Tag Archives: Computing Technology Industry Association Inc.

About 1158 days ago Smartphones and PDAs

Cell Phones: A Security Risk to Your Business?

our beautiful site

Last July, Charlie Miller, a professional hacker, announced from the stage of an IT security conference that he could hack any iPhone in the world by text message. “That was a demonstration, it never really happened in the wild,” notes Jamie De Guerre, CTO of Cloudmark, which provides messaging security for mobile and fixed-line companies. No actual iPhone users were harmed in making Charlie Miller’s point, and Apple patched the vulnerability shortly after he announced it. But other cell phone users have been less lucky. The Sexy View worm, so dubbed because it sends a text inviting users to look at sexy pictures, targets some Nokia phones. If a hapless user tries to look at the pictures, it will take over the phone much the way a botnet takes over a computer, and then send itself to the entire contact list. So far, De Guerre says, Sexy View has been more of an issue in Asia than in the United States. But it seems only a matter of time until security issues begin affecting American cell phone users as well. “The thing to understand is that smart phones today have all the power of a full computer,” De Guerre says. “They can have a 1 gigahertz processor and hundreds of megabytes of RAM. So all the same types of attacks that could happen to a computer can happen to a smart phone.” These attacks include intrusions (such as Charlie Miller’s hack); viruses and other malware; phishing for passwords and other information; theft of data stored on or sent to or from the phone; and spam. And the phones’ new capabilities bring their biggest vulnerabilities. “Social media is expanding to mobile devices,” notes Martha Vazquez, senior research analyst in the Network Security practice at consulting firm Frost & Sullivan. “While this is a great way to market your business, many threats are attacking these sites and it’s common to find a malicious URL link. SMS messages are another very common way to receive malware.” What should a small business do? It’s obviously impractical to ask employees to give up their cell phones, or return to the quaint old days of using them only for phone calls or the occasional photo. But there are smart policies and practices that can help you keep cell phones out of harm’s way. Here are some steps to consider. 1. Insist on password protection. “The simple act of enabling a password or PIN number on a phone can save you a tremendous amount of hassle,” notes Randy Gross, CIO at CompTIA, a trade association for the IT industry. “You may be able to set security on the phone so that if someone tries the wrong password a certain number of times, the phone is automatically wiped. That can protect your data.” 2. Use encryption. While password protection is a good step encryption is even better, and a good way to secure data stored on cell phones. “A 16-gigabyte phone can contain a lot of information,” Gross notes. “With the right security software, you may be able to remotely wipe the phone if it is lost or stolen.” 3. Stay up to date on operating system patches. “Whenever the phone maker releases new patches or new versions of its operating system, make sure you have the latest version on your device,” Gross advises. 4. Use antivirus software. “Small businesses must treat mobile devices as they would their PCs by installing security software and keeping it up to date,” says Khoi Nguyen, group product manager, Mobile Security Group at Symantec. “This will protect the device from new variants of viruses and other malware.” 5. Warn users about malicious sites and phone numbers. Cell phone users can be their own worst enemies so make sure they know what not to do. First, if they receive an unsolicited SMS text, even if it appears to come from someone they know, they should avoid clicking on links contained in the message. These could lead them to malicious websites where the phone might be infected with malware. Second, and less obvious, users should never call a phone number that arrives in an unsolicited text message, even if the message appears to come from the user’s bank, employer, or cell phone company. Instead, users should find the bank or employer’s number independently to make the call, otherwise, they — or you — might wind up paying for a premium call. 6. Educate users about phishing. Some of the most successful phishing attacks in recent times have affected Twitter, often when users accessed the site with their smart phones. Make sure users know not to input their passwords or other personal information to any site or service unless they navigated there themselves, as opposed to following a link in an email or text. The same goes for any phone call where the user did not find the number independently, for instance by visiting a company’s website or looking it up using directory assistance. 7. Shut out unknown Bluetooth devices. Have you ever been in a public place and found that your phone’s Bluetooth was trying to connect to an unknown device nearby? Although many people think of Bluetooth as a neater alternative to a physical wire, in fact it creates a personal area network, and like any network, it will recognize appropriate devices within its range. This can let in malware, though, for example, a virus called CommWarrior that infects some phones via Bluetooth, as well as other ways. “A phone’s Bluetooth setting is on by default, so it needs to be turned off, or configured for a specific device or headset,” Nguyen says. “If not, it will look for other Bluetooth-enabled phones, which could result in malware being loaded on the device.” 8. Be wary of open Wi-Fi networks. It’s easy to forget, but many smart phones also work on regular WiFi networks. Users should be aware that when they join an open WiFi network, nearby eavesdroppers may be able to see the data they send and receive, such as email. “Make sure before you join that it’s a network you know and trust,” De Guerre advises.

