An employee of Boca Raton-based ADT Security Services had access to streaming security camera footage from inside homes of hundreds of the company's customers, according to a federal lawsuit filed Monday, May 18, 2020.

(Joe Cavaretta/Sun Sentinel)

At least 220 Dallas-Fort Worth families were spied on in their homes by an ADT employee who hacked home security cameras in the area, according to the security company.

Two class-action federal lawsuits were filed Monday against ADT, which is one of the largest security companies in the country. One suit was filed on behalf of ADT customers and the other represents those who were spied on in those customers homes.

In April, aDFW customer discovered an unknown person had access to their ADT security camera. After an investigation, ADT found an employee had access to hundreds of customers accounts and had been watching people in their homes for seven years, according to the lawsuits filed in the Southern District of Florida, where the company is based.

I am just horrified that a company that holds itself as the number one security option allowed this to happen, attorney Amy Carter said. They gave access to someones home when they were seeking additional security.

In a statement, ADT said the company reported to police in April that an employee gained access to 220 accounts in the Dallas area. A spokesman said the company put measures in place to prevent this from happening again, but did not expand on what those measures were. The employee has since been fired.

We deeply regret what happened to the 220 customers affected by this incident and have contacted them to help resolve their concerns, the statement said. We are supporting law enforcements investigation of the former employee and are committed to helping bring justice to those impacted by his improper actions.

In late April, ADT started to contact customers and tell them what happened. The company offered confidentially agreements to customers in exchange for monetary payments, according to the lawsuit.

One of those customers was DFW resident Shana Doty, the plaintiff in the first lawsuit.

ADT told Doty over the phone that the technician who worked on her indoor security camera system had granted himself remote access and had spied on her, her husband and her minor son an unknown amount of times, according to the lawsuit. Based on the position of the wide-angle camera, the technician would have been able to see the family members in their bedrooms in all of their private moments.

Other customers got the same call. One worked for Homeland Security and had a teenage daughter, who had also been viewed on the camera. Another was a mother who found out she and her daughter had been spied upon in the nude and their most private moments, Carter said.

Carter said they do not know where all the affected customers live, but they believe most of them are in the DFW area, south of Interstate 30. That area includes Fort Worth, Dallas and Arlington. Carter said they believe up to 400 households could have been hacked.

Flawed security system

The technician was able to give himself access to peoples cameras and homes because ADT did not set up simple security protections, Carter said.

The technician would add his email onto customers accounts in the ADT Pulse app when he installed or did work on a camera, the suit said. ADT did not have a dual security system in place to notify customers when an email was added. The technician was not only able to spy on households in real time, but he was also able to review previous footage, download clips and upload them to the internet, according to the lawsuit.

This was the system and policy they had set up nationwide, fellow attorney Matthew McCarley said. We dont feel very confident at all this hasnt happened elsewhere.

ADT serves 7.2 million residential and business customersin the U.S. and Canada, according to the companys website.

Carter said the FBI is investigating the employee, who was identified as Telesforo Aviles in the lawsuit. DeSoto police were also involved in the investigation, she said.

The lawsuit is asking for more than $5 million in compensation.

McCarley said ADT customers should verify who has access to their cameras and double check no one else has email access or permission to view footage.

We hope that based on the facts of the case that ADT will take this seriously and get this resolved as soon as possible, McCarley said. Because a lot of people have been hurt. The invasion of someones privacy you cant get that back.

2020 the Fort Worth Star-Telegram

Visit the Fort Worth Star-Telegram atwww.star-telegram.com

Distributed byTribune Content Agency, LLC.

Read more:
Former ADT employee spied on hundreds of Dallas area families for 7 years, company says - SecurityInfoWatch

The Total Home Comfort and Security Bundle is a high-end home security and automation kit from Ecobee. At $499, it's expensive -- closest to theNest Secure Alarm System in terms of style and price. But it's a solid system that makes efficient use of each device and automates settings for you based on your phone's location so you don't have to remember to set arm or disarm modes. The system works with Alexa and Siri.

Ecobee doesn't offer professional monitoring (yet) and you have to pay for the company's optional Haven subscription serviceto use the auto-arm/disarm feature called Autopilot, as well as access the camera's 14-day video clip storage in the Ecobee app.

Still, I like this system and recommend it, especially if you want -- or already have -- an Ecobee thermostat or other Ecobee devices.

