Thanks to the Internet, jobs that we used to have to do from the confines of an office can now be done at home. Even before COVID led many of us to work from home, millions of us already worked remotely. And that trend doesn’t seem like it will slow down any time soon. BUT home wifi isn’t safe from hackers.
There are good reasons for that, since remote work has many benefits for workers, as well as fewer overhead costs for employers. After a large chunk of the working population got a taste of working from home, many decided that they liked it.
However, working remotely has its own problems and challenges, especially in terms of network security. Your home network is probably not protected by the same rigorous cybersecurity protocols that corporate networks have access to. So, either the company or the employee needs to take steps to protect company data.
Can My Home Network Be Hacked?
Yes, your home network can absolutely be hacked. Our home wifi isn’t safe from hackers or as secure as our office environments. Also, if we are using our own laptops instead of work ones, we may not be using robust security to protect sensitive company information.
One common way hackers can get access to your home network is to guess the password. Routers often come with a default password that the manufacturer uses for all devices, and many times users don’t change this. A hacker only has to look up the default password associated with a particular router and can use it to gain access to all devices on the network.
In addition, hackers can also exploit security flaws in the router’s firmware. Since firmware is updated infrequently, hackers have all the time they need to discover and exploit security flaws before they’re fixed. According to a study by the American Consumer Institute (ACI), 83% of home WiFi routers are vulnerable to this kind of attack.
How Can I Protect My Home WiFi Network?
CNET recently published a great article which detailed ten things you can do to help protect your home network. These are a great starting point to learning exactly what needs to be done to keep company and personal data secure from unwanted eyes.
Place your router in a central location
One of the most important things is to place the router in the center of the home. Not only does this make the best quality connection, it also makes it harder for anyone outside your home to get a strong signal, and limits how far the signal can travel outside of your home.
Use a strong WiFi password and change it every six months
The best thing you can do to keep your WiFi network safe is to use a unique password that does not include any easily guessed passwords or phrases. This means no names, birthdays, phone numbers or other common information. And make sure to change this password at least once every six months.
Change the default router login credentials
You also want to make sure to keep anyone from accessing your router settings by changing the admin name and password for your router. These login credentials are separate from your WiFi password. You can access these by typing your router’s IP address in the URL bar of your browser.
Turn on your firewall and WiFi encryption
Your router has a firewall to prevent hacking, as well as encryption to keep anyone from stealing your data that’s being sent from your router to your connected devices. Check to make sure that both of these are enabled, and if they’re off for any reason, turn them back on.
Create a guest network
You probably trust the people you invite over to your house. But you should still consider creating a guest network for your visitors. Guests devices or anything they download on your network could be infected with malware or viruses targeting your network. This guest network is also great for all of your IoT devices. Devices such as your smart speakers or other appliances hooked up to your network. These devices are usually more easily hackable than a computer or phone.
Keep your router and devices up to date
While software updates may be annoying, it’s important to keep them up to date. Updates often include security updates and patches for exposed vulnerabilities. Making sure you install all the latest updates to your router and devices ensures that you reduce your exposure to these vulnerabilities and have the best protection you can get from hackers.
Disable remote router access
Your router usually has the ability for someone to remotely access the settings. There’s usually no need to do this, unless you plan on being away from home for some time. You can disable these in your router’s admin settings.
Verify connected devices
From time to time, look at the devices attached to your network to make sure you recognize them. If anything looks suspicious, disconnect it and change your network password.
Upgrade to a WPA3 router
All new routers have WPA3, the latest security protocol. So if you have a new router, you don’t have to worry about this. But if you have a router that was made before 2018, you might have a WPA2 device. If you do, be sure to upgrade your router.
Use a VPN
Probably the best way to protect your home network and your company’s data is to invest in a strong, reliable VPN.
Our RemoteWorkForceVPN not only protects remote employees when accessing information from the Internet, but it also provides secure access to company resources and databases. RemoteWorkForceVPN can also securely connect your company’s branches worldwide.
If their company does not provide a business VPN, remote employees can use Private WiFi – our consumer offering – to protect their home wifi from hackers.
As we enter the new world of working primarily from home, do everything you can to protect your home network. Follow these simple tips, because as you now know, home wifi isn’t safe from hackers.
Parenting kids is hard enough, parenting kids with social media is another thing…
Without clear guidance from us as parents, and education on the consequences of oversharing, our kids can open themselves to damages we can’t even predict. This is an enormous challenge, but a challenge worth understanding and taking on.
Strong boundaries and education around social media are important as data thieves, and other criminals, don’t consider age a deterrent.