About 1787 days ago Tools on Managing Technology

Beware of IT Certification Scams

our beautiful site

IT certifications are one way to distinguish between well-trained job candidates and prospects whose skills on specific hardware or software aren’t quite up to par. At least that’s the way it’s supposed to work. In recent times, however, an overabundance of certifications and widespread cheating on exams caused in part by lax security at testing centers have tarnished IT certifications’ reputation in the eyes of many human-resources executives and hiring managers. “It’s a big problem,” agrees Don Sorensen, marketing vice president at Caveon, a Salt Lake City test security company. He says there are “literally hundreds” of so-called “braindump” websites that share or sell test questions. According to a 2007 report from the Association of Test Publishers, of 101 IT vendors and certification test centers surveyed, slightly more than half said that 46 percent or more of their IT certification tests had been copied, stolen or breached in some other way in the recent past. Some test givers said their new tests could be found on braindump websites within a month of being published, and in some cases, as soon as two days, according to the report. Industry groups, testing centers, test security organizations, and individual companies are taking steps to curb cheating and spiff up the image of IT certifications. One of them is Cisco Systems, which as of April 2008 had issued 1 million certifications to IT professionals — working at small, medium, and large companies — who take courses and pass tests on routing and switching, network security, and storage networking, among similar topics. “In the past we’ve done a lot to protect the integrity of our certifications, but we haven’t talked about it much,” says Fred Weiller, Cisco’s marketing director for career training and certifications. “Now we’re on a communications campaign to explain how we protect certifications. Our goal is zero cheating, zero trade offs.” Industry taking action The actions Cisco is taking to keep certification test questions from falling into the wrong hands reflect steps other companies and industry associations are taking as well. They include: Limiting the number of test vendors they work with to one, PearsonVUE, a global testing company. Dumping paper-based tests in favor of computer-based tests, which allows test companies to analyze data to flag individuals whose scores or behavior indicate something’s fishy. “We can ban some candidates for life,” Weiller says. Constantly monitoring security at testing facilities, to check test results for trends that might indicate cheating is going on. Photographing test takers to ensure they aren’t using proxies to take tests for them, then making photos available to HR and hiring managers “to prove they’re interviewing the person who took the test,” Weiller says. Changing tests so they’re more difficult to memorize or reproduce, by including for example, simulations that force candidates to draw network diagrams rather than answer multiple-choice questions. In addition to cheaters, certifications have lost some of their luster because there are so many of them. Cisco and Microsofthave issued more than 3.25 million certifications since the early 1990s. That’s when IT vendors first began using certification tests to document that employees were proficient in using newly released software programs. The Computing Technology Industry Association, another IT trade group, has issued 1 million certifications in its lifetime, and vendors such as Novell run certification programs too. There’s a reason why software developers, network managers and other IT professionals like certifications so much some are willing to cheat to get them: a fatter pay check. A network analyst with a college degree, experience on the job and a certification earns $74,285 a year, compared to $66,000 without certification, and $61,200 with neither certification or past job experience, according to the March 2008 IT Skills and Salary Report, published by Global Knowledge, an IT training company, and TechRepublic, an IT online magazine. How to protect your business What else can small and mid-sized businesses do to make sure they’re not hiring or promoting cheaters? Just as there’s a difference between Harvard and your local community college, not all IT certifications are equal. The highest-valued certification programs are the most in demand, command the highest salaries, and are most relevant to the job. Pay attention to how often a certification needs to be renewed. In a profession where hardware and software updates happen yearly or more often, how relevant is a certification someone got 10 years ago? Look at how self-critical a re-certification program is. “The rigor they put on their customers to stay on top of the technology is key,” says Erik Ullanderson, Cisco’s global certifications manager. Don’t base hiring decisions solely on a candidate’s certification. Connie Shaw, is HR director at Tyler Technologies’ EDEN Division, a Renton, Wash., business that sells utility billing and other software and services to cities and local governments. A portion of EDEN’s 170-person staff are project managers, technical support crew and Website or software developers. “When I’m recruiting it’s not just about a person’s education, background, experience and fit,” Shaw says. “It’s important to evaluate all those factors and then make your decision.”

