Bring Your Own Device (BYOD), is a growing trend in the business world where employees use their own personal mobile devices for work. This means that sensitive company information including customers’ personal identifying information (PII) and company trade secrets may be accessible from, or might be stored on the employee’s personal phone or other digital device. While there are many benefits from implementing BYOD for businesses, it also creates a new set of security challenges as employees’ personal phones are more difficult to monitor and protect than a company computer that never leaves the office. Below is a comprehensive but not exhaustive list of security measures that companies implementing BYOD should consider:

security tipsPassword Protection: A strong password should be at least 8 characters in length and include case sensitive letters, numbers, and special characters. This password should be required to access any company data on an employee’s mobile device. It is also a good idea for the employee to have a 4 digit pin passcode to be able to turn on the phone at all. Encryption of Company Data: Any company data, or even all data on the phone, should be encrypted using industry standards. Encryption will help protect any company data from being accessed even if a thief has stolen an employee’s mobile device and attempts to hack into it.

Limit use of Apps: Apps pose a security vulnerability, as they are programs that are downloaded by the user, and installed onto the phone. Use of apps on user devices is a hotly argued topic at the moment. These apps can contain malicious software in them, or may simply request and get permissions to access a wide variety of data on the device, in order to complete the install. The possibility that BYOD users might install an app that breaches company data is raising serious concerns in the IT community. This makes it a priority that employees be informed as to what apps are safe and acceptable, and which ones are not. Even with those types of guidelines, it is important for employees to read the reviews of apps to help determine whether it is malicious or not. It is also a smart guideline not to install any app that does not have a significant number of positive reviews. Even with that, it is important that when installing the app that the user be very aware of the permissions the app is requesting, and that they fit the purpose appropriate for the function of the app.

Remote Data Wipe Ability: Employers that allow company data to be stored on a BYOD platform must be able to remotely wipe the device in case the employee either loses the phone or has it stolen from them. Additionally, the employer must also be able to wipe the device upon the employee leaving the company.

Antivirus Software: At a minimum, employees’ devices should have updated antivirus programs installed to help mitigate malicious attacks. In addition to antivirus software, providing VPN connections for employee devices, where appropriate, would greatly reduce risk of breach into the phone’s data.

“Bring Your Own Device Security Tips” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original posting.

There was a time when every parent knew what to tell their children to be safe. Children knew not to take candy from strangers, or go swimming right after eating. These days the rules have all changed and children have a new playground on which they must be trained in order to stay safe.

cyber securityThe cyberworld takes up a huge amount of children’s time and, unfortunately, is very dangerous. Sitting a child down and explaining to them about protecting their private information online or staying away from child predators is not easy. Here are some fun ways to teach your child cybersecurity.

  • Stay Safe Online: Stay Safe Online is a wonderful program put together by the National Cyber Security Alliance. Thier website (www.staysafeonline.org) provides a wealth of information for teachers and parents to use in order to teach children about cyber security. The site is even broken down into grade level so that children will not feel like something is too immature or way over their heads.
  • iKeepSafe: Within iKeepSafe’s website (www.ikeepsafe.org) there are areas for educators, communities and parents. There is also a section for children themselves to peruse and learn as they go. One of iKeepSafe’s programs is called “Prevent & Detect”. It teaches parents how they can use technology to prevent and detect everything from eating disorders to alcohol abuse. This is a great way for parents to learn how to use the cyberworld to help protect their children rather than simply fearing it.

Armed with these wonderful resources, it shouldn’t be such a hassle to help children understand the dangers of the Internet. Parents will be able to spend less time on explaining the intricacies of online identity theft and more time making sure their children look both ways before crossing the street.

“How to Teach Your Child About Cybersecurity” was written by Nikki Junker.  Nikki is the Social Media Manager at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original post on the ITRC Blog.

