighting and responding to this story.

Introducing Rubica’s New Pricing Tiers, and the Rubica App with Advanced Threat Protection

Over the last ten years, my career and my focus has been on the biggest security challenges — whether this was within the four walls of government, the boundless environment of video gaming or on the physical frontiers of Afghanistan.

While the rapid advance of technology offers significant improvements to our lives, it has also created a golden age of criminal disruption. This crime is having a growing and pernicious effect on each of us and the society we want to live in.

With Rubica, we set out to turn the power of technology towards solving the problem of cybercrime.

In the physical world a cop can only respond to one incident and protect one person. In the digital world we can replicate that cop millions of times to protect millions of people. The more people we protect with our digital thin-blue line, the less the criminals thrive.

Between my father and I, we’ve spent almost 50-years trying to prevent criminals succeeding and Rubica is the natural digital evolution of this family effort.

Introducing new pricing tiers!

Today I’m proud to announce the expansion of the Rubica service which makes our advanced cyber threat protection available to individuals, families and teams starting at just $39.99 per month: https://rubica.com.

This is the first time True CyberSecurity, enterprise grade cybersecurity, will be available to individuals.

The new App is here!

We are also excited to announce that a refreshed version of the Rubica App is now available in the App Store.

The updated Rubica iOS App (a similar refresh is coming soon for Android, Mac, and Windows) includes the following new features:

• A dashboard for viewing all the threats blocked
• A view into the threats we have protected you from behind the scenes, for each device and user
• Push notifications to alert you in real-time if a threat is blocked or detected

Customers signing up with the new tiers get all of the advanced technical protection of the Rubica security stack (without the white-glove human, on-call element available to Rubica Private Client customers). Rubica’s advanced threat-detection automatically protects you from:

• Phishing & malicious sites
• Malicious pop-ups & downloads
• Malware & device infection
• Cryptocurrency-theft & unauthorized crypto-mining
• Man-in-the-middle attacks & privacy threats (internet traffic interception)

This protection is on all your devices, no matter where you are or what network you connect to, and is compatible with iOS, Mac, Windows OS and Android OS.

Who needs cybersecurity?

Every day, cyber threats become more sophisticated and bigger, and closer to home. With the rise in corporate hacks, threats to our physical security, bad actors and fake news — now is the right time to secure your digital life.

If you’ve ever used public WiFi at the airport, or let someone use one of your devices, or use the same password for more than one account, you are at serious risk.

We built Rubica’s enterprise-grade cybersecurity technology for people just like you because we believe the digital “you” has the right to be safe online. Your web-behavior, and how you interact with your devices, is an extension of who you are as an individual and is closely tied to your personal identity, interests, concerns and values. You have the right to keep your information secure, private, and protected from predators.

I WANT PROTECTION NOW

Protect yourself, your family and your friends. Sign-up today to protect yourself before holiday travel and online shopping kick into high gear.

True CyberSecurity for All was originally published in Rubica on Medium, where people are continuing the conversation by highlighting and responding to this story.

This halloween season can be scarier than ever. Stay secure.

The ghouls and ghosts who come to your house to trick or treat are harmless relative to cyber hackers. Here are three things you can do this Halloween season to protect you and your family:

1. A little eerie…Siri is always listening to you…

Ever wonder why you get ads and search results that seem to be reading your mind? If you have an iPhone, Siri (by default) is programmed to listen to every application on your phone and listen for your voice even if the phone is asleep. This means that Siri can mine information from your text messages, social media apps, and every other app installed on your phone.

To limit Siri’s psychic abilities to only the apps you need her for, go to Settings > Siri & Search. Scroll down and you will see a list of every app on your phone. For each app that you do not want Siri to spy on, click that app in the list and toggle off the Search & Siri setting within it.

2. Don’t let a skeleton in the backdoor…

Both Apple and Microsoft will occasionally release updates for their operating systems (iOS, OS X, Windows). Even though they often advertise these updates for their user feature improvements, almost every update or new version also has a “security patch” included, which plugs a security hole that was found. If left unpatched, these holes can create backdoors for cyber ghouls to sneak through.

Similarly, all software programs should be kept updated and running the latest version — Outlook/Microsoft Office, Adobe, browsers like Chrome/Safari, etc. Turn on automatic updates for your software programs to automatically connect and update to patch vulnerabilities. If you no longer use a program (and therefore do not want to upgrade), then it should be deleted to eliminate that potential “backdoor.”

3. If you use your pet’s name, kids name, or last address, the trick is on you…

Cyber criminals know that we are lazy about passwords and often reuse them between sites or use easily discoverable personal information as part of our passwords (ex: DOB, kids name, pets name, address). This makes your passwords easy to crack, and if you use similar versions of the same password on multiple sites once one is cracked, they have them all. Never use personal info, or info that can be obtained from social media, in your passwords.

Answers to “Security Questions” or “Account Reset Questions” also should not include things like your mother’s maiden name or pet’s name. You can make the answers to these questions anything you want, so consider using something unique such as a randomly generated password from a password manager as the answer to these questions. This will help prevent someone from gaining access to your accounts (and locking you out) via resetting your passwords.

If you want to take your cyber security to the next level, Rubica can protect your family and all of your devices from the creepie and scary things lurking online.

3 TIPS TO PROTECT YOUR FAMILY FROM CYBER GHOULS & GHOSTS was originally published in Rubica on Medium, where people are continuing the conversation by highlighting and responding to this story.

A common misconception is that security is something that you can worry about later when you’re a bigger company. After all, you have other more important things to worry about. Working in a startup or small business, there is always a staggering list of items that are categorized as critical for operations, but (unfortunately) cybersecurity is rarely placed on this list.