About 2000 days ago Computer Security

The Offsite Office: Manage IT with a Remote Staff

our beautiful site

Alvin Toffler was right. The literati’s most famous futurist nailed it back in 1980 with the publication of The Third Wave, the best-selling book that at the time made the bold prediction that we’d all one day gravitate towards what he called “the electronic cottage”. Toffler’s vision of a home-centered workforce enabled by a word that would take 20 more years to work its way into our daily lexicon – telecommuting — read like science fiction at the time. Now, it is as ubiquitous as microwave ovens and minivans. What Toffler wasn’t able to explain at the time was how it would all work from a technological standpoint between boss and employee. Twenty-seven years later, with three quarters of small to midsize businesses managing at least one employee or more remotely according to the Computer Technology Industry Association (CompTIA), those details are still being worked out. For example, a recent CompTIA report found that 80 percent of organizations now allow data access to the company network by mobile workers. However, only 32 percent have some sort of security training for those employees. By far, security is one of the greatest concerns facing small to mid-sized businesses that on average have at least 10 percent of its staff working from somewhere else, the study found. But, that’s not the only challenge. There’s also IT support, issues of who supplies the equipment and connection, and which technologies are best-suited to accommodate both the employee and employer. Outsourcing IT support “If you’re going to formally allow it, you have to be able to support it,” says Mark Tauschek, a senior research analyst from Ontario, Canada-based InfoTech. Most small to midsize businesses tend to have a very small or even no full-time IT staff. At the same time, employees working remotely also tend to work at odd hours especially if they’re logging in from other time zones. This means it’s absolutely essential to provide 24/7 tech support even though its virtually impossible for most smaller companies to provide it. The solution: outsourcing tech support. Advantages: There are many tech support vendors available. Depending on the size of the company and the complexity of its needs, pricing is very competitive and is usually packaged offering different levels of support. It can be as simple as a 24-hour call center functioning as a round the clock help desk. It can scale up to a remote access support vendor that not only supports users, but that lone IT staffer in-house who needs help remotely changing access levels, settings, and configurations. Disadvantages: There are many tech support vendors out there. However, like anything else, you get what you pay for. So buyer beware: bad support is no support. Also with outsourcing, there is always a loss of control and less understanding of the employee’s needs and the priorities of the business. Bottom line: the IT staffer is going to do a better job, provided he or she exists in the first place and is on the clock when problems occur. Also in the case of a remote office, chances are any company big enough to have a remote office is also big enough to have a decent size IT staff. At that point, maybe the company can provide its own tech support. At the very least, send someone out to make a routine house call at least a couple of times a year. Let the employee supply the connection In most cases, work from home employees supply the gear and the connection and just log in. Chances are they have it all set up anyway for their own after hours personal use. ”It’s not like 10 years ago, when there wasn’t the kind of high bandwidth connection available at the consumer level. Back then, employers had to supply the T1 lines to ensure executives had the access speed to get their work down,” says Todd Carter, author of the Wireless-All-in-One Desk Reference for Dummies. Those days are gone, so why reinvent the wheel? Advantages: Let the staffer’s Internet service provider of choice service the connection. Work it out in advance to either come up with a fair split of the bill deciding what’s appropriate to expense back to the company. Another option for a willing employee is to just take the write-off of an un-reimbursed business expense and call it a day. Disadvantages: The biggies are loss of control and security risks. If the employee is providing their own gear and connection to dial-in, the company has no say in what technologies are being used and may not be happy with how well they integrate with the company network. Even with a secure VPN, allowing someone to dial-in with their own connection and their own gear is a security risk opening the door to viruses, worms and other “weapons of mass disruption” that can wreck havoc. Business owners may save a few bucks from letting the employee pick up the tab, but pay more heavily in the end by not keeping it clean separating work gear from home gear. Best technology: SSL VPN It’s a given that the connection between a home office or remote office and the company network has to be secure. And there are many options to choose from these days. The simplest and increasingly popular choice is a Shared Socket Layer (SSL) Virtual Private Network (VPN). Advantages: It’s relatively inexpensive, web-based (and therefore a user can login from anywhere with a login and password for security), and it’s encrypted to boot Disadvantages: An SSL VPN is only as good as the vendor selling the service. They also tend to be one size fits all. An SSL VPN may not be the best choice for a business with industry specific security needs and other kinds of specializations (like the financial industry or health care). For some organizations, other types of in-house VPNs maintained by the IT staff or a wide area network (WAN) may be the best way to go. Deciding factors and conclusion It really boils down to the size of the company and its capacity to handle IT support for remote staff. Cheap outsourcing solutions, employee-provided connections and gear, and a Web-based SSL VPN are likely the most sensible options for the at-home worker. In-house support, perhaps combined with a help desk vendor, along with a WAN connection from the main office may be the most responsible choice for a remote office with multiple employees. SIDEBAR: Remote Access Solutions There are a whole host of companies online offering remote access services. Most are modestly priced with some costing as little as $10 a month. Functionality is generally tiered with stripped down versions for the user who just wants to do simple things like shift around documents or use certain applications from a distance to more sophisticated features for IT professionals who need to take control remotely of a computer and troubleshoot problems or change configurations.  Here are a few companies to check out: GoToMyPC  is an increasingly popular online start-up company that offers remote access to any PC. Services are tiered for single users up to corporate accounts that can accommodate up to 50 users. This is a handy solution for road warriors who need to access their work computer remotely, as well as IT professionals who need to take remote control of an offsite employee’s computer for maintenance or to fix a problem. Dell Computers  If the business uses Dell computers or is contemplating making the investment, then look no further for a remote access vendor. It’s just one more service Dell now bundles into the sale (for a price, of course). Instead of frustrating calls with tech support describing the problem and then being walked through the solution by a faceless techie over the phone, Dell support can simply take control of the PC and fix the problem keystroke by keystroke on their own. LogMeIn Similar to GoToMyPC, LogMeIn not only offers remote access tech support, but remote automatic backups and instantly configured VPNs connecting multiple PCs.