In fact, a child’s information has more value to an identity thief than an adult because they have clean credit files and typically a longer length of time before discovery, creating even more damage.
Helping our kids to understand what they are doing, what impacts their social media behavior has in the long term is more important than ever. If our job is to equip them to face this world without us, we have to ensure they are aware of the implications of their online activities.
Talk to your kids about how to avoid strangers. Have conversations about revealing too much about themselves and their family. Give them tips on social media safety and talk to them about things that could be a red flag. And encourage them to come to you when uncomfortable things happen or if they have any questions.
Tips for Kids and Parents
Learn about social media platforms. Whichever app your child wants to be on, learn about it. Read the reviews, age restrictions, and the fine print.
Get an account before your kids. Learn the app, make sure you know exactly what they can and cannot do.
Teach your child about posting. Every post, comment, like, and share is part of your kid’s digital footprint. And deleting a post does not mean it is gone. Inappropriate posts may have an impact on their lives later. Posts may not seem like a big deal now but it could hurt them in the future. Most college admissions and employers are looking at social media accounts.
Emphasize the importance of privacy. Many social media sites request information such as names, dates of birth, school names, and hometown. Teach them about how much information is too much information. The information exposed online can create exposure and vulnerability to Identity theft.
On my work laptop, I use a VPN (Virtual Private Network) whenever I work remotely including in my home, my hotel room, or any other location away from the office. (be sure to watch the video below)
Private WiFi is the flagship product of Private Communications Corporation, founded by Kent Lawson in 2010. After reading a series of articles in The Wall Street Journal, Forbes, and The New York Times about the security vulnerabilities of WiFi hotspots, Lawson (a 40 year computer industry executive) was inspired to come out of retirement and work to resolve the problem.
According to Lawson, “your private information is an easy target on a public WiFi network such as hotels, coffee shops, and airports that are not secure. Anyone using the same hotspot can intercept and hack your communications. Your usernames, passwords, and other private information can be stolen out of the thin air.”
“We created Private WiFi to protect your identity and personal information by encrypting your WiFi signal. Everything you do online is protected with bank-level security, so you can surf, share, shop, and bank with confidence.”
A way of life
Think about it, connecting to public WiFi hotspots has become a way of life. Millions of people connect to public WiFi every day without thinking – at coffee shops, hotels, restaurants, or airports. It’s fast, it’s free, and it’s convenient. But this convenience can come at a cost.
But it’s not secure. Everything transmitted on your laptop, smartphone, or tablet over WiFi hotspots can be grabbed out of thin air – and many users don’t understand hotspot security risks. Roughly 39% have accessed sensitive information while on WiFi hotspots, according to a Nielsen/Harris Poll. That means their privacy and security are in danger every time they connect.
According to Lawson, “Private WiFi encrypts Internet traffic and protects hotspot users from hackers and identity thieves, creating a secure tunnel that is invisible to hackers.”
“In a world full of wireless security risks, Private WiFi puts the power to protect hotspot users’ information in their own hands,” said Lawson.
The New York Times calls Private WiFi the “VPN for the masses.” PC Magazine featured Private WiFi as one of the “Ten VPN Services You Should Know About” and it has been featured on CNN, and Good Morning America among other news outlets.
VPNs are easier to use than ever. My recommendation is to use a VPN on all your devices to search, shop, bank, read, and connect. This will give you the confidence your personal privacy is secure. Think before you connect, don’t make it easy for the bad guys.
As we continue to see the Russian invasion of Ukraine, it is natural that we look for ways to help. Donating money is often one of the best and easiest ways to make an impact. Unfortunately, we need to ensure that we avoid Ukraine relief scams popping up which is causing more chaos.
Scammers have no shame and will try to lure out money from people like you who are just trying to help. Below are some tips to consider while looking to help.
Donation Tips
Give to Organizations You Trust:
Do your research before giving. Review the charity’s purpose and find out how the charity spends its donations. How much is spent directly on the charitable cause? How much goes to overhead and employee compensation? You should also confirm the charity’s name, address, and nonprofit status.
Be Wary of Social Network Fundraising:
If you are planning to donate through a social network solicitation, first do some research. Find out what percentage is going to the charity, whether you will be charged a fee, or if a percentage of your donation will be paid to the platform website.
