‘Data Breach’ Articles

The following is an excerpt from John’s latest book Privacy Means Profit. To learn more and to purchase the book, visit our website www.ThinkLikeASpy.com.

Locking up sensitive documents is one of the most important and underutilized ways to protect company data. Of the individuals surveyed by the Ponemon Institute, 56 percent state that over 50 percent of their company’s sensitive or confidential information is contained within paper documents. Since 49 percent of all breaches involved paper, locking up what cannot be eliminated or destroyed is essential. To get you firmly into the business mind-set of thinking like a spy, start with this simple three-step classification process:

1. Classification: Set up a classification scheme. For example, you might have four levels of access: public, internal, classified, and top secret.

• Public documents are the only documents meant to be seen by outsiders (the public). This might include sales and marketing materials, websites, public filings, and the like.
• Internal documents are those appropriate for employees of the company to see, but inappropriate for outsiders. These are generally not high-risk documents, still it’s better to keep them confidential, just in case.
• Classified documents are a security risk if the wrong people see them, either internally or externally. Only certain employees and executives would have access to these documents (see step 2). Classified documents might include human resource files,customer lists, product development papers, department financials, strategy frameworks, and so on.

In the Privacy Calendar, the action items that are important to take to protect your identity are listed by priority rather than mind-set. The order was determined according to three criteria:

1. Which steps need to be taken first to make the process simple?
2. Which actions are most effective at preventing identity theft?
3. Which items are you most likely to complete given time and resource constraints?

The detailed information for taking each of the steps is contained in the individual mind-set chapters of Privacy Means Profit, which are shown in italics and enclosed in parentheses following the steps, for easy identification. I strongly recommend that you refer back to each chapter for in depth explanations of each step.
I also highly recommend that you set up a schedule for yourself and complete the items phase by phase. Take 10 minutes a day, one hour per week, or one weekend a month and schedule time to ‘‘accumulate privacy.’’ If you have to wait on one of the action items—for example, you order your credit report but it will be 10 days before you receive it—move on to another of the items further down the list and return to the item you skipped when you receive the report.

Privacy Means Profit (Wiley) available in bookstores today!

Here are The Top 5 Reasons You Shouldn’t Buy It:

You love sharing bank account numbers, surfing habits and customer data with cyber thieves over unprotected wireless networks

You never tempt hackers and con artists by using Gmail, Facebook, LinkedIn, Twitter, Google Docs, or other cloud computing platforms to store or communicate private info, personally or professionally.

You bury your head in the sand, insisting that “insider theft” won’t affect your home or business.

You’ve already hardened your laptops and other mobile computing devices in 7 vital ways,  eliminating a major source of both personal and corporate data theft.

You have a “thing” for identity theft recovery costs and would rather invest thousands in recovery than $25 in prevention.

If you want to defend yourself and your business against identity theft, data breach and corporate espionage, then buy a copy of Privacy Means Profit.

Privacy Means Profit

Prevent Identity Theft and Secure You and Your Bottom Line

Privacy Means Profit builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

By Mickey Murphy

Information security. Identity theft. Black hat hackers. This all sounds like three-alarm lingo from some old DC comic book: “Immediately sign over all of your wealth, or I will hack you and steal your identity!” What do these oblique, non-intuitive terms mean? Here is how Wikipedia defines them: Information security — “Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.” Identity theft — Fraud that involves someone pretending to be someone else in order to steal money or get other benefits.” Black hat hackers (also known as crackers) — “Hackers who specialize in unauthorized penetration” of computer systems, as opposed to white hat hackers who test computer systems for companies to determine their penetrability.

However we characterize them, information security, identity theft and so on represent major challenges today.

A prime example of consumer vulnerability came last year when federal authorities indicted three men on charges of hacking into computer systems at numerous Dave & Buster’s restaurants and stealing

credit card information. The federal government accused the men of stealing “Track 2” magnetic stripe data — which includes account numbers, expiration data and security codes — from customers’ credit cards, and then selling this information to others who used it to make fraudulent purchases.

John Sileo knows identity theft and data breach first hand – he became “America’s Leading Identity Theft Speaker and Expert” after losing his business and more than $300,000 to these costly crimes. He has provided these Identity Theft Resources to help you protect your organization from suffering from the losses that result from unprotected private information. Visit John’s Identity Theft Prevention Store to learn more.

Hire John to train your employees to prevent identity theft, data breach and corporate espionage

Safe data is profitable data, whether it’s a client’s credit card number, a patient’s medical file, an employee’s benefit plan or sensitive intellectual capital. By the time John finishes his hilarious closing story, your audience will be fully empowered to protect private information, at home and at work.