It has been a particularly disturbing couple of weeks as headlines throughout America highlight how some of our most powerful financial institutions were being hacked by alleged foreign powers. It all began on September 17 when the FBI issued a joint Bank Fraud Alert with the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Internet Crime Complaint Center.

whitehouse hackedThe Bank Fraud Alert warned banks and financial institutions that hackers were using Distributed Denial of Service (DDoS) attacks to take down their consumer websites to distract both the consumers and bank cybersecurity while millions of dollars were fraudulently wired out of peoples’ accounts. The very next day, Bank of America was reported to have website problems and consumers were having trouble accessing the website and their bank accounts.

On September 19, J.P. Morgan Chase Bank was reported to have similar problems as their website went down and consumers could not access their bank accounts. That same day, FS-ISAC raised its Current Financial Services Cyber Threat Advisory from “elevated” to “high” for the first time in its history. A few days later on September 25, Wells Fargo suffered website outages followed by website problems for U.S. Bank and PNC Bank the next day.

A hacker group by the name of Izz ad-din Al qassam Cyber Fighters has been claiming responsibility for these DDoS attacks, but experts warn that it is more likely that an organization with far more money and capabilities is responsible for these attacks. Senator Joseph Lieberman, Chairman of the Homeland Security Committee, stated in a C-SPAN interview that he believed Iran’s government sponsored the cyber-attacks.

Now, the Washington Free Beacon reported on Sunday that alleged Chinese government hackers had breached a computer system associated with the White House Military Office. A White House official confirmed that hackers had breached an unclassified computer network, but emphasized that the network had no unclassified information and no data appeared to have been stolen.

Apparently, the breach was made possible by a spear phishing attack, which involves the use of a message that appears to be authentic and contains a file or link to be clicked on which then installs malicious software onto the computer. The Senate blocked the Cybersecurity Act of 2012 in August which was designed to help bolster cybersecurity in critical infrastructures in the United States, leaving the Obama administration to consider issuing an executive order to improve cybersecurity instead.

“First the Banks, Now the White House” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the ITRC_Blog.

Last week someone in my family asked me if I could help them with their computer. I asked them what was seemed to be wrong with the machine. They told me that it would start normally at first, but as soon as Windows was done loading they would get a pop-up that they had been infected with a virus that was above the level of what their normal anti-virus could handle. They were told that they needed to pay for this additional coverage to remove the problem. Unfortunately, they continued, and paid for the “extra service.”

This person, like so many of us, is not stupid. In fact, they are very intelligent. However, what is taken for granted as basic computer safety knowledge by theransomware younger generations is may be an unknown area of knowledge to those who never created a Word document for a paper in High School, never had a Facebook account that their parents monitored, and were never taught even the fundamentals about Cybersecurity. Today, when the Internet is no longer an option but a necessity for most of us, cyber criminals are finding an easy target in people who may be using the Internet and a personal computer for the first time.

I asked this family member if they had current updated anti-virus security on the computer, and they were not quite sure what I was talking about. This I could believe, as many people who were raised in the age of Internet still don’t know the importance of having an anti-virus with updated virus definitions installed on their computers. Good antivirus programs are perhaps the best way to protect yourself (and computer) from many of the threats, including viruses, malware, and cybercrime exploits. This ounce of prevention can save people from spending a pound on a cure.

Unfortunately for my family member, it was “too little, too late” for the prevention approach, and they had to take their computer in to have it fixed. This one event cost much more than an anti-virus program would have cost, not to mention the money paid to the Cybercriminals behind the Ransomware, and the time and frustration of the related computer problems. While it comes as little comfort to my family member now, this story has taught a lesson; use an anti-virus, and keep it up to date, always.

This experience also shows how easy it is to fall for the Ransomware scams, and how important it is to educate people about the current Cybercrime trends. Perhaps the next family night we will not be breaking out the Scrabble, but instead a Power Point presentation on Cybersecurity.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.

Two days ago, the Federal Bureau of Investigation, the Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center jointly issued a Fraud Alert to financial institutions warning them of alarming trends in unauthorized wire transfers overseas in amounts ranging from $400,000 to $900,000. The Fraud Alert explains that after targeting financial institution employees with spam and phishing e-mails, the cyber criminals installed keystroke loggers and Remote Access Trojans to be able to completely access internal networks and logins to third party systems. In other cases, the cyber criminals stole employee and administrative credentials allowing them to avoid verification methods used by the financial institutions to prevent fraudulent activity.