Ecobee got its start making smart thermostats. Its most recent model, theSmartThermostat with voice control, is our current favorite thermostat. The SmartThermostat has a built-in Alexa speaker that also works with Google Assistant and Siri commands.

But the company has branched out in recent years to offer a smart light switch, device accessories like ambient temperature sensors -- and now home security devices.

Amazon helps fund Ecobee, whose thermostats compete with Google's Nest models.

Ecobee's $499 Total Home Comfort and Security Bundle includes one $249 SmartThermostat with voice control, one $179 SmartCamera with voice control, two SmartSensors for doors or windows (also sold in a $79 two-pack) and three temperature SmartSensors (also sold in a $79 two-pack). All of those devices sold individually would clock in closer to $600, so you're technically getting a deal with this home security and automation bundle. If you already have the thermostat (which comes with one SmartSensor), Ecobee does sell a Home Security Bundle for $279 with just the camera, two door or window sensors and two temperature sensors.

If you opt to design your own system a la carte, keep in mind that you do need either the Ecobee SmartCamera or the SmartThermostat to use the SmartSensors on doors or windows.

Like the Ecobee SmartThermostat, the SmartCamera has a built-in Alexa speaker. The system's door and window sensors can track motion (a person walking by) as well as movement (whether the door is open or closed).

Nest's $399 Secure Alarm System starter kit includes a keypad hub, two key fobs and two motion-and-movement-sensing door or window sensors. Nest's keypad hub, called the Nest Guard, has a built-in Google Assistant speaker.

Despite a different combination of devices (Ecobee's system doesn't have a keypad and Nest's doesn't have a camera or doorbell, although you could scale up by adding those Nest devices), they followed a similar pattern with door and window sensors that double as motion sensors and security devices that also offer integrated voice assistants.

Setting up the Ecobee system starts with downloading the Ecobee app and creating an account. Hit the plus sign in the top-right corner of the main screen to add each new device. Ecobee makes it easy by asking you to scan QR codes on the devices, guiding you through the process step-by-step to name your product and get it online.

The thermostat is a bit more time consuming to install. (I go into more detail on that installation in the SmartThermostat with voice control review.) In general, if you have questions about your home's electrical setup, consult a professional electrician before you get started -- or hire an expert installer to do it for you.

Follow the simple steps to connect each device.

Now playing: Watch this: Ecobee's new thermostat is part Alexa speaker

1:21

You can't do much if you don't pay for the optional Haven service. Basically, you can view the SmartCamera's live feed -- and that's about it.

With Haven, which starts at $5 per month for one SmartCamera (or $10 per month for multiple SmartCameras), you get 14 days of saved cloud storage clips and Autopilot, a cool feature that arms and disarms the system -- and turns the camera on and off -- based on the location of your phone. If you add other family members to the account, Haven will also track their location, so the system won't arm if you leave but another family member is still at home. You also get alerts when motion is detected or a door or window is opened or closed. (Nope, that doesn't come standard with the system unless you pay for Haven, although Ecobee tells me this will change "in the next month or so.")

Haven doesn't include professional monitoring, either. It's more of a cloud storage subscription plan that also happens to include the ability to arm and disarm the system, the auto-arm/disarm Autopilot feature and alerts. I find this combination of free versus fee-based Haven services disappointing, since the basic ability to arm or disarm a system yourself manually and alerts are typically free.

For that reason, I wouldn't buy these Ecobee devices unless you plan to pay for Haven.

The devices themselves work extremely well. The motion and door and window alerts were responsive, the camera's live feed was crisp and the temperature sensors and thermostat add an additional layer of motion detection for the rest of the system. With Autopilot enabled, the system successfully armed when I left home and disarmed when I returned. If you don't like the auto-arming and disarming, you can adjust the settings in the app for manual arming and disarming.

The camera's built-in Alexa speaker doesn't help much with the security camera-Alexa integrations, since you'd need an Alexa-enabled smart display to pull up the live video feed or have a two-way talk conversation, but it can handle the same basics as any other Alexa speaker -- general questions, games, music and smart home control.

I don't have an Amazon-branded Alexa device to test out whether the Echo Spatial Perception (ESP) feature works with the SmartCamera, although Ecobee tells me it does have ESP.

It's also important to consider a company's privacy statement and security policiesbefore buying a device or service. You can check out Ecobee's privacy policy here. Ecobee requires two-factor authentication for SmartCamera customers; it's optional for everyone else.