Don’t Be Pressured by Telemarketers – Ask Questions Before Donating:
If you receive a call from a telemarketer, ask for the name of the fundraising organization, whether it is registered with the Attorney General’s Office, the name of the charity benefitting from the solicitation, how much of your donation will go to charity and how much to the telemarketer, and the direct telephone number of the charity. Don’t fall for pressure tactics or threats. Remember that you have the right to say no and if you feel pressured or threatened, just hang up.
Watch Out for Similar-Sounding Names, Web Addresses, and Other Deceptive Tactics:
Fraudulent organizations may use names that closely resemble those of well-established charitable organizations in order to mislead donors. Look out for fraudulent websites that have a slightly different web address (URL) than that of a legitimate charitable organization. Similar-looking URLs are sometimes purchased by fraudsters to lure in would-be donors. These sites may ask you for personal information or install harmful material onto your device. Be skeptical if someone thanks you for a pledge you never made, and always check your records.
Understand the Difference Between “Tax-Exempt” and “Tax-Deductible”:
Being a nonprofit does not mean the organization is exempt from taxation, or that your donation is tax-deductible. Generally, a tax-exempt organization is exempt from paying tax on its income/gifts, but may or may not be able to offer tax deductions to donors. Just because an organization has a “Tax ID Number” doesn’t mean it is a charity, tax-exempt, or tax-deductible. A few tax-exempt organizations – 501(c)(3) tax-exempt status – are able to offer charitable tax deductions for your donations. If you are not sure whether your donation is tax-deductible, verify the charity’s tax-exempt status by using the tools and information located on the IRS website.
Protect Your Identity:
Never give your Social Security number or other personal information in response to a charitable solicitation. Never give out credit card information to an organization unfamiliar to you. Some organizations sell or rent their donor lists to other organizations, including organizations that are not charities.
Please consider sharing this with others, you may be helping others avoid Ukraine relief scams!
It was the best of times, it was the worst of times, and VPNs During Covid have proved their worth!
In the middle of a global pandemic that upended everyone’s lives in a myriad of ways – the world of work changed profoundly. It was a huge shift that was very was hard and it took some time. But, overall, companies learned that “work from home” really works. And while some companies might be heading back to their offices in the near future, many will remain remote or adopt a hybrid model.
But working from home means there are entirely new security issues to worry about. In the physical office, we had very strong security protocols, implemented by IT experts.
What about our home networks? Are they as strong? How can we protect our communications? Our company information? Our partners’ and clients’ information?
Also, we are now using cloud-based applications from our smartphones, tablets, and laptops. But are these being used securely outside the safe parameters of our normal security apparatus at work?
Home Networks Are Not Safe
According to YouGov America, 52% of us who are working from home are using a VPN. Which sounds good at first, until you consider that that means that nearly half of us are not using one at all. In fact, 30% use a VPN “rarely” or “never”! This means that we are entirely at the mercy of the security of home networks.
It’s absolutely possible for a home network to get hacked. One common method is to guess the password. Routers often come with a preset default password that the manufacturer uses for all devices. Have all your employees changed theirs?
Another possible issue is wardriving. Wardriving involves attackers searching for vulnerabilities in-home networks while moving around an area in a vehicle, bicycle, or on foot. These attackers then use hardware and software to gain unauthorized access to the network by cracking passwords or decrypting the router. While wardriving is less common today, there are no laws that specifically prohibit it.
Hackers can also exploit security flaws in the router’s firmware. Infrequent firmware updates leave 83% of home WiFi routers vulnerable to attack, according to a study by The American Consumer Institute.
That’s a problem. But there’s more to the story. Even when we do use supposedly secure home networks, there are issues we may not be aware of.
Home routers have firmware that may not be up to date. Are you updating all of your software constantly and regularly? If so, you are better than most. ResearchGate found that only half (52%) update our software within a week when updates and patches are released.
And honestly, how many of us dread getting those notifications to update our software, which usually requires a system reboot? Most of us dread software updates, which leads to many of us not updating our software at all.
A 2017 Pew Research survey found that 14 percent of people never update their phone’s operating system, and 42 percent only do so when it’s convenient, despite these updates sometimes containing urgent security fixes.
Working from Home Doesn’t Always Mean Working from Home
Another truth is that when we are working remotely, we aren’t necessarily working from home. Many of us work from our local cafe, library, or anywhere else where we can log into a public WiFi network.
But here’s the thing about logging into public WiFi: anything we do on it can be seen and potentially accessed by anyone else on the network.
It’s exceptionally easy for novice hackers to spy on anyone using public WiFi. YouTube has hundreds of thousands of videos on how to do it.