This enabled them to peruse through multiple accounts, selecting those accounts with the highest balances to conduct wire transfers from. According to the Fraud Alert, the cyber criminals were able to “handle all aspects of a wire transaction, including the approval… obtain account transaction histories, modify or learn institution specific wire transfer settings, and read manuals providing information and training on the use of US payment systems.” The Fraud Alert theorized that the cyber criminals used distributed denial of service (DDOS) attacks against the financial institutions’ public websites as a distraction to keep them occupied and distracted while fraudulent wire transfers were being conducted.

Yesterday, the Financial Services Information Sharing and Analysis Center raised their Current Financial Services Sector Cyber Threat Advisory from “elevated” to “high,” leaving the Physical Threat Advisory at “elevated.” Soon after, Reuters reported, “the consumer banking website of JPMorgan Chase & Co was intermittently unavailable to some customers. The problems followed issues with the website of Bank of America Corp on Tuesday amid threats on the Internet that a group was planning to launch cyber attacks on a U.S. bank.”

This incident occurs amid the heated debate in Washington over how to bolster the cybersecurity in the United States and reminds us just how important cybersecurity is in this new digital age. We must consider as a nation, the impact cyber attacks from criminals, terrorists, or other countries can have on us as a whole. Imagine what could happen next time financial institutions were attacked if the main goal was not to steal millions of dollars but to take the whole banking system down? In order to improve, there has to be change on a national level. The challenge now facing us is how best to balance the competing interests of privacy protection, avoiding over-regulation, and providing room for effective individual cybersecurity protocols.

Senator McCain’s SECURE IT Act has yet to reach the Senate floor, but will likely face intense scrutiny over the potential lack of government regulation and concern over privacy protections. Even modest improvements to our national security picture will require that we put aside the contentiousness and work together in earnest. Unfortunately, it seems that Congress may not be up to that task and President Obama might have to resort to issuing an Executive Order. This action, by its nature, will create more strife and disagreement in an already gridlocked Congress.

“Banks Warned of Heightened Cyber Threat by FBI” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

A report released by Norton (Symantec), a leader in cybersecurity that develops antivirus, anti-malware, and other related products and software, demonstrates just how pervasive cybercrime is in today’s digital age. The report was the final product of 19,636 interviews of adults, parents, children, and teachers from 24 developed and emerging countries.

cybercrimeThe report confirms that cybercrimes are becoming more common than normal “offline” crimes. This may be due to the fact that cybercriminals are very difficult to find, even as they continue to commit more criminal acts. Norton found that there are approximately 1,000,000 cybercrime victims every single day of the year. This amounts to a cost to society in the amount of $388,000,000,000 ($388 Billion) in just 2011. Of that amount, $114 billion accounts for money actually stolen or money spent to resolve cybercrimes. The remaining $274 billion of that money is in the form of time and costs to victims dealing with cybercrimes. To give a better idea of the staggering size of cybercrime’s financial costs, Norton compares the $388 billion cybercrime cost to the global black market of marijuana, cocaine, and heroin combined at $288 billion. In fact, the sum of all global drug trafficking is valued at $411 billion, only $23 billion more than cybercrime costs.

Unfortunately, the spread of cybercrime is unlikely to slow down as the number of people using the Internet, computers, and especially mobile devices increases. Of those surveyed, 69% of all adults have been a victim of cybercrime, and of those, 65% were victims in 2011 alone. The report shows that the more time one spends online, the more likely they are to become a victim of cybercrime. This is supported by their results which show that 75% of “millennials” (aged 18-31) have been victimized at some point compared to only 61% from the boomer generation. Usage of mobile devices to peruse the Internet is widespread and growing, with 44% of mobile device owners using their device to surf the Internet, and nearly 60% of millennials doing the same.