Another common misconception is that security is too expensive. However, integrating elements of cybersecurity in from the beginning is not only less expensive, but it becomes easier to maintain that security culture within your company long term. Your investors and customers will thank you!

Here are 5 practical, low-cost tools and practices that you can implement in your startup or small business which will make a huge difference in your cybersecurity posture:

1. Enterprise Password Manager — Implement for your whole team for nominal fees and it will more than prove its worth in the first year. By implementing a password manager system (managed and controlled by your IT team), you protect the credentials used for cloud accounts and backend systems. Good password managers also provide visibility into your startup’s users to see which folks exercise poor password practices (e.g. password reuse, weak passwords, etc.). Additionally, you can leverage Single-Sign-On (SSO) to simplify the onboarding/offboarding process, as well as securing login procedures.

2. Fostering a Cyber Security Culture — By making cybersecurity a part of your culture from the start, and making it everyone’s responsibility, you are setting your company up for success in the way that each employee does their job and the way that your infrastructure and services are set up. Create cheat sheets on ways employees can exercise “strong cyber hygiene” and regularly test adherence to these practices:

• How to create strong passwords (https://www.lastpass.com/password-generator)
• How you can add MFA to your online accounts (https://twofactorauth.org/)
• Send out phishing quizzes to all employees (new and old) to help educate them on ways to identify phishing e-mails (https://www.opendns.com/phishing-quiz/, http://blog.intronis.com/phishing-quiz, and https://www.sonicwall.com/phishing/)
• Educate users on what social engineering is (https://www.youtube.com/watch?v=lc7scxvKQOo)

3. Check Each Other’s Work — It is true that we have a blind spot when it comes to our own creations or things we work on. Because of this, it is important that you have someone else check your work, specifically for any server/backend configurations. The last thing you want is to have egg on your face because a server was misconfigured and data was exposed.

4. Embrace Mobile Device Management (MDM) — Protecting devices that connect to your company’s Network is absolutely mission critical. MDM “on the cheap” is viable with built-in tools like MDM capabilities in Office 365 and also MDM offerings within G Suite. The more you can protect your data and devices that connect to your Network, the more your potential attack vectors decrease.

5. Real-Time Threat Protection — Unfortunately, Antivirus isn't as effective as it once was and something more advanced is required to truly protect your endpoints and online activity from the barrage of always-changing cyber threats. Rather than spending a ton of money on enterprise-level intrusion detection and prevention tools (IDS/IPS), you can get this same level of advanced protection for a fraction of the cost by installing Rubica on your devices.

Rubica protects phones, desktops, laptops, and tablets from infection and compromise, and also encrypts your connection to the internet no matter where you are or what network you connect to. With Rubica, all of your employees can be protected from phishing, malware, browser-hijackers, malicious sites/pop-ups, and other emerging threats.

Startup…without breaking the bank! was originally published in Rubica on Medium, where people are continuing the conversation by highlighting and responding to this story.

Using a VPN (Virtual Private Network) can help protect your Network traffic from being intercepted while using insecure WiFi connections, such as coffee shops or hotels. If someone is going to use a VPN app, it is important to read the Terms of Service to familiarize yourself with what the app maker does with the data that flows through the VPN tunnel.

Facebook recently removed their promoted VPN app, Onavo Protect, from the Apple App Store after they were found to be in violation of Apple’s data-collection policies. Onavo Protect compiled user data into a database and then subsequently sold that info to third-parties. Additionally, Onavo Protect monitors the apps that are in use on users’ devices and sends that data back to Facebook servers. On the surface this data collection/sharing may seem insignificant, but it is counterintuitive when you consider that a VPN is supposed to protect your privacy.

Rubica not only provides all of the benefits of using a traditional VPN, but also adds extra layers of protection against known phishing links, ransomware, and malicious redirects. Additionally, our team of 24/7 Cyber Analysts look for undiscovered threats and attack vectors in an effort to keep users safe. Rubica does not, and will not ever, sell any type of user data to third-parties. Any user data that is collected is anonymized, protected, and restricted on isolated systems. Additional information about our Data Security Policy can be found at: https://rubica.com/data-security-policy/

Contact us if you have any questions about VPN data security or any other cyber security matters.

Did you read the Terms of Service? was originally published in Rubica on Medium, where people are continuing the conversation by highlighting and responding to this story.

T-Mobile representatives recently issued a statement regarding a data breach that occurred on August 20th. This data breach resulted in T-Mobile customer information being exposed. The exposed data includes: billing zip code, customer names and account numbers, account types, and e-mail addresses.

While on the surface this may seem like erroneous data, it is actually very useful data to attackers, especially malicious attackers who specialize in porting scams. Port-out scams involve an attacker transferring a users’ phone number to a different phone. This is often done in an effort to gain access to online accounts that are tied to a specific phone number.

If you are a T-Mobile customer, it is highly recommended that you closely monitor your account for unusual activity such as new phone hardware charges or new lines of service. Also, T-Mobile customers should be vigilant with monitoring for attempted phone number ports. The first indicator of a port-out event is when your phone stops having service and you’re unable to make calls or browse the Internet. T-Mobile customers can also call customer support to add a “porting pin” to help protect against potential porting activity.

With Rubica, you not only have protection for your devices, but you also have access to our cyber security concierge service. We are available to answer any cyber security questions you may have.

Another T-Mobile Data Breach. was originally published in Rubica on Medium, where people are continuing the conversation by highlighting and responding to this story.