Sony pictures computer system hacked in online attack

25 November 2014

Sony Pictures Entertainment has been targeted by computer hackers in an attack which reports say forced it shut down its systems on Monday.

A skull appeared on computer screens along with a message threatening to release data "secrets" if undisclosed demands were not met, reports said.

The message showed "#GOP" indicating a group called Guardians of Peace was behind the attack.

Sony has issued a statement saying the firm is investigating the "IT matter".

The tech firm has reportedly shut down its computer network as a precaution and advised employees that resolving the situation could take anywhere from one day to three weeks.

Meanwhile, an anonymous user on the Reddit news website posted an image allegedly from a Sony computer screen, which said "Warning: We've already warned you, and this is just the beginning...We have obtained all your internal data including secrets and top secrets".

News of the online attack comes just months after Sony's Playstation network was forced offline by a cyber attack in August.

Wee Teck Loo, head of consumer electronics research at Euromonitor said any negative news for Sony just "piles" pressure on the company that has been struggling financially in both its TV and mobile business.

"Three years ago, the hack on PlayStation network was massive, expensive and absolutely embarrassing. This time round, I don't believe that there will be massive damage, save for Sony's ego, even if the hack is real," Mr. Loo said.

Charles Lim, senior industry analyst at ICT, Frost & Sullivan Asia Pacific, however, said that the attack has put into question what "multi-layers of prevention" Sony has to detect and handle such risks.

"In this breach, GOP claimed to have accessed private keys, source codes, password files and even their production schedule and notes, and that will raise questions," Mr Lim said.

High profile companies like Sony can be targeted and hacked every day, according to Naveen Menon, partner at consulting firm AT Kearney.

In its latest research, the firm said that experts estimate that at least 25% of all companies have already suffered financial loss through some form of cyber attack.

Sony is understandably keen to downplay this latest hacking threat. "We are investigating the matter" is the kind of benign language more commonly used for routine technological issues, not chilling messages threatening to unleash reams of data to the world.

The demands are opaque so it is unclear how much damage could be wrought should Sony fail to resolve the situation before the deadline. Sony Pictures has at least reclaimed its compromised Twitter accounts.

Nevertheless, this internal corporate attack does not yet appear to be of the magnitude of previous public breaches that Sony has suffered.

But the fact that hackers have again apparently infiltrated Sony's systems will do nothing to restore public faith that the Japanese technology giant has its security affairs in order.

And it is somewhat ironic that Sony has only just dismissed the allegation made by hackers that they had succeeded in breaching the Playstation network earlier this year. This latest attack cannot be so easily dismissed.

http://www.bbc.com/news/technology-30189029 

How health history is more valuable to hackers than your credit card information

By Kelly Yee

A recent article stated that medical records could be sold for up to 20 times more than credit card information on the black market. There are various factors as to why consumers' medical information has become so valuable. This article considers those factors as well as some precautions medical providers can take to better protect themselves against malicious threats.

The first thing that needs to be addressed is why hackers prefer to buy and sell medical records versus credit card information.

If we start with credit card information, we need to address the question of how much a thief can profit from stealing a credit card? Sometimes zero, maybe a few thousand dollars if he or she is lucky. The fraud detection software that credit card companies deploy is so sophisticated that any attempt to purchase say a TV, in a state the victim has never been to, is flagged and rejected immediately. There are whole departments dedicated to try to track the thief, so that any loss in revenue by the credit card company is minimized. In other words, when it comes to stolen credit card information, there is a low reward for a moderate risk.

Now, take medical records. Most of us probably don't understand why our medical history is valuable. Why does it matter who knows our medical history?

But, in reality, in a thief's mind the real question is "who would be interested in paying the most for the medical information I have?" The answer lies with medical providers.

The advent of electronic records management has created a landscape where a thief could steal batches (tens of thousands) or patient records in one fell swoop. One of the original goals of electronic records management was to provide seamless access to an individual's medical records to many. This way, multiple departments and specialties could all have access to a singular account of a patient's medical history. This is great for a hospital where different departments need to communicate with one another. From a security standpoint, however, there are now multiple access points too. Electronic records are very useful in one sense as they help with efficiency, document management and overall accountability, but with anything that has multiple points of entry, there is now more vulnerability to malicious use.