John’s Most Requested Identity Theft Training Presentations (Keynote Topics)

Think Like a Spy
Information Survival Skills

The biggest threat to our identities (and to valuable corporate data) is our lack of a Privacy Reflex. Few of us have ever been trained to respond appropriately when someone requests our sensitive information. Think of how easily you give your information away on the Internet when someone promises you a free gift. This presentation will give your audience the fundamental building blocks to proactively protect valuable information assets. The result is a safer individual with strategic privacy skills that protect your organization’s bottom line.

Fellowes Powershred

Workplace identity theft isn’t caused by paper documents because we have gone paperless, right? Rubbish. Paper rubbish, in fact.

You and I both know that we use as much paper as ever. We sign up for electronic statements and then print and file them, along with important emails, financial documents, etc. Paper documents are more plentiful than ever, and they pose a significant risk of workplace identity theft and data breach.

According to a recent study* conducted by the Alliance for Secure Business Information (ASBI):

80% of large organizations surveyed indicated that they had experienced one or more data breaches over the previous 12 months. 49% of those breaches involved the loss or theft of paper documents. The average breach recovery cost $6.75 Million!

Businesses often make social engineering (or fraud) training boring! And that’s bad for your bottom line, because no one ends up remembering how to protect your organization against threats like data theft, corporate espionage or social networking exposure.

Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s actually in process at the moment. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.

This social engineering video was recorded at a fraud training I did recently for the Department of Defense, and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:

During a recent 60 Minutes interview, I was asked off camera to name the Achilles’ heel of an entire country’s data security perspective; what exactly were the country’s greatest weaknesses. The country happened to be New Zealand, a forward-thinking nation smart enough to take preventative steps to avoid the identity theft problems we face in the States. The question was revealing, as was the metaphor they applied to the discussion.

Achilles, an ancient Greek superhero — half human, half god — was in the business of war. His only human quality (and therefore his only exploitable weakness) was his heel, which when pierced by a Trojan arrow brought Achilles to the ground, defeated. From this Greek myth, the Achilles’ Heel has come to symbolize a deadly weakness in spite of overall strength; a weakness that can potentially lead to downfall. As I formulated my thoughts in regard to New Zealand, I realized that the same weaknesses are almost universal — applying equally well to nations, corporations and individuals.

Steve Jobs unveiled Apple’s new iPhone 4 on June 7 in San Francisco. While the new features keep the iPhone at the forefront of technology, they also cause some privacy concerns.

One concern that carries over from previous iPhone models is the Always-on iPhone Apps that track your every move through the GPS navigation system. Back in April, Apple began allowing location-tracking applications to run in the background.  So, for example, companies like FourSquare, Yelp, and Facebook can continuously track your location, providing automatic notifications  to your friends when you are less than 1/2 mile away from them, if you allow them.

For example, I just had a highly confidential client meeting at the client’s corporate headquarters. To the  uninitiated, that means that the company I was visiting is probably having data theft issues (and has brought me in to help). If the media finds out that they are having these issues before the company has had a chance to start the damage control process, their stock will drop far faster than if they have prepared for the news to go public. If Facebook or FourSquare is broadcasting my whereabouts, my followers already know which company is having the problem, their competitors know it (if they are following my GPS broadcasts), and the media sits and waits for me to enter the building. Luckily, I’m not well-known enough for anyone to care, but just in case, I don’t broadcast my whereabouts. Other, far more influential people, do so without thinking twice about it. Which goes to show you that there are ways to utilize all of the cool new technology without letting it control you. With the right knowledge, you can take control of how your information is utilized.

Quoted from the original CSO Online story:

Social engineering stories: The sequel

Two more social engineering scenarios demonstrate how hackers still use basic techniques to gain unauthorized access, and what you can do to stop them

By Joan Goodchild, Senior Editor
May 27, 2010 —

John Sileo, an identity theft expert who trains on repelling social engineering, knows from first-hand experience what it’s like to be a victim. Sileo has had his identity stolen—twice. And both instances resulted in catastrophic consequences.

The first crime took place when Sileo’s information was obtained from someone who had gained access to it out of the trash (yes, dumpster diving still works). She bought a house using his financial information and eventually declared bankruptcy.

“That was mild,” said Sileo, who then got hit again when his business partner used his information to embezzle money from clients. Sileo spent several years, and was bankrupt, fighting criminal charges.

Now that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.

ow that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.