About 2153 days ago Telecom and Wireless

VoIP: What Are You Waiting For?

It may just be time for small and mid-sized businesses to get over their fears when it comes to Voice over Internet Protocol (VoIP). Early concerns kept many businesses from dropping traditional landline telephone service and signing up for Internet telephony in droves. A survey in January of 350 businesses with fewer than 500 employees found that only half trust the security offered today by Internet telephony providers, according to the Computing Technology Industry Association, a technology industry association. Small business concerns with VoIP involve quality of calls, reliability of service, and access to 911-emergency services from VoIP telephones. The issue concerning 911 calling exists because VoIP calls provide no geographic location information to emergency responders since they use an Internet connection, making the caller’s whereabouts hard to pinpoint in the event of a crime, fire, or other emergency. But the marketplace has responded with a wide range of business-grade VoIP and hosted-IP telephony products. Today’s offerings promise better sound quality with more functionality, flexibility, and cost savings. Why is it the right time for your business to consider VoIP? Here are a few reasons: 1. Mobility and flexibility “VoIP has great mobility features,” notes Ward Ross, principal with Hinsdale, Ill-based telecommunications consultant Thompson, Ross and Associates.  Because VoIP phone service uses Internet lines, “You can take your phone anywhere in the world, have the same phone number, and be able to access your calls.” Small businesses with multiple offices “can appear as one office and have system transparency,” he notes. In addition to this mobility, VoIP has the flexibility to integrate with other Internet-based services in ways a traditional telephone cannot. These include telephony during video/Web conferencing presentations, calendaring, or data file exchange. 2. Saves money Beyond its superior flexibility, VoIP saves businesses money. Depending on the service you choose, you may be able to avoid paying for both broadband and telephone services — or significantly scale back your telephone bills. Some providers allow you to buy broadband service and then calls over that broadband line are free. VoIP long-distance or international calls carry minimal charges, ranging from none to low. In addition, many VoIP providers, unlike the local phone company, offer three-way calling, call forwarding, auto redial, and caller ID without any additional charges. Services run the gamut from free computer-based calling — such as Skype — to services that better simulate the telephone experience, such as Vonage, which offers small business service for as low as $39.99 per month. While IP telephony systems can involve a major investment in hardware and IT staffing, there are also new hosted-IP telephony options available for small businesses. These include Aptela, costing $19.50 per user, MailStreet Voice at $39.95 per month, or the Asterisk business edition (using Asterisk open-source IP telephony), which is sold by Digium at $995. 3. Quality problems addressed While open-source or lower-priced VoIP services still may fall prey to poor sound quality, such as “jitters,” echoes, or out-of-order voice transmission, an entire range of business-quality services has emerged. Providers such as Avaya and Cisco use Ethernet devices called IP-PBX systems to improve sound and data-transmission quality of VoIP service. These can also safeguard against the effects of power outages, which can knock out VoIP service but not necessarily traditional phone service. 4. Security issues are being tackled Initial fears about the security of VoIP are waning, as more product lines offer ways to secure the lines. Companies like Avaya, Cisco, and Nortel all offer products with heightened security. John Gray of Nortel’s enterprise strategy marketing group, says that Nortel has taken a “layered approach” to security in its products, offering VoIP solutions that include firewalls, intrusion detection, and virtual LANs to protect multimedia VoIP uses. In addition to selling its solutions to VoIP carriers, Nortel offers its own line of small business options, notes Gray, including a new IP-PBX product with IBM. But Ross believes the security issue just might be overrated. “Is your present telephone system encrypted? I don’t think so,” he says.  Eavesdropping and wire-tapping of traditional telephones is actually much easier than to do than with VoIP, he says. “I don’t think this is as big a deal as people make it out to be,” he says. 5. Emergency calling options With regard to 911 services, Ross says that most VoIP providers have worked through the problem of failing to offer emergency responders location information about VoIP calls by registering the location of its users when they subscribe. The biggest problem remaining, he says, is the use of Softphones, a specific phone designed to carry VoIP calls that remains difficult to detect. “This is something they’ll need to deal with,” he says. Nonetheless, most small and mid-size businesses need to consider these developments in the marketplace in quelling their fears of VoIP so that they can finally take the plunge.