The complete system costs $499, not including the optional Haven subscription fee, starting at $5 per month.

The Ecobee Total Home Comfort and Security Bundle works well. I like that every device performs multiple functions, from temperature tracking to motion detection and live video streaming. The camera is well-designed, and its built-in Alexa speaker gives it more functionality than a standard security camera. I like the design of the app; it's user-friendly and easy to add new devices.

That said, Ecobee doesn't offer enough free features for this system to be used as a self-installed, self-monitored system. You can't even receive alerts or arm the system without a Haven subscription. So while Haven is technically optional in that it's a month-to-month contract-free service, you really do need it. If that doesn't bother you, this system might be for you. Otherwise, I'd look elsewhere.

Read this article:
Ecobee review: A Haven subscription is a must with this home security bundle - CNET

Leaving the house may increase your chances of contracting COVID-19, but working from home may make you more susceptible to another kind of virus. A computer virus. The cybersecurity firm RISKIQ predicts the coronavirus outbreak will give hackers one of their best opportunities in recent years to attack computer networks around the world.

There are many reports that hackers are busy targeting people working from home on their work computer and if you dont have someone from IT a few cubicles away youre it. Here are some things you should do the next time you fire up your computer.

One of the most important things is to keep your software updated. On just about any software you can click the help or support tab at the top of the page, and then check for updates. You might need to ask your IT person before updating. Most of these updates include security fixes to address any vulnerabilities.

If you seldom turn off your computer but just put it to sleep, get in the habit of turning it off at least once a week. When you turn it back on itll automatically search for and install updates on the operating system. This is especially true and important if you use a Windows computer. Enable 2-factor authentication. If you log out and then back on, youll have to allow the program or social media site to send you a text message to make sure youre you and not some hackers trying to access your accounts. Do this for any online account including Facebook, Google and even Netflix.

Its a hassle, I know. You can also pick up one of these security keys. This is a Yubikey. Insert it into a flash drive on your computer and anytime youre logging into certain accounts, you can just tap the key so it sees your fingerprint.

If youre on your work computer it probably has anti-virus and anti-malware programs. If youre on yours though, make sure you have something to protect yourself from viruses and malware. If youre looking for something good, free and safe, AVG guards against hacks and C-Cleaner scans your computer for problems and eliminates them. Malwarebytes focuses on malware searches for programs that could cause problems that youve accidentally downloaded from the internet.

The best thing you can do, is to be careful about any links you click, whether its on a website, social media site or in an e-mail. Dont click on anything without asking yourself, can I really trust it? But if youre working on your companys laptop or connecting to the companys network servers check with the IT department before downloading or installing anything.

See the article here:
What The Tech: Working from home security - KFDX - Texomashomepage.com

Everyone would like to be in a state of fat city when it comes to their safety and security. No one wants their safety and security to be compromised in any way. People get away doing some of the heinous crimes and committing foul play under ones nose and many times police cannot do anything much. It is so because there is a lack of sound safety and security systems.

To address the alarming rate of burglary, theft, robbery cases, a large variety of home surveillance systems comes as salvation.

They act as a crutch, hold down crime rates, and are most recommended when it comes to service, pricing, and some more inbuilt security features. Multi-faceted systems with Infrared detectors, window sensors, automatic sirens, recording features, and connectivity with Google and Alexa have helped you to pull through. They substantiate for the crime to a larger extent and are a crux for solving the first-degree murders. These products have undergone ballistic testing to meet customer expectations. One such system is Kangaroo that puts home security within your reach.

In this article, we will consider the following topics:

Lets dive in to see the nuts and bolts of Kangaroo.

Kangaroo keeps your home safe and provides ultimate protection to your data. All the products are sophisticated, easy to set-up, and use. In short, they give due respect to your money. Kangaroo is one state of the art and second to none system that is affordable and provides video surveillance as well as remote management by mobile app for convenient control.

Some of the Kangaroo products are Doorbell Camera, Free Privacy Camera, Free Home Security Kit, Motion Sensor, Water Climate Sensor, Motion+ Entry Sensor, Front Door Security Kit, etc.

Some of the basic Accessories that come handy with products are Roo Tags, Siren + Keypad, etc.

Privacy Camera

Safest security camera for your home. This comes up with features like 3x zoom and night vision. PDLC Privacy Shield Lens makes you monitor your home from anywhere. With one tap in the app, the lens gets transformed into an opaque shield providing visual verification and your privacy is protected.