Only a VPN Fully Protects You When Working Remotely
The simple truth is that unless you are working from your physical office on a network that is managed by your company’s IT department, your company information is at risk. This is true even when folks are working from home on a supposedly secure home network.
And this is true even if teams aren’t working from home 8 hours a day, five days a week. It’s true even if they work a few hours or a few days from home.
And if they do work from their phone or laptop on a public WiFi network, you can’t be totally sure who sees what they do online.
The best way to protect your company information when working remotely or from home is to use a VPN. A VPN ensures that they can work from anywhere and you can rest easy knowing that you and your company’s data are completely safe.
The Internal Revenue Service (IRS) recently released 2021’s ‘Dirty Dozen’ tax scams list. The list comes with a warning for taxpayers, tax professionals, and financial institutions…
Be on the lookout for these 12 schemes and scams!
The list is broken down into 4 separate categories:
Pandemic-related scams like Economic Impact theft
Personal information cons including phishing, ransomware, and phone “fishing”
Ploys focusing on unsuspecting victims like fake charities and senior/immigrant fraud
Schemes that persuade taxpayers into unscrupulous actions such as Offer In Compromise mills and syndicated conservation easements.
The categories are based on who perpetrates the schemes and who they impact.
The IRS continues to see ruses by dishonest people who trick others into doing something illegal or causes them harm. Predators encourage otherwise honest people to do things they don’t realize are illegal or prey on their goodwill.
Several schemes involve fraudsters targeting groups like seniors or immigrants, posing as fake charities impersonating IRS authorities, charging excessive fees for Offers in Compromise, conducting unemployment insurance fraud, and unscrupulously preparing tax returns.
Here are five of this year’s “Dirty Dozen” scams.
Fake charities
The IRS advises taxpayers to be on the lookout for scammers who set up fake organizations to take advantage of the public’s generosity. They especially take advantage of tragedies and disasters, such as the COVID-19 pandemic.
Scams requesting donations for disaster relief efforts are especially common on the phone. Taxpayers should always check out a charity before they donate, and they should not feel pressured to give immediately.
Taxpayers who give money or goods to a charity may be able to claim a deduction on their federal tax return by reducing the amount of their taxable income. But taxpayers should remember that to receive a deduction, taxpayers must donate to a qualified charity. To check the status of a charity, use the IRS Tax Exempt Organization Search tool. (It’s also important for taxpayers to remember that they can’t deduct gifts to individuals or to political organizations and candidates.)
Here are some tips to remember about fake charity scams:
Individuals should never let any caller pressure them. A legitimate charity will be happy to get a donation at any time, so there’s no rush. Donors are encouraged to take the time to do the research.
Potential donors should confirm the charity’s exact name, web address, and mailing address. Some dishonest telemarketers use names that sound like large well-known charities to confuse people.
Be careful how a donation is paid. Donors should not work with charities that ask them to pay by gift cards or by wiring money. That’s how scammers ask people to pay. It’s safest to pay by credit card or check — and only after having done some research on the charity.
IRS impersonators and other scammers are known to target groups with limited English proficiency as well as senior citizens. These scams are often threatening in nature.
While it has diminished some recently, the IRS impersonation scam remains a common scam. This is where a taxpayer receives a telephone call threatening jail time, deportation, or revocation of a driver’s license from someone claiming to be with the IRS. Taxpayers who are recent immigrants often are the most vulnerable and should ignore these threats and not engage the scammers.
The IRS reminds taxpayers that the first contact with the IRS will usually be through mail, not over the phone. Legitimate IRS employees will not threaten to revoke licenses or have a person deported. These are scare tactics.
As phone scams pose a major threat to people with limited access to information, including individuals not entirely comfortable with the English language, the IRS has added new features to help those who are more comfortable in a language other than English. The Schedule LEP PDF allows a taxpayer to select in which language they wish to communicate. Once they complete and submit the schedule, they will receive future communications in that selected language preference.
Additionally, the IRS is providing tax information, forms, and publications in many languages other than English. IRS Publication 17, Your Federal Income Tax, is now available in Spanish, Chinese (simplified and traditional), Vietnamese, Korean and Russian.
Seniors beware
Senior citizens and those who care about them need to be on alert for tax scams targeting older Americans. The IRS recognizes the pervasiveness of fraud targeting older Americans, along with the Department of Justice and FBI, the Federal Trade Commission, and the Consumer Financial Protection Bureau (CFPB), among others.
In an effort to make filing taxes easier for seniors, the IRS reminds seniors born before Jan. 2, 1956, that the IRS has re-designed the Form 1040 and its instructions, and that they can use the Form 1040SR and related instructions.