HIPPA compliancy is also another area of consideration as it also attributes in some way to the increased value of medical records on the black market. HIPPA is a federal protection act that medical providers must adhere to. HIPPA protects a patient’s information, which also has security safeguards. Any violation by the medical providers or employees could be pursued by a court of law, criminally and civilly. Simply put, under HIPAA, medical providers are federally required to keep patient’s information safe.

Finally, reputation must also be taken into account when considering the value of health records. In the medical community, medical providers get the majority of their business from referral and reputation. A breach in security or any unprofessional act by a medical provider could cost them several patients and therefore business.

Now let’s look at all of the factors together. Electronic records allow thieves the ability to extract thousands of patients’ records in one attack. Medical providers are federally required to keep patient’s information safe through HIPPA. Any violation of HIPPA alone could cost the medical provider millions. Any known breach of patients’ information would negatively affect the provider’s reputation, from both a patient and partner level. This means that millions of dollars and perhaps the medical provider’s existence could be at stake. In other words when taking into consideration factors like the storage of electronic records, HIPAA compliancy and a medical provider’s reputation; when it comes to medical health data there is a high reward for moderate risk for hackers.

Fortunately, security has become a main topic for medical providers and the electronic records management vendors that support them.   Security features like the ones Penango offers where email is encrypted and authenticated is beginning to be the norm. Two-factor authentication is also becoming the norm. This is when the user will need to know a password and have access to the token that generates the time-varying code. While it is easy to figure out or skim passwords for most user accounts, getting access to the token is much harder, and an attacker would have to steal the user’s phone or physical key fob. All these options can help reduce the risk of an attack. 

http://betanews.com/2014/11/03/how-health-history-is-more-valuable-to-hackers-than-your-credit-card-information/

Online ads are attacking you

By Jose Pagliery
October 15, 2014: 3:37 PM ET
NEW YORK (CNNMoney)

An especially sneaky type of hack is on the rise. Hackers can infect your computer by piggybacking on Web ads--even on trusted websites.

Hackers are slipping malware into legitimate-looking online advertisements. When you visit sites that serve those ads, you're automatically and unknowingly downloading computer viruses. 

"Malvertising" has hit Amazon, Answers.com, Dictionary.com, Examiner.com, The Jerusalem Post, Last.fm, The Pirate Bay, The Times of Israel, Yahoo, and YouTube this year. 

And it's blowing up. The number of malicious ads has nearly doubled every year since 2011, according to data from security firm RiskIQ. Its researchers have discovered 432,374 of them so far this year. 

"The ad tech industry recognizes this is a serious problem," said Geir Magnusson, CTO of online ad platform AppNexus.

Malvertising makes up a microscopic fraction of the 5 trillion online ads displayed each year in the US alone, according to trackers at comScore. But that's still half a million times our computers could get infected. 

Hackers have used malvertising to steal bank account information and lock up files to hold them for ransom.

A major concern now is that hackers are getting smarter at launching attacks that slip past security scanners -- and are customized to specifically attack you.

Online ad networks allow advertisers to know your physical location, Web history, and what kind of browser, device or operating system you use. Hackers are leveraging this to make ads that only deliver malware under specific circumstances.

If the malware exploits a bug in Windows XP, it won't appear if you use Windows 7. It might only target retirees in Florida on weekdays. That's why malvertisements don't always raise alarms. They won't appear for every scanner.

Hackers also take advantage of a vulnerability in the way online ads are bought and sold. When you navigate to a website, a complex negotiation between advertisers occurs in a matter of milliseconds. The highest-bidding advertiser can show you an ad -- or go back to the market and see if there's an even higher bidder somewhere out there -- all in half a second.

The box reserved for advertising on a website might redirect you to a dozen different computer servers before it finally loads the ad. That's how hackers go unnoticed: The first package of data they send seems fine, but they eventually redirect you to a server that spits out malware. They set up deceptive servers to trick ad networks and consumers alike.

"The ecosystem is optimized to get the right ad displayed at the right time at the highest price," said RiskIQ CEO Elias Manousos. "It was never built to stop fraud."

The system's complexity makes it harder to crack down. When Times of Israel was hit with malvertising in September, it took 14 hours to figure out what ad agency was unwittingly passing along the bad ads, according to Jess Dolgin, whose J Media firm serves as the news website's advertising department.