Key Features of Privacy Camera:

Install Kangaroo Security App that keeps your home safe from disasters or break-ins.

Key Features of Home Security Kit

Motion Sensor

Wireless motion sensor detects any household disturbances and alerts everyone on phone or contacts emergency services.

Water + Climate Sensor

It can be used in basements, high-humidity areas or can be placed under a sink. It detects water, changes in temperature and humidity, and thereby sending an alarm to your phone.

Front Door Security Kit

This includes Doorbell Camera, two Motion + Entry Sensors, Siren + Keypad.

Roo Tags

It helps you switch between Arm and Disarm with a single tap of the Siren. It is ideal for guests, tenants, children, etc. for whom you want to provide limited access.

Siren + Keypad

It uses microphones and can be used with sensors to provide an audible household alarm when it is triggered. It works with frequencies between 3000-4000 Hz. Any sound below this range cannot be picked up.

However, Kangaroo ticks off the list plus additionally it provides some other bells and whistles that are as below:

With a professionally installed security system, someone from the company will expound you about all the available plans, type, and quantity of equipment that is right up to your alley. They may skew the equipment package if required. This will save hours and days of straining when it comes to the size of your home, the complexity of the systems, and your technical abilities. However, it can also result in paying a lot of money for a long-term contract costing 100$ or more (cost an arm and a leg).

While installing a DIY System like Kangaroo, it requires an activation fee and disposal of long-term contracts. It requires you to study and vetting of a device to install it properly and for its seamless operation. They have a step by step instructions laid out and phone support to make your job cushy.

DIY Equipment has been in use in recent years but they are too complex when it comes to fulfilling your security requirements. For a small condo with a few doors and windows, DIY can be fine. However, for more specialized needs, a professional company is to be bank upon.

Concerning the increasing rate of crimes, a robust home security system like Kangaroo comes to rescue as a barebone of protection. Any system, in general, in todays time, should entail at the bare minimum:

74% of survey respondents said that the home security system makes them feel safe.

A video doorbell is another most popular security product (18%) with a professionally monitored home security system.

Home security product ownership is most popular amongst 18-34 years aged persons with 41% owning a security system.

As challenges have advanced, so have the solutions. People are in the lookout for those systems that are keeping pace with the latest technology to meet growing needs.

In general, if you have to rate any home security as the best that will entirely depend on your needs and living situations.

Visit link:
The Most Reliable Home Security Solution - Global Banking And Finance Review

Escape to Round Hill Estate. Breathe in Napa Valley air and lose yourself in this private 21-acre St. Helena compound with 240-degree views overlooking world-class wineries such as Quintessa, Silver Oak, and Caymus, to name a few. Walking distance to Auberge du Soleil Resort and 10 minutes to downtown St. Helena. Completed in 2014 by Deikel Design and Development, the nearly 13,000 sqft estate includes a 10,000+ SqFt main residence with 4 ensuites, a detached 2-bd/2ba guest home, and a 1-bd/1.5ba guest cottage. Amenities include a 1700-bottle wine cellar, gym and steam room, infinity pool and spa, pool house with sauna, and multiple catering kitchens. Capable of running off the grid with 6 generators, private deep well water, vegetable gardens, and home security system. A boutique Cabernet vineyard can produce approximately 300 bottles of privately labeled wine each year. Round Hill Estate cannot be compared or replicated. It is truly unique and a one of a kind Napa Valley experience.

View Listing

See original here:
2 of the Most Expensive Homes for Sale in the Napa Valley - Kenosha News

The IT and security worlds that we once knew are now dramatically different, especially given the sudden shift to remote work. However, it's still important to consider the symbiotic relationship between the two, as they share a handful of notable similarities, as well as some differences.

As we've seen, remote work affects both IT and security in a multitude of ways that has forced nearly all organizations to define a new set of priorities and best practices that will serve them both immediately, as well as in the years to come.

Although often thought of as two distinct entities, an organization's IT and security teams have more in common than one might think. There's been a fundamental shift away from the historical silos, as well as a new approach to what constitutes an IT or security priority. Traditionally, something like managing passwords and general device security was thought to be one of either the IT or security team's responsibilities, but now these have almost all moved into the average employee's job description. As a result, IT and security teams are now able to shift their focus from mundane tasks to proactive and challenging job duties.

