Data Breach Expert Sileo Talks to Fox Business
Victim of a Cyber Attack? What You Should Tell Customers
It seems like every day consumers are learning of data breeches from companies like Sega, Sony and Google. Major corporations like these tend to have the funds and resources to recover from an attack, but for small businesses, that’s often not the case.
A slow response and lack of communication with customers are among the missteps many small businesses make when facing an attack, both of which can cause irreparable damage to the business.
“When consumers are a victim of ID fraud based on interaction with a small business, 1 in 3 never come back,” said Phil Blank, senior analyst for security and fraud at Javelin Strategy & Research.
While data breaches hitting major banks and corporations tend to dominate headlines, small businesses are increasingly becoming targets. Hackers like to prey on small businesses because computers and mobile phones tend to be used for both work and personal use, and many small businesses don’t have an IT staff monitoring and protecting operations.
According to Javelin, small business fraud totaled $8 billion in 2010. Of that, banks, merchants and other providers absorbed $5.43 billion of the loss while the cost to victims was $2.61 billion.
7 Data Theft Hotspots for Meeting Professionals
Everybody wants your data, especially when you are in the business of meetings. Your data doesn’t just have a high face value (e.g., the attendee data, including credit card numbers that you collect and store in your online registration system), it also has a high resale value .
Here is how the theft is most often committed in your industry:
- Competitors hire one of your employees and they leave with a thumb drive full of confidential files, including client lists, personally identifying information on talent and employees, financial performance data, etc.
- Social engineers (con artists) mine your employee’s Facebook profiles to gain a heightened level of trust which allows them to manipulate your human assets
- Cyber criminals hack your lax computer network or sniff the unprotected wireless connections you and your employees use while traveling (Starbucks, hotels, airports).
- Mobile Computing Thieves target your digital devices (Laptop, smartphone, tablet) and other weak points while on the road.
- Opportunistic Vendors (Cleaning services, painters, landlords) quietly collect data assets from your desks, filing cabinets, trash cans and dumpsters when you aren’t even in the office.
Research is screaming at us—more than 80% of businesses surveyed have already experienced at least one breach (average recovery cost according to the Ponemon Institute: $7.2 million) and have no idea of how to stop a repeat performance.
13 Data Security Tips for Meeting Professionals – SGMP
I just finished delivering a keynote speech for the Society of Government Meeting Professionals (SGMP) at their annual convention on identity theft and protecting data in the meetings industry. Data security is a top concern in this industry because it is probably one of the most highly-targeted groups for identity theft, social media fraud, data breach and social engineering. Here’s why:
- Meeting professionals collect, store and transmit massive amounts of private data on attendees
- Data theft risk skyrockets when travel is involved, which is a frequent occurrence for meeting planners and professionals
- Meeting professionals are busy nearly 24 hours a day once they are onsite for the conference or meeting, meaning that they are highly distracted
- A single data breach of attendee data can put the organization responsible for the event out of business due to excessive costs and tight compliance regulations
- Conferences are generally collections of highly professional, highly valuable attendees who travel with laptops, sensitive intellectual property, smartphones, unsecured WiFi connections, etc.
Meeting professionals have enormous responsibilities throughout every stage of the planning process. Identity thieves target conferences because of the sheer quantity and value of data circulating around these events. Protecting sensitive attendee data before, during and after the event has become not only a nicety, but a necessity. Data stolen during the planning, execution or clean-up phases of your event can hamstring your organization with financial liabilities and a public relations nightmare. Start by taking these steps:
Citigroup Data Breach – How it Affects Your Wallet
This week’s news of the theft of private data comes from Citigroup. Seems that even the most reputable organizations can be exposed to the ever-more frequent data breaches we read about. You’ll likely recall the recent news of Sony, PBS, Epsilon and Lockheed Martin. Regrettably, the list is growing by the day. It affects me, and likely, it affects you. Now what?
First, arm yourself with the facts. See the attached articles.