The advertising industry does take steps to protect the public. For example, AppNexuspays dozens of its staff in New York and India to monitor actual ads all day long. And a special software program, dubbed Sherlock, spots those that violate company policy.

Sherlock catches 35 malicious ads a week. But AppNexus serves 30 billion ads a day. Sherlock can't scan them all -- that would delay display time by minutes. Cybersecurity provider Bromium recently concluded the most thorough solution -- rigorous approval of 100% of ads -- is just not possible for the ad industry.

"There are limits to what you can do in milliseconds," said John Clyman, senior director of security at The Rubicon Project (RUBI), an ad exchange.

So how can you avoid malvertising?

The bare minimum: Don't click on ads, especially if they say something like, "Danger! You need to upgrade your antivirus!" And malware-laced ads can look like authentic car or movie commercials.

Minimize exposure: Always update your operating system, apps and Web browser (including plugins, like Java). Up-to-date antivirus programs will catch some malware -- but not all.

Go all the way: Use something like AdBlock, which stops all advertisements from appearing. But pages designed to look good with ads suddenly look horrendous. And worst of all, this chokes off the main revenue stream for publishers, like CNNMoney or your favorite blog.

Ad companies are also clamping down on each other. AppNexus has a three-strike policy before it suspends business with an ad agency. Security researchers suggest an ad industry honor system that universally revokes privileges. You spew malware, you're out. But the problem is so widespread that sounds untenable too.

"It would be interesting to see if anyone would be left standing," Dolgin said.

http://money.cnn.com/2014/10/15/technology/security/malvertising/ 

2014 October Shred Event!

Don't forget! Technology Services and New World Recycling will be holding our second annual October Shred Event next Monday, October 27th from 1:00-3:00pm. This is the perfect opportunity to celebrate National Cyber Security Awareness Month by shredding all the sensitive documents that have been taking up space in your home! The Kona Ice truck will be joining us as well!

See you there!

Kmart and Dairy Queen Report Data Breach

By Nicole Perlroth
October 10, 2014

In the latest cyberattack on American retailers and restaurants, both Kmart and Dairy queen said their computer systems were compromised in a security instructions involving customers' credit and debit card information.

Kmart, a subsidiary of Sears Holdings, said on Friday that it had been breached and that it was working with law enforcement as well as a forensics team. The company said that it appeared to have been attacked in early September and that malware was present on some of its in-store payment systems. The malware, like the type found at Home Depot recently, was meant to evade antivirus systems.

The company did not indicated how many stores were affected or how many credit cards were potentially compromised but said the malware has been removed.

Dairy Queen also said on Thursday that its in-store payment systems contained malware. The company said it was working with its franchisees to determine if and when each location was breached and posted a full list, with time frames, on its website. That information suggests hackers made their way into Dairy Queen payment systems in August.

Based on early forensics reports, Sears and Dairy Queen said there was no evidence that personal information, debit card PINs, email addresses or Social Security numbers were obtained in the attack. Only account numbers and expiration dates were taken.

Sears and Dairy Queen join nearly a dozen other retailers--including Target, Sally Beauty, Neiman Marcus, the United Parcel Service, Michaels, Albertsons, SuperValu, P.F. Chang's, and Home Depot--that have had their in-store payment systems compromised with malware over the last year.

The Secret Service estimated this summer that 1,000 American merchants were affected by this kind of attack, and that many of them may not even know that they were breached. There have been no arrests to date.

In each case, criminals scanned for tools that typically allow employees and vendors to work remotely, then broke into these tools, using their foothold to install malware on retailer's systems. That malware, in turn, fed customers' payment details back to the hackers' computer servers.

The same group of criminals in Eastern Europe is believed to be behind the earlier attacks, according to several people with knowledge of the results of forensics investigations who spoke on the condition of anonymity because of nondisclosure agreements.

Studies have found that retailers, in particular, are unprepared for such attacks. A joint study by the Ponemon Institute, an independent security research firm, and DB Networks, a database security firm, found that a majority of computer security experts in the United States believed that their organizations lacked the technology and tools to quickly detect database attacks.

Only one-third of those experts said they did the kind of continuous database monitoring needed to identify irregular activity in their databases, and another 22 percent acknowledged that they did no scanning at all.