With the rise in cloud and SaaS security provided by the likes of Amazon, Microsoft and the companies that have emerged to support these ecosystems, the two departments will further integrate. With technological advancements and products and services now able to automate management, IT and security teams are often smaller but more experienced. Therefore, both are transitioning to "generalists," ultimately helping understaffed teams deal with end users while building macro-level IT and security puzzles without constantly worrying about the micro-level issues. It's likely the two will become more similar, accelerating further convergence and increasing collaboration.

Nonetheless, IT and security teams still have a long way to go and still have some differences. This is especially true at large organizations that typically aren't as flexible as their smaller counterparts, such as large financial institutions with traditionally siloed departments and segregation of duties with little to no cross-collaboration. Sometimes, this setup is due to regulation-imposed rules, but often it's a case of "we've always done it that way."

When separated and working toward different goals, a constant game of tug-of-war exists between IT and security departments when asking for and receiving organizational resources. With that in mind, should an organization focus more on business goals and initiatives by helping the security team? Or should it provide more resources to the IT team, which is more closely aligned to the end user? The answer lies within the organization's priorities and business goals, but we're seeing some industries troubleshoot better than others.

Security teams across the industry are severely understaffed as a result of the skills gap. Not to mention, we're witnessing many issues with security roles and responsibilities translating to the remote work environment.

SaaS can help mitigate some of these issues through automation, and large organizations are likely already working remotely in some capacity. However, small companies new to remote work are struggling. Instead of working toward securing new devices, home networks and VPNs, while also accurately communicating updates to the C-suite, understaffed security teams are preoccupied with new and constant attack vectors and often sign "blank checks" as a result.

Then again, some IT teams have become so reliant on physical security that they lack a proper remote work plan to begin with. Troubleshooting emails or login issues can be simple when addressing them face-to-face but trying to reach all the necessary parties remotely can be a time-consuming task and difficult to adequately address, even for an experienced IT professional.

One of the biggest aspects of the shift to remote work that an organization's IT and security teams often overlook is the mindset and the lack of technical knowledge of the end users. Reports show that end users are often the kryptonite to an organization's security, as they are often guilty of leaving devices unsecured, using easy-to-guess passwords or unknowingly clicking phishing links.

In addition to the lack of education or security reminders, employees are often afraid to admit that they either don't understand something or that they made a mistake. Therefore, IT and security teams need to remember to check in on the seemingly mundane, low-level security systems such as Wi-Fi connectivity, access management, multi-factor authentication or traditional firewalls. Though these can slip the mind of a security professional, they are basic security protocols that protect end users and organizations from significant attacks.

With this massive recent shift to telework, the resulting short-term and long-term ramifications are profoundly different as they relate to IT and security. Due to the rapid changes to the workforce, both teams are currently flying blind and the implementation of proper security protocols can be deprioritized to maintain as much of a "business as usual" mindset as possible.

This hesitancy only exacerbates the already unaddressed issue of being a step behind, instead of allowing teams to be proactive in their defenses. Whether it's a hardware device issue or using a remote desktop to fix a software issue, already understaffed teams have to tackle age-old issues with new challenges. The current state of affairs is likely to have long-lasting effects on IT and security teams. But given the current rapidly changing nature of the societal, political and security climates, it's difficult to determine how far reaching these effects will be, and exactly how they will manifest.

Organizations can install some best practices for their IT and security teams. The first is automation, as teams should enable software to handle tedious tasks and address baseline needs. Through this, small teams and organizations can scale while also allowing themselves to focus their time and resources on more complex problems and be prepared for issues that could arise at any moment. Automation also goes hand-in-hand with defining infrastructure as code, making it easy for any member of the team to see a complete history of a component and understand not only what choices were made, but when and why.

Another best practice, and perhaps the most important one, is more collaboration and convergence between IT and security. Despite the current global crisis and its impact on this industry so far, the evolution of technology and security is happening so quickly that it's hard for any individual or team to identify any foreseeable needs.

Remote work inherently makes it harder for organizations to clearly communicate among all their departments with different priorities, so there must be an increased emphasis on intra- and inter- team collaboration. If not, organizations and users will likely see many negative consequences of underdeveloped and lackadaisical IT and security.

About authorJonathan Meyers is the head of infrastructure at Cybrary. He is responsible for designing, maintaining and securing all corporate infrastructure including their security enablement platform supporting over 200 companies and 2.5 million users worldwide. He previously worked as a senior DevOps and senior operations engineer at Forcepoint (formally RedOwl Analytics) where he oversaw the operations and deployment of its hosted and on-premises UEBA e-surveillance product. Jonathan holds an information technology degree from The U.S. Military Academy at West Point.