Even more disturbing is that the spread of cybercrime to these mobile users is just beginning. In 2011, 10% of all mobile device users online had fallen victim to cybercrime. Considering that the number of mobile users surfing the Internet is already large, and that the number will certainly go up as time goes on, it is safe to assume that mobile device related cybercrime is inevitably going to increase. In this society, even a minor increase in percentage of victimized users, will be a very large number of individuals affected.

Despite the staggering number of cybercrimes being committed on a yearly basis, the public perception of these crimes continues to underestimate how severe and common they are. Of the people interviewed, 44% had been a victim of cybercrime in the last year while only 15% had been a victim of some form of offline crime. That mean that cybercrime is nearly three times more common than “off-line” crimes. The perception problem is that, of the people surveyed, only 31% thought that they were more likely to become a victim of cybercrime than offline crime.

This misconception helps explain why 40% of adults surveyed did not have an up to date security suite to protect their personal data. Not only are consumers not adequately protecting themselves online, but only 21% of actual victims reported the cybercrime to the police after becoming a victim. This perception that cybercrimes aren’t quite the same as offline crimes might be reinforced by the lack of avenues to get help after becoming a cybercrime victim. Of those who reported suffering both cybercrime and offline crime, 59% felt there were fewer ways to get help after the cybercrime.

It is clear from Norton’s Cybercrime Report that cybercrime is here to stay and should be considered a high priority by law enforcement and consumers who use the Internet. People must be educated about the risks associated with Internet use and encouraged to protect their personal information in this digital world. The next time you are about to log onto the Internet from your desktop or mobile device, take a moment to consider whether you have taken enough steps to protect yourself from cybercrime.

“Norton Cybercrime Report 2011: Painting a Dismal Picture” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC_Blog.

If you have scratched below the surface of the avalanche of articles on identity theft, scams, cyber-security, or related topics, you have probably run across the term “spoofing.” However, even many of us that work in the field are not very good at explaining to others what the term means, and the various ways the term might be used. So, here goes….

From www.dictionary.com:

spoof; noun

  1. a mocking imitation of someone or something, usually light and good-humored; lampoon or parody: The show was a spoof of college life.
  2. a hoax; prank.

In the context of cyber-security and related subjects, “spoofing” means providing false information in order to make the intended victim think the communications has come from either someone they know, or a business or entity that they would tend to trust. However, there are a number of types of “spoofing”, some more technical than others:

  • IP spoofing is a technique used to make a computer user think that a particular Internet IP being presented is a safe computer/server, and should be trusted. Most of us don’t directly confront this type of spoofing, and probably are unaware of how it works. Just like phone numbers, IP addresses are supposed to signal a unique address or location across the Internet, so faking an IP address can be used by criminals as a method of becoming part of a trusted network. A consumer is unlikely to be directly confronted with IP spoofing, unless they are working in a technical field.
  • Caller ID Spoofing is used to make an incoming call present a phone number that the intended victim might know or trust. However, the number appearing on the Caller ID is not the real calling number, and “spoofing” the number is used for exactly that purpose, to gain trust in a situation when none should be given. With the advent of VOIP or Internet-based phones, the ability to make an incoming call look like it was from San Diego, when the caller is in Russia, is a fact. Caller ID cannot be trusted to determine anything about the caller. Caller ID Spoofing is done quite often, and the average consumer is often in the dark as far as knowing who is really making the call. If in doubt, the best policy is to disengage from the call, then look up the company by name, and call a listed number for the company to inquire about the contact. It should be remembered that people who do business with you already have the information about you, your account number, etc. It is an entirely different situation if you call the company, and are asked for credentials before they will discuss your business with them. However, if the call is coming from them to you, they are the ones that need to prove who they are before you give them any information. Be warned!
  • Email Address Spoofing is probably the most common type of spoofing. Most of us have seen this many times on incoming email, although we may not have recognized it. All of us observe the senders name/address on incoming emails to see who the sender might be, and whether we think about it or not, we tend to give credibility to that email based upon any previous knowledge we may have of the purported sender. Spoofing the “From:” address is often done as part of a fraudulent scheme. If the “From:” address makes you think the email should be trusted, then you are much more likely to click on a link or take other action, or otherwise give some credibility to an email that is coming from a complete stranger, and possibly a thief. Many of the emails used in “Phishing” schemes will have spoofed sending addresses. In fact, a more deadly form of this attack, called “Spear Phishing” uses email addresses from someone recognized as an authority, such as a highly placed executive of your company, to make your response even more likely. You are not going to turn down a request from your Vice President are you? And, it’s a given that website links in these spoofed emails cannot be trusted: they are spoofed also, and will very rarely point your web browser to the address that the link purports to be. Altogether, it is wise for all of us to be wary of incoming email, unless we are very sure of the sender and the authenticity of the message.
  • SMS or Text Spoofing: In a similar fashion to Caller ID and email spoofing, it is also possible for a text message (SMS) to appear to be from a trusted source, while it really is from a quite different sender. In a manner similar to other types of spoofing, be very aware when a text message invites you to take actions, or strongly implies a course of action that you had not anticipated. Like other forms of spoofing, the best answer is to be suspicious and fact check, before you act.