Sears said it would offer free credit-monitoring services to any customer who had used a credit or debit card at any of its affected store locations. Dairy Queen said it would offer free identity repair services for one year to affected customers.

http://bits.blogs.nytimes.com/2014/10/10/kmart-and-dairy-queen-report-data-breach/?_php=true&_type=blogs&_r=0

Data Breach at UPS Stores in 24 States

HONG KONG (CNNMoney)

United Parcel Service has discovered a computer breach at 51 stores, making Big Brown the latest retailer to lose customer data.

UPS (UPS) said that the hacking had escaped detection at stores in 24 states, or around 1% of its locations. At most stores, the malware attack occurred after March 26, and was eliminated by August 11.

No fraud has yet been discovered, UPS said, but customer names, postal addresses, email addresses and payment card information were compromised.

Tim Davis, president of The UPS Store, apologized in a statement for any anxiety the theft may have caused customers. He said the company had deployed "extensive resources to quickly address and eliminate this issue."

Each UPS Store is franchised and runs separate computer systems, which may have helped limit the extent of the attack. UPS said the bug was not found at any of its other businesses.

The UPS breach is the latest in a long string of incidents in which hackers have made off with retail consumer data.

Just last week, Albertson's and SuperValu announced that hackers broke into their credit and debit card payment networks. Target (TGT) has been hit, along with Adobe(ADBE), Snapchat, Michaels, Neiman Marcus, AOL (AOL, Tech30) and eBay (EBAY,Tech30).

All in all, a CNNMoney analysis found that half of all American adults were hacked in a recent 12-month period.

http://money.cnn.com/2014/08/21/technology/security/ups-store-data-hack/

Home Depot is investigating a hack that possibly exposed its customer payment information

NEW YORK (CNNMoney)

The company on Tuesday confirmed it has partnered with banks and law enforcement to look into "some unusual activity" relating to customers.

Independent cybersecurity journalist Brian Krebs was the first to report this, saying "a massive new batch of stolen credit and debit cards" went for sale Tuesday in the black market online.

Krebs said hackers were possibly in Home Depot's computer systems from May until now. If that's true, this might be even larger than the three-week long Target breach that affected 40 million debit and credit cards late last year, he noted.

In a statement, Home Depot spokeswoman Paula Drake said: "Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers."

The company promised to alert customers as soon as it can ascertain a data breach has occurred.

This could turn out to be another giant hack like the ones that hit several brand name U.S. stores. Since late 2013, the list has gotten extensive: Albertson's, Target, Michaels, Neiman Marcus, P.F. Chang's, and SuperValu.

So many companies have been hit, CNNMoney developed it's own tool: What hackers know about you. Check it out.

For perspective, consider that Target (TGT) is still reeling from its brush with hackers. The company's latest figures estimate the damage so far at $148 million--and that number continues to rise. The value of its stock has fallen nearly 5% this year, and the company's CEO resigned.

Meanwhile, Target customers haven't felt any direct impact--that they can attribute to the hack, anyway. But that's partly because banks won't let customers know what big hack forced them to temporarily freeze accounts, nix fraudulent expenses, and reissue debit and credit cards.

http://money.cnn.com/2014/09/02/technology/security/home-depot-hacked/ 

There's A Sickening Scam On Facebook Which is Exploiting Robin Williams' Suicide

by Alex Heber
August 20, 2014 at 3:10pm

Populating many Facebook feeds this week have been scam posts taking advantage of Robin Williams' tragic suicide.

The posts which are shared unknowingly by your Facebook friends claim to include a "last phone call" video and are designed to sell social media user's information.

Clicking on this post takes you to a website which asks you first to share the post on your own Facebook wall and then take a short survey.

IT security company ESET said scammers earn money for every person they trick in to completing the survey.

"You would have to be pretty ghoulish to proceed any further, but the truth is that the internet has deadened our sensitivities and made many of us all too willing to watch unpleasant thing on our computer screens," ESET security analyst Graham Cluley said.

"By tricking thousands of people into taking a survey, in the misbelief that they will watch the final moments of a comedy legend whose life ended tragically, the scammers aim to make affiliate cash.

"Because every survey that is taken earns them some cents--and the more people they can drive toward the survey (even if they use the bait of a celebrity death video), the more money will end up in their pockets. In other cases, scammers have used such tricks to install malware or sign users up for expensive premium rate mobile phone services."