More:
IT and security teams collide as companies work from home - TechTarget

Hundreds of customers of ADT Security Services were spied on through security cameras installed inside and outside of their homes, two US federal lawsuits filed Monday are claiming.

ADT, headquartered in Boca Raton, failed to provide rudimentary safeguards to prevent an employee from gaining remote access to the customers cameras over a seven-year period, a news release from the Dallas-based Fears Nachawati Law Firm states.

ADT notified customers of the breaches and then tried to pay them off if they agreed not to reveal them publicly, according to the suits filed in US District Court in Fort Lauderdale.

In a frantic effort to mitigate and hide its actions, ADT began a campaign to call all affected account holders and secure a release and confidentiality agreement in exchange for a monetary payment representing a fraction of the value of their claims, one of the suits says.

ADT did not immediately respond to requests for comment about the lawsuits. In April, the company admitted the breaches to the Dallas Morning News. A spokeswoman said the breaches did not reflect the values or ethics or our brand, adding ADT was disappointed and regretful.

The company said the breaches affected customers in the Dallas-Fort Worth region, one of its larger markets. ADT serves more than six million customers in the United States.

Alexia Preddy and Shana Doty, both of Texas, are named as lead plaintiffs in the suits, which seek class-action status in the expectation that hundreds of other potential victims will also come forward.

Preddy was a teenager when the Dallas-area technician who had installed their indoor security camera granted himself remote access by adding his personal email address to her account, Preddy claims. The employee then used that access nearly 100 times to spy on her and other household members in their most private and intimate moments, according to her suit.

Doty was alerted by ADT that the technician had used his access an unknown amount of times to spy on her, her husband and their minor son in their most private moments, she claimed.

The lawsuits accuse ADT of failing to fix large vulnerabilities in its ADT Pulse software application, leaving not only the lone Dallas technician but potentially countless other ADT employees with the ability to secretly open locks at homes and view security camera footage, the suit states.

It adds, The mental and emotional impact this revelation has had on every person receiving these calls from ADT is immeasurable. Moments once believed to be private and inside the sanctity of the home are now voyeuristic entertainment for a third party. And worse, those moments could have been captured, shared with others, or even posted to the Internet.

ADT Pulse is among the most advanced and expensive home security packages offered by ADT. It enables consumers to view their homes remotely and control their homes locks and security systems from a mobile application or web browser.

ADTs investigation revealed that an employee named Telesforo Aviles had access to more than 200 different customers ADT Pulse accounts for the last seven years, Dotys suit says.

Countless checks could have been in place to prevent or at least stop this conduct, it said. Instead, the breach was revealed when a customer reported a technical issue and inadvertently revealed the unwanted third-party access.

The suits each seek more than US$5mil (RM21.72mil) plus interest and costs.

They arent the first accusations that ADT failed to protect its security systems from unwanted intrusions. In 2017, the company agreed to pay US$16mil (RM69.52mil) to settle class actions suits in Illinois, Arizona, Florida and California claiming it systems were vulnerable to hacking because the company failed to encrypt them. The Sun Sentinel (Fort Lauderdale, Fla.)/Tribune News Service

Read more:
US home security company employee spied on customers for years through their cameras, lawsuits claim - The Star Online

COVID-19 has impacted the work-life of millions, including cybersecurity professionals. Although good cybersecurity is built on anticipating threats and defending against what could happen, no one expected the total upheaval to everyday work structures. Cybersecurity teams are challenged to protect networks, devices and data accessed remotely while working remotely themselves.

(ISC)2 conducted a survey of cybersecurity professionals to learn how COVID-19 and stay-at-home orders have impacted their work lives, as well as some of the issues in securing a remote workforce.

The goal of the survey was to take the pulse of the cybersecurity community as many of their organizations began to shift their employee bases and operations to remote setups in March and April, said (ISC)2 COO Wesley Simpson in a formal statement. In conjunction with the survey results, (ISC)2 released a webinar looking at what has been learned so far from COVID-19 from a security standpoint.