About 3339 days ago Computer Security

Safe Specs

The way the security-industry experts see it, if you’re a small-business owner, Internet security is your problem. Not your IT department’s problem. Your problem, and your responsibility. That doesn’t mean you, as CEO, must fiddle with the actual nuts and bolts protecting your valuable information. But it’s in your best interest to understand what’s at stake, help craft an overarching strategy, and stay on top of security initiatives — just as you would with any other major activity in your company. Following are three suggestions for doing that. 1. Make security a business priority. The National Cyber Security Summit Task Force, an industry group, recently issued a “Call to Action ” urging companies of all sizes to help “strengthen America’s homeland security” by taking a comprehensive, high-level approach to shielding their systems. “Information security is not only a technical issue, but also a business and governance challenge,” says the report, which suggests specific security-related tasks for CEOs and other top executives. “Effective security requires the active engagement of executive management to assess emerging threats and provide strong cyber security leadership.” That approach is at least as important for small companies as big ones, says Larry Clinton, chief operating officer of the Internet Security Alliance , a nonprofit trade association based in Arlington, Va. However, he continues, many SMB owners don’t understand just how vulnerable their companies may be. According to ISA research, SMB executives generally feel they’re safer than their Fortune 500 brethren when it comes to network break-ins, crippling virus attacks, and other security breaches. That’s a dangerous misconception. In fact, most hackers are equal-opportunity intruders, meaning they scan the Internet for any available security loophole, whether it’s at a global financial institution, a midsized manufacturer, a local retailer, or a home-based business. Viruses and Internet worms don’t necessarily target companies of any particular size, according to the ISA and other organizations specializing in online security . But because small enterprises often have less stringent security than large corporations, Clinton says, they often get hit more frequently. Case in point: The Mydoom worm (and several later spinoffs) that flooded the Internet in January 2004, slowing servers and, in some cases, installing programs that could allow outsiders to penetrate systems, steal information, and remotely control computers. “One in three small businesses was affected by Mydoom,” Clinton says. “For larger companies, it was one in six.” And the damage may be proportionately more severe for SMBs, says Clinton, who recently testified about SMB issues at a U.S. House of Representatives subcommittee hearing on improving public awareness about cybersecurity measures. “Large companies can afford to take some hits,” he points out. “Smaller ones have smaller margins. A major outage or million-dollar damage can put them out of business.” Substandard or outdated security also puts SMBs at greater risk from targeted attacks from, for instance, disgruntled former employees or shady competitors. For that reason, small-business CEOs “need to understand that, in today’s world, their security plan is just as important as their marketing plan,” Clinton says. “It’s now an integral part of their business. They don’t need to do the work themselves, but they do need to have it in their business plan.” 2. View and treat security as a work in progress. New threats keep evolving, as do new solutions for combating them. Among the latest at this writing are browser-based attacks , which rose 25% between 2003 and 2004, according to the Computing Technology Industry Association . Those attacks involve harmless-looking websites that are actually booby-trapped with malicious code that crashes visitors’ browsers, sabotages their computers, or lets attackers access sensitive or confidential information. For that reason, it’s important to realize that security is always, always a work in progress: “The idea that ‘I just bought security software, so now I’m safe for the next four years’ is a fallacious one,” Clinton says. The growing use of wireless networks, instant messaging, and other new technologies creates new security risks. SMBs must also constantly adjust policies and practices to cope with threats and keep employees, contractors, and customers posted on those changes. One widespread example: Many companies now restrict or ban the use of e-mail attachments, which can carry viruses. 