The Australian government's Stay Safe Online initiative also sent out an alert warning of the threat. This is one of many scams targeting disasters and tragedies as scammers prey on events of global concern. The scams are easily interchanged to suit new events," it said.

The advice is not to share or like anything on Facebook unless you are confident it is safe.

"You should be suspicious of any post that requires you to blindly share posts or provide personal information," Stay Safe Online said in its warning.

http://www.businessinsider.com.au/theres-a-sickening-scam-on-facebook-which-is-exploiting-robin-williams-suicide-2014-8/ 

Your personal information just isn't safe

By Jose Pagliery
NEW YORK (CNNMoney)

Companies can't keep your data safe. It's that simple.

When Target lost data on some 110 million customers, it recommended them to credit bureau Experian for "identity theft protection," offering to cover the cost for a year.
Think you're in better hands? Think again.

Sometime before the Target (TGT) hack, Experian had its own data leak--via a subsidiary. That data leak got plugged before Target sent victims to Experian. But it shows that even those entrusted with our most sensitive data don't know how to protect it.

Experian unknowingly sold the personal data of millions of Americans--including Social Security numbers--to a fraudster in Vietnam. That guy then sold the personal information to identity thieves around the globe.

It wasn't until U.S. Secret Service agents alerted Experian that the company stopped.

Hieu Minh Ngo, now 25, was caught and admitted to posing as a private investigator in Singapore to get exclusive access to data via Court Ventures, an Experian subsidiary. Ngo then sold access to fellow criminals.

Federal investigators say that let criminals reach databases with hundreds of millions of Americans' personal data including:

• names
• addresses
• Social Security numbers
• birthdays
• work history
• driver's license numbers
• email addresses
• banking information

Criminals tapped that database 3.1 million times, investigators said. Surprised you haven't heard this? It's because Experian is staying quiet about it.

It's been more than a year since Experian was notified of the leak. Yet the company still won't say how many American's were affected. 

CNNMoney asked Experian to detail the scope of the breach. The company refused.

"As we've said consistently, it is an unfortunate and isolated issue--one that did not affect Experian's databases and has no true relevance to the work we did with clients like Target," Experian spokesman Gerry Tschopp said.

Federal court filings show that at least one database actually belonged to another firm--U.S. Info Search. It was Experian's subsidiary that sold database access to Ngo.

Target and Experian insist that the credit monitoring service is unrelated to the incident involving Experian's data-selling business.

But even Experian's credit monitoring service, which collects data on customers, isn't immune.

According to Barry Kouns, a security professional who maintains a Cyber Risk Analytic database of major data breaches, said Experian's databases have been involved in 97 breaches of personal information.

"Based on our research, it appears that data brokers place a high value on collecting and using our information but not so much protecting it," Kouns said.

http://money.cnn.com/2014/07/25/technology/security/target-experian/index.html 

You Should Treat Public Computers Like Public Bathrooms--With a little fear

By Josephine Wolff

When I was in college, the main campus library had several computers set up on the first floor for public use, and invariably, whenever I used one, a previous user had not logged out of her Gmail account. So when I tried to load my account, I would instead find myself staring at the entire contents of someone else's inbox. Of course, I would then log that person out and sign myself in--but those brief moments when I had complete access to another person's email were terrifying nonetheless. How could people be so careless with something as valuable as their email account? And then, inevitably, after my own session, I would make it halfway across campus and suddenly being worrying that I might have forgotten to log myself out--the same way you might worry you forgot to turn off the stove, or lock the door before leaving your house--and so I would trek back up to the library and check.

I still fear public computers, a terror that was only reinforced by the July 10 advisory that the Secret Service and National Cybersecurity and Communications Integration Center issued about keyloggers on hotel business center machines. The advisory, first reported by security researcher Brian Krebs, was directed at the hospitality industry and warned of cases in which people who had registered at hotels with stolen credit cards downloaded keylogging software onto the computers in the hotels’ business centers. 

The software would then capture every keystroke entered on those public machines—including the usernames and passwords entered by unsuspecting hotel guests, as well as the content of any emails or documents they wrote on those machines. The log of these keystrokes would be emailed to the person who had installed the malicious program, providing the hacker with a wealth of data on the business center users. “The suspects were able to obtain large amounts of information including other guests’ personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers,” according to the advisory.