Three-quarters of the 342 respondents said their job has changed since COVID-19 came on the scene, with 35% stating that their cybersecurity job duties changed significantly. One of the biggest changes is the work-from-home mindset, and nearly half of the respondents said that at least some of the change included being moved from some or all of their security tasks to help out with other IT-related tasks such as setting up mobile workstations. Webinar panelist Kris Rosson, IT security manager at Chumash Casino Resort, said the culture of his workplace didnt encourage a remote workforce in the past, but the virus changed that overnight. They had to scurry to get everyone the equipment they needed and ensure software licenses for these new devices quickly.

While the companies themselves were split surprisingly evenly on a total remote workforce versus a partially remote workforce, the vast majority of security professionals said they are working from home. Those who arent tend to be in industries such as health care, where they are considered essential to keep the networks running safely or their tasks have to be done onsite. In some cases, security staff is rotating shifts in the office so there is always someone keeping an eye on things while acknowledging social distancing.

Although there has been some spike in security incidents, most reported the number of incidents has been about the same since work-from-home became the norm. The vast majority of companies view cybersecurity as an essential function right now, but responses are mixed when asked if they have the necessary tools to securely support a remote workforce and if they are able to utilize best practices.

The survey allowed respondents to make comments. One comment pondered on the idea of a new workplace normal after stay-at-home orders are lifted and businesses begin to reopen their doors. Many staff will continue to be remote even if they can return to the office, the commenter said. Many systems were quickly implemented to allow this capacity to work from home. It is not all bad. It will just be different.

However, webinar panelist and CISO at FXCM Erik von Geldern said he thinks the new work-from-home model has leveled the security playing field. Von Geldern worked remotely before COVID-19. Now, he said, hes become more accessible to other employees in the organization, who in the past felt they couldnt approach him because they didnt have in-person interaction with him. Theres been a shift in the openness in the conversation, he said, because, in communication, were all using the same set of tools.

Another response from the survey pointed out that security professionals are now being looked at as creative problem solvers and risk managers in new ways. John Carnes, an information security architect, said during the webinar that while his company made the transition well, he knew of one company that pushed to get everyone out of their offices quickly. They had an in-office crash course to get them switched over to VPN and turning firewalls on, and literally making those changes on their own computers and packing them up, Carnes explained. These professionals cant do their job on a laptop, so there had to be creative and quick thinking by the security team to be able to allow the employees to keep working on their regular work computers.

But when you move so fast, you forget a lot, too, Carnes added, so that has required some creative thinking. Moving quickly and moving methodically doesnt have to be mutually exclusive. Its a matter of stepping through things and getting answers quickly, but it is important to follow good practices and procedures.

COVID-19 is nowhere near contained and the cybersecurity pros understand this remote work model is going to go on for a while. To get the most from this experience, keep a diary and take notes about what is working and what isnt working. Learn from the crisis to see how to better improve work-from-home security and be prepared for these sudden shifts between the office and home. When we return to somewhat normal, lets learn where we landed and where we came from to keep employees and data safe and secure.

Recent Articles By Author

Link:
How COVID-19 Has Impacted Cybersecurity Teams - Security Boulevard

Leaving the house may increase your chances of contracting COVID-19, but working from home may make you more susceptible to another kind of virus. A computer virus.

The cybersecurity firm RISKIQ predicts the coronavirus outbreak will give hackers one of their best opportunities in recent years to attack computer networks around the world.

There are many reports that hackers are busy targeting people working from home on their work computer, and if you don't have someone from IT a few cubicles away, you're it.

Here are some things you should do the next time you fire up your computer.

One of the most important things is to keep your software updated. On just about any software, you can click the "help" or "support" tab at the top of the page, and then "check for updates." You might need to ask your IT person before updating. Most of these updates include security fixes to address any vulnerabilites.

If you seldom turn off your computer but just put it to sleep, get in the habit of turning it off at least once a week. When you turn it back on it'll automatically search for and install updates on the operating system. This is especially true and important if you use a Windows computer.

Enable 2-factor authentication. If you log out and then back on, you'll have to allow the program or social media site to send you a text message to make sure you're you and not some hackers trying to access your accounts. Do this for any online account including Facebook, Google and even Netflix. It's a hassle, I know.

You can also pick up a security keys, like a Yubikey. Insert it into a flash drive on your computer and anytime you're logging into certain accounts, you can just tap the key so it sees your fingerprint.

If you're on your work computer it probably has anti-virus and anti-malware programs. If you're on yours though, make sure you have something to protect yourself from viruses and malware. If you're looking for something good, free and safe, AVG guards against hacks and C-Cleaner scans your computer for problems and eliminates them. Malwarebytes focuses on malware, and searches for programs that could cause problems that you've accidentally downloaded from the internet.