3. Start with the basics — but don’t stop there. First, if you haven’t already done so, take those simple low- and no-cost steps that security experts have drummed into our heads for years: Choose hard-to-guess passwords and change them often. Back up all important data frequently. Use and update virus-scanning software. In addition, disseminate security best practices. For example, encourage employees to turn off their computers or disconnect them from the Internet when they’re not in use. Limit access to sensitive and confidential information. Enlist managers in making sure unused e-mail, voice mail, system access, and other accounts are shut down as soon as workers or contractors leave the company. (For more recommendations, see ISA’s free, downloadable SMB cybersecurity guide . Written specifically for small-business entrepreneurs and executives, the 37-page PDF includes actual case histories as well as advice. Meanwhile, develop a business-oriented security plan. A free downloadable Cisco Systems Inc. report , What You Need to Implement a Network Security Solution , recommends considering the following strategic questions as you do: Government regulations, industry standards: If applicable, what must you fix to comply? Customer protection: How can you safeguard individual and corporate customers’ confidential information — and how can you assure them that it’s protected? Risk level: What are your most mission-critical applications? What do you see as an acceptable level of risk? Corporate policies: What in-house rules will you establish? How will you monitor and enforce them? Finally, keep in mind that nothing is ever 100% safe. Your best bet is to aim for flexible, scalable, well-integrated approach to security so that when problems arise — and it’s smartest to assume that they will — you can respond quickly and minimize the impact. With that in mind, security expert Tom Kellermann, senior data risk manager for The World Bank in Washington, D.C., suggests in his “Electronic Safety and Soundness” guidelines that you approach any security initiative with three sobering axioms in mind: Attacks and losses are inevitable. Security buys time. The network is only as secure as its weakest link. Websites with Information Security Information Internet Security Alliance Resources include Common Sense Guide to Cyber Security for Small Businesses , a free downloadable 37-page PDF file with information and real-life examples. National Cyber Security Alliance Resources include an online beginner’s guide to Internet security threats and a quick online self-test to help determine your organization’s vulnerability. Also maintains a user-friendly security glossary . National Cyber Security Partnership Resources include an online CyberRisk profiler and a risk checklist , both designed to help visitors pinpoint and improve their company’s security weaknesses. U.S. Computer Emergency Readiness Team (US-CERT) Resources include the National Cyber Alert System , part of the U.S. Department of Homeland Security; system provides updates on Internet security threats. Additional Online Resources Overview of Internet attack trends , from the CERT Coordination Center at Carnegie Mellon University Information on the federal government’s National Strategy to Secure Cyberspace , part of the larger National Strategy for Homeland Security CSO (Chief Security Officer) magazine resource center Seven simple computer-security tips for small-business and home-computer users, form the National Infrastructure Protection Center Vendor Resources Microsoft Corp.’s e-Security Guide for Small Businesses . ServGate Technologies Inc.’s white papers on network security, spam control, and virus protection Cisco Systems Inc.’s white paper, What You Need to Implement a Network Security Solution, a seven-page PDF file VeriSign Inc.’s Internet Security Intelligence Briefings , updated periodically with information about fraud and attack trends