This, of course, is a far more serious—and nefarious—threat than college students who forget to log out of their Gmail accounts and thereby give strangers access to their email, but both risks stem from a common problem in computer security: our tendency to treat public computers like personal ones and, more broadly, to ignore the physical dimension of cybersecurity.

Krebs points out that while there are ways that hotels can try to make it more difficult for people to download keyloggers on their computers—by restricting users’ ability to install programs, for instance—there’s a limited amount that can be done to improve the security of public computers, especially if they’re to provide any valuable services to users. Or, as Krebs puts it, “if a skilled attacker has physical access to a system, it’s more or less game over for the security of that computer.”

Basic safeguards are still worth taking, if only to restrict the set of potential perpetrators to “skilled attackers.” The advisory noted:

It doesn’t take much skill to find keylogging software online and install it on a public machine. You don’t need to know how computers work, you don’t need to be an expert coder, you just need to be dishonest—and have access to a computer that other people use. This is data theft at its easiest—and perhaps also at its easiest to overlook.

In cybersecurity research, we think a lot about the variety of threats that can flow over networks and the silent, nonphysical ways that computers can be accessed and penetrated and entered—via email, Web pages, and other means. These sorts of crimes present a whole host of new security problems that are worth studying and addressing in light of the fact that the principles and assumptions of physical security no longer apply. The very notion of “access,” in fact, changes radically in this context—and the language we use to talk about cybersecurity breaches, in which attackers successfully “penetrate” machines, or get “inside” computers, reinforces how thoroughly physical ideas have been co-opted and given virtual meanings in this space.  But sometimes we risk forgetting that the lessons and language of physical security still matter and still apply. Yes, you can steal information from a computer halfway across the world—but it’s often much easier, especially for criminals with limited technical expertise, to steal from a computer you can walk right up to—a computer in a hotel’s business center or college library. Even privately owned computers that are left unlocked present a prime target for the technically unskilled criminal, and while people routinely use lock screens on their cellphones, they often don’t take the same degree of precaution with their laptops.

The good news about the physical security elements of cybersecurity threats is that, just as they are relatively easy for nontechnical people to exploit, they are also fairly straightforward for other nontechnical people to defend against. Essentially, you want to make it as difficult as possible for anyone who is not you to ever use your private computer, and you should only use public ones under the assumption that anything you do on them may be captured or accessible to others. Just as you might take basic hygiene steps to avoid germs and bacteria in public bathrooms (oron public keyboards), some simple cyber hygiene measures can help you ward against the digital diseases carried by the outside world. This means always—always, always—locking your computer whenever you walk away from it, not letting other people use it, and not checking your primary email account or bank account—or doing anything else potentially sensitive—in a hotel business center or on any other public computer.

This certainly won’t protect against all cybersecurity threats—it won’t even protect against all of the problems posed by hotel networks, which can be used to install malware on personal computers, or even public computers—my sophomore year, those same computers in the main campus library that I occasionally (and foolishly) used to check my email were used to send anonymous death threats via email. But at the very least, these sorts of measures will help weed some of the less technically talented from the field of would-be cybercriminals and allow us to continue studying and learning about the novel nature of these digital threats without losing sight of the ways in which they are not entirely new. Cybersecurity and physical security are closely related—increasingly so, as more physical objects are connected to online infrastructure in various ways—and even as computer networks pose some new security challenges, they can still benefit from applying some of the older lessons of physical security.

http://www.slate.com/articles/technology/future_tense/2014/07/keyloggers_at_hotel_business_centers_the_dangers_of_public_computers.2.html 

OUCH! June 2014: Disposing of your Mobile Device

OUCH! June 2014: The Monthly Security Awareness Newsletter for Computer Users

Disposing of Your Mobile Device
Overview: Mobile devices, such as smartphones and tablets, continue to advance and innovate at an astonishing rate. As a result, many of us replace our mobile devices as often as every 18 months. Unfortunately, too many people simply dispose of their older mobile devices with little thought on just how much personal data their devices have accumulated. In this newsletter we will cover what types of personal information may be on your mobile device and how you can securely wipe it before disposing of it or returning it. If your mobile device was issued to you by your employer or has any organizational data stored on it, be sure to check with your supervisor about proper backup and disposal procedures before following the steps below.

For the full newsletter, visit: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201406_en.pdf