Spoofing is a part of the world we live in now, and it is a key element of the “social engineering” used against consumers in attempts to commit fraud and identity theft. Being skeptical and checking information by other means is really the key to avoid becoming a victim.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.

These days we hear a lot about “the cloud.” There are services encouraging you to upload your data to the cloud, and you can access it from anywhere and easily share files with others. But the flip side is the fact that you’re pushing your personal information from your own computer to data centers where you no longer have control over it. If you backup your computer to an online, or cloud, backup service, how do you know your data is safe?

What Is Cloud Backup?

Let’s first define what a cloud backup provider is: a cloud (or online) backup service consists of an application that runs on your local computer which copies files to an online data center. In the event of a hard drive failure, theft, fire or flood, you can then restore (or copy) your data to your replacement drive and not lose any files.

Cloud Backup Encryption

Many files contain personal information, which should remain confidential. In order to do this, cloud backup services encrypt the data before transmitting it. Most services use at least 128-bit encryption (the same as banks use) and will transmit the data via a secure connection. To decrypt the data, your private key is required. Without it, the data is useless.

To make online backups easy for customers to use, providers typically will store the private key for you. After all, if you lose the key, you can’t get the data back. But, this means that with a court order, these providers can use your private key (which they store) and gain access to your data. To prevent this, create your own private key and either memorize it (it can be any length you’d like) or save it to another location (don’t save it to your hard drive, as if the hard drive fails & you can’t read the key file, you won’t be able to decrypt your backup set).

Cloud Backup Best Practices

Maintaining your own private key is a good step in securing your cloud backups, but the file structure is still saved in a non-encrypted format. So, if you have a filename or folder name that contains personal or confidential information (such as bank_accounts/5675196254.xls), the filename can be read and data assumed without even decrypting the file. To combat this, look for a service which not only encrypts the data, but also the filename and folder structure.

Local Backup: An Alternative

Keeping a local backup of your data is often cited as an alternative to a cloud backup solution. The argument is that it’s cheaper (buy a 1TB drive for under $100 and add $20 for some backup software) and faster (a full local backup takes a few hours, a full online backup can take weeks). However, if you choose to backup your data to an external hard drive, make sure the data is encrypted. No need to make it easy for a thief to walk into your den and snag all of your data.

When compared to local backups, the online service can be more affordable (it’s easier to pay $5 per month than it is to shell out $120 all at once) and while the initial backup is slower, subsequent backups only transfer the files that change, making them just as fast as the local option.

Summary

In the end, having an online backup with the default encryption choices is still a better bet than no backup at all. Cloud backups give you remote access to your files and protect you when your hard drive fails (all hard drives fail – it’s a matter of “when,” not “if”). Knowing the different encryption options will help you choose the best online backup service.

Eric Nagel is owner of OnlineBackupsReview.com, a site which reviews various online backup services. He’s been covering the online backup industry since 2008.