The IRS reminds seniors that the best source for information about their federal taxes is the IRS website.
Offer in Compromise “mills”
Offer in Compromise mills contort the IRS program into something it’s not – misleading people with no chance of meeting the requirements while charging excessive fees, often thousands of dollars.
“We’re increasingly concerned that people having trouble paying their taxes are being duped into misleading claims about settling their tax debts for ‘pennies on the dollar’,” said IRS Commissioner Chuck Rettig. “The IRS urges people to take a few minutes to review information on IRS.gov to see if they might be a good candidate for the program – and avoiding costly promoters who advertise on radio and television.”
The IRS reminds taxpayers to beware of promoters claiming their services are needed to settle with the IRS. And that their tax debts can be settled for “pennies on the dollar” or that there is a limited window of time to resolve tax debts through the Offer in Compromise (OIC) program.
OIC?
An “offer,” or OIC, is an agreement between a taxpayer and the IRS that resolves the taxpayer’s tax debt. The IRS has the authority to settle, federal tax liabilities by accepting less than full payment under certain circumstances. However, some promoters are inappropriately advising indebted taxpayers to file an OIC application with the IRS, even though the promoters know the person won’t qualify. This costs honest taxpayers money and time.
Taxpayers should be especially wary of promoters who claim they can obtain larger offer settlements than others or who make misleading promises that the IRS will accept an offer for a small percentage. Companies advertising on TV or radio frequently can’t do anything for taxpayers that they can’t do for themselves by contacting the IRS directly.
Taxpayers can go to IRS.gov and review the Offer in Compromise Pre-Qualifier Tool to see if they qualify for an OIC. The IRS reminds taxpayers that under the First Time Penalty Abatement policy, taxpayers can go directly to the IRS for administrative relief from a penalty that would otherwise be added to their tax debt.
Unscrupulous tax return preparers
Although most tax preparers are ethical and trustworthy, taxpayers should be wary of preparers who won’t sign the tax returns they prepare. For e-filed returns, the “ghost” will prepare the return but refuse to digitally sign as the paid preparer.
By law, anyone who is paid to prepare, or assists in preparing federal tax returns, must have a valid Preparer Tax Identification Number (PTIN). Paid preparers must sign and include their PTIN on the return. Not signing a return is a red flag that the paid preparer may be looking to make a quick profit by promising a big refund or charging fees based on the size of the refund.
Unscrupulous tax return preparers may also:
Require payment in cash only and will not provide a receipt.
Invent income to qualify their clients for tax credits.
Claim fake deductions to boost the size of the refund.
Direct refunds into their bank account, not the taxpayer’s account.
Taxpayers should that they are legally responsible for what is on their tax return regardless of who prepares it. Consumers can help protect themselves by choosing a reputable tax preparer.
Unemployment insurance fraud
Unemployment fraud often involves individuals acting in coordination with or against employers and financial institutions. Their goal is to get state and local assistance to which they are not entitled. These scams can pose problems that can adversely affect taxpayers in the long run.
States, employers, and financial institutions need to be aware of the following scams related to unemployment insurance:
Identity-related fraud: Filers submit applications for unemployment payments using stolen or fake identification information to perpetrate an account takeover.
Employer-employee collusion fraud: The employee receives unemployment insurance payments while the employer continues to pay the employee reduced, unreported wages.
Misrepresentation of income fraud: An individual returns to work and fails to report the income to continue receiving unemployment insurance payments, or in an effort to receive higher unemployment payments, applicants claim higher wages than they actually earned.
Fictitious employer-employee fraud: Filers falsely claim they work for a legitimate company, or create a fictitious company, and supply fictitious employee and wage records to apply for unemployment insurance payments.
Insider fraud: State employees use credentials to inappropriately access or change unemployment claims, resulting in the approval of unqualified applications, improper payment amounts, or movement of unemployment funds to accounts that are not on the application.
Below is a shortlist of financial red flag indicators of unemployment fraud:
Unemployment payments are coming from a state other than the state in which the customer reportedly resides or works.
Multiple state unemployment payments are made within the same disbursement timeframe.
Unemployment payments are made in the name of a person other than the account holder or in the names of multiple unemployment payment recipients.
Numerous deposits or electronic funds transfers (EFTs) are made that indicate they are unemployment payments from one or more states to people other than the account holder(s).
Higher unemployment payments are seen in the same timeframe compared to similar customers and the amount they received.
Stay tuned for additional sections to come on the 2021’s ‘Dirty Dozen’ Tax Scams list.