The best thing you can do, is to be careful about any links you click, whether it's on a website, social media site or in an e-mail. Don't click on anything without asking yourself, can I really trust it?

But if you're working on your company's laptop or connecting to the company's network servers check with the IT department before downloading or installing anything.

Read the rest here:
What the Tech? Work-from-home security | What The Tech? - WFMZ Allentown

A technician at ADT remotely accessed hundreds of customers' CCTV cameras to spy on people in their own homes, the burglar-alarm biz has admitted.

At least one of the victims was a teenage girl, and another a young mother, according to court filings.

Last month, an ADT customer in Dallas, Texas, spotted and reported an unexpected email address listed as an admin user on their home security system. An internal investigation by ADT revealed it was the personal email of one of its employees, and he had seemingly used it to view the home's camera system nearly a hundred times.

A probe found the same technician had made himself an admin on 220 customers' accounts, meaning he could lock and unlock doors remotely, as well as access the live feed of cameras connected to the ADT network. His access is said to have stretched back seven years.

When ADT dug into the logs, it became clear their rogue insider had been regularly spying on customers, including, it is claimed, accessing the video feed from the bedroom of one teenage girl dozens of times. That teenager this week sued ADT for negligence and emotional distress, seeking a class-action lawsuit against the US corp, and naming the technician in question: it is alleged Telesforo Aviles was responsible.

ADT reassured them both that the security system was perfectly safe

The allegations are the stuff of nightmares: the lawsuit [PDF] details how the teenage daughter and her mother were initially uncomfortable about the idea of installing security cameras inside their house, though ADT reassured them both that the security system was perfectly safe, according to court filings, and a technician later fitted the kit.

But then, on April 24, ADT called to explain that one of its technicians had gained access" to her mother's account "and had been watching" the mother and daughter "on approximately 73 different occasions, according to court filings.

Her lawsuit then alleges, "based upon the cameras wide-angle lens and placement, the ADT employee had an opportunity to watch at least" the teenager "nude, in various states of undress, getting ready for bed, and moments of physical intimacy."

An almost identical [PDF] lawsuit has been filed by a second person a young mother whose security system installation included an indoor security camera with a wide-angle view that provided a visual of a bathroom, entryway, family room and dining space, stairs, and into the master bedroom.

To its credit, when ADT heard about the unauthorized access, it did the right thing: it fired the worker, reported him to the cops, and then contacted all those affected explaining the situation.

According to ADT, its unnamed technician abused a service mode function while physically present in customers homes in the Dallas area to add his personal email address a feature that is neither necessary nor permitted, and which the company will remove in an upcoming software update. ADT technicians do not have remote access to that function, but once the technician included himself on the system while physically present, he could access the surveillance gear remotely.

Understandably, however, customers are furious it happened in the first place and went unnoticed for seven years. This type of access could only occur because ADT failed to implement adequate procedures that would prevent non-household members from adding non-household email addresses, reads the teenager's lawsuit.

Similarly, ADT failed to monitor consumers accounts and promptly alert them anytime a new email was added to their accounts. Countless checks could have been in place to prevent or at least stop this conduct. Instead, this breach came to light only by luck and happenstance.

Her lawsuit also noted that there is every reason to believe that other ADT technicians have similarly abused the system: ADT says it is carrying out a detailed investigation and audit to make sure there are no other instances.

Our customers trust ADT with their safety and protection. We understand that this incident jeopardizes that trust and is entirely unacceptable, the company acknowledged in an statement.

We will make extraordinary efforts to earn back that trust. Our investigation is ongoing; we will continue to review all our customer accounts until we can be sure no one elses privacy is at risk. In addition, weve already implemented technical and procedural solutions to help keep this abuse of access from ever happening again.

The manufacturer has also said it will review all of our processes, technical systems and hiring practices to strengthen our account security and customer privacy even more, and weve engaged third-party experts to assist in that review.

In a message to The Register today, ADT said: "We deeply regret what happened to the 220 customers affected by this incident and have contacted them to help resolve their concerns. We are supporting law enforcements investigation of the former employee and are committed to helping bring justice to those impacted by his improper actions."

Sponsored: How to simplify data protection on Amazon Web Services

Read the original:
Rogue ADT tech spied on hundreds of customers in their homes via CCTV including me, says teen girl - The Register