Progress in technology is occurring faster than ever before in human history. The wealth of information now at our fingertips makes things possible that were unthinkable even a few short years ago. One of these is an interesting new development in law enforcement tactics. The use of digital data, stored on sites like Facebook, or GPS tracking data harvested from your smartphone is being utilized by law enforcement to both track and convict criminals of crime. Utilizing technology as a tool for law enforcement is not a new concept, nor is its effectiveness in dispute. The use of such tactics is not without controversy however, and privacy advocates are expressing concern as to the morality and legality of using someone’s personal webpage against them.

phone

In January of this year, The U.S. Supreme Court for the first time limited police power to track people using GPS devices, setting a general standard for the privacy rights Americans should expect from a new generation of wireless electronics. From now on, law enforcement officers can expect that using GPS information to track and build evidence against a suspect will be scrutinized carefully if it is done without a warrant. Probable cause will need to be established. Essentially, the court ruled that the 4th amendment does extend to electronic surveillance of this kind. However, the divergent opinions expressed by the court leaves in doubt just exactly where the line will be drawn as to what will constitute an invasion worthy of 4th amendment protection. That line will need to be defined by future litigation, but what is already clear is that the court recognized technology’s ability to peek into our personal lives in a way that is new and unprecedented. And the court ruled that the 4th amendment in certain situations can and should provide us some protection from these intrusions.

The use of Social Media sites like Facebook and Twitter by law enforcement is also coming under scrutiny. Following the London riots of last summer, the New York Police Department formed a special unit to monitor gang activity on social media sites, and found it to be an incredibly effective tool. Criminals often post things indicating everything from gang affiliation, to evidence of the commission of a crime. The FBI too, has adopted similar tactics, with similar success. This notable success in preventing crime has been both cheered as groundbreaking, and criticized as an improper invasion of privacy. It’s hard to argue that a criminal boasting of committing crimes on social media pages has much expectation of privacy, but what is unclear up to this point is just how police go about getting information from social media, and what the standard of conduct is or should be related to viewing and extracting information from a potentially personal webpage.

What is clear is that as technology grows ever more advanced, the balancing act between increased connectivity and expectation of privacy will be ever more difficult.

“Phone and Social Media Tech Now Being Utilized by Police: Effective New Tool in the Fight Against Crime, or Invasion of Personal Privacy?” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the ITRC Blog.

I am one angry lady right now. My name is Nikki and I am the Social Media Coordinator here at the Identity Theft Resource Center. Something just happened to me that I had read about, but like everyone else had decided it would not happen to me. Yes…my Pinterest was hacked. For those of you who don’t know what Pinterest is, it is a social networking site where you can “pin” pictures to your “boards” so that you may go back later and find them. It is a visual social bookmarking site if you will. While I am not as obsessed as many users, I have thoroughly enjoyed pinning items to my craft board so that I can go back later and look when I have time.

Last month I worked to spread the word to consumers about the scams that were running rampant on Pinterest, but I did not think it would happen to me and the small amount of pins I had acquired. I was wrong. Just now I happened to come across a Facebook post about how to make a very cool iPad case using wallpaper so I thought I would go ahead and pin it so I could check it out later. This is when the trouble began.

I have several different “boards” on my Pinterest to organize what I find online, but the board to which this particular link wanted to post to was called “Make Money Online”. Fairly certain that I had not created that board, I logged into the site and found that several boards had been created and items had been pinned to them. The pinned items, when clicked on, would lead someone to either an online job scam or a malware download.

Now, because of my work experience at the ITRC, I was able to recognize this and delete these boards before clicking on them. I changed my password and looked through my profile to be sure nothing else nefarious was going on. But I wonder how many people would actually know to do that? I also wonder if the Social Media Coordinator at the Identity Theft Resource Center had something that I just wrote about happen to me, then how often is this occurring?

Needless to say, I understand that having some malicious linked pinned onto your Pinterest boards is not as devastating as having your checking account taken over. However, it did really make me feel vulnerable and a bit violated. In the end, the lesson was learned to check my Pinterest more often than once a month. I advise that you do the same.

“My Pinterest Got Hacked” was written by Nikki Junker. Nikki is the Social Media Coordinator at the ITRC.