- http://blogs.wsj.com/deals/2011/06/09/citigroup-data-breach-4-tips-to-protect-yourself/
- http://www.reuters.com/article/2011/06/09/us-citi-idUSTRE7580TM20110609
- http://www.informationweek.com/news/181502068
Second, remember to protect your most important data (this information, on its own, or in any combination, is a jackpot to an identity thief):
- Social Security number
- Date of birth
- PIN
- Credit Card numbers
- Bank Account numbers
- Birthdate
Third, never reply to an e-mail requesting personal information. Unless you originate the communication, suspect the worst and do not respond. This is referred to as “Phishing” and the results are never good.
Fourth, if you think your credit card has been compromised, call and request a new card. The phone number is on the back of your card, and the associates answering your call love serving as a hero to you and your credit. They’re awesome folks.
And finally, just pay attention. If your intuition is triggered, there’s likely good reason. You’ll never regret being cautious.
3 Exposure Lessons Learned Via Anthony Weiner
Just for a minute, put yourself in the shoes of Anthony Weiner. You’ve done something exceptionally stupid, whether it’s sending sexually explicit photos of yourself to strangers you don’t even know, or another unrelated mistake. To compound the stupidity, you involve social networking – you Facebook or tweet or YouTube the act – or even simply email details of what you’ve done.
Everyone of us makes impulsively bad decisions (probably not as bad as Weiner, but bad nonetheless). Prior to the internet, you at least had a chance to recover from your past transgressions, as there wasn’t a readily accessible public record of the act unless you happened to be caught on tape (think Nixon, Rodney King, etc.). But now that pretty much every human carries either a camera or video recorder with them at all times (mobile phones), can communicate instantly with a massive audience (Facebook, Twitter, SMS, blogs), and have access to more information than exists in the Library of Congress just by pulling up Google, the equation of how you control sensitive information about yourself has changed radically. Every stranger (and even friend) is like a full service news station with video, distribution and commentary, just waiting to report on your missteps.
Here are three lessons the rest of us can take from the Anthony Weiner affair:
U.S. Lags Europe on Credit Card Security
We can be as patriotic as we want to be, but today, the US lags behind other countries in credit card technology and consumer safety. Our current-day magnetic-strip technology is archaic compared to the chip-embedded cards of our European counterparts. Though some larger US retailers are offering support of the “smart-chip” cards, a mandate for their use (and greater protection for the consumer) is down the road. (Click here for the original story on NPR).
According to Andrea Rock, a senior editor at Consumer Reports who wrote an article about the security gap in the credit card industry (emphasis mine):
“The account information that’s needed to make a transaction on American cards is stored, unencrypted, on a magnetic stripe on the back of each card,”
And that means, until the industry changes, you are at risk. In the mean time, here are a few steps you can take to increase your security:
- Limit use of your debit card. The bank offers you less protection on debit transactions than credit transactions. Additionally, with debit cards, there is a PIN involved, potentially providing immediate cash access to your accounts by clever thieves. If fraud occurs, you are out the money until it is resolved.
- Use your credit card instead. It’s safer. Typically, credit card issuers offer zero-liability for losses associated with unauthorized transactions. You also have a longer time frame to catch and report the fraud.
Why I Love Canadian Accountants
I love Canadian accountants because not only are they some of the warmest people I have met (I speak on identity theft quite a bit in Canada), but they are incredibly eager to learn how to avoid some of the data security mistakes that we have made in the U.S. As accountants, they provide a ton of vital financial advice to their clients, and I can easily see them sharing some of the data security best practices I talked about during the presentation and getting paid well by their clients to do it. And here’s how I could tell their level of absorption: after the speech, they had a slew of detailed follow-up questions. They were curious. You can always tell someone’s intention to act and make changes by their clarification questions. No questions, no interest, no intent to act. Definitely not what I experienced in the charming town of Winnipeg.
If you are ever in Winnipeg, say hello for me and go buy some Chocolates at the little sundry stand in the middle of The Forks market (see the video). You won’t be sorry.
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
