As a recognized expert I'm constantly being asked by members of my audience and people who read my book what recommended resources I use.
Latest Posts
Mobile Security Webinar: Defending SmartPhones, iPads, Laptops Against Cyber Attacks
- Are iPhones, Droids and BlackBerry mobile phones secure enough to be used for sensitive business?
- What is App Hijacking and how do I keep it from stealing all of my GPS coordinates, contacts, logins and emails?
- Given that laptops account for almost 50% of workplace data theft, how do I protect myself and my company?
- Are Wi-Fi Hot Spots a recipie for data hijacking disaster and what is the alternative?
- How do I protect my personal and professional files that live in the cloud (Gmail, DropBox)?
Free Webinar - Cyber Attack: Data Defense for Your Mobile Office
In the information economy, tools like the iPad, WiFi and smartphones have shifted the competitive landscape in favor of mobile-savvy businesses. But are you in control of your information, or are you being controlled? Learn how to be in control of your critical information while protecting your business’ mobile-digital assets.
This Webinar series, sponsored by Deluxe®, is a multi-part interactive Webinar series designed to address these topics and provide simple, actionable tools to protect and enhance the efficiency with which you run your business.
In this class, Cyber Attack: Data Defense for your Mobile Office, you will learn how to:
- Protect smartphones and tablets from common attacks, including app hijacking, Wi-fi Sniffing, Link Jacking and other criminal tools.
- Weigh the pros and cons of cloud-computing model (Gmail, SalesForce, online billing).
Using an iPad to Your Competitive (and Secure) Advantage
If you received an iPad for the holidays (or already have one), you own the most powerful productivity tool invented in the last 20 years – it’s like command central for your life and work. I use the iPad as a step-by-step, centralized way to keep tabs on everything related to my business. Over a cup of coffee, I consume highly-relevant information (no Angry Birds at this point in the day) in a low-stress way simply by clicking through my iPad apps in a consciously prioritized order. I’m not actually taking action on anything at this point, just getting an overview of the appointments, current events, and communications that will make me more effective. That way, when I get down to work, I know exactly what should get my attention. The routine is always the same, so I never have to remember what I need to do except to open my iPad before I officially start the day. The process takes me about 20 minutes, and by the time I get to work, my brain has sorted most of the information and knows where to start. Here’s how I consciously prioritize my apps (see screen shot):
- Calendar (iCal). I look at my calendar first to remind myself of appointments taking place that day.
Top 7 Reasons Mobile Banking Apps Aren’t Safe (Yet)
A new study produced by The Ponemon Institute and ThreatMetrix (Mobile Payments & Online Shopping – October 2011) states that only 29% of consumers use mobile banking apps on their smart phones and tablets. Of those that don’t participate, 51% cite security reasons for their lack of participation. In other words, consumers like you and I are not yet comfortable with mobile banking. And our instincts are correct! Why shouldn’t you be comfortable with mobile banking appsquite yet?
Top 7 Reasons Why Mobile Banking Apps Aren’t Yet Safe
- Because most app stores (e.g., Android Marketplace) don’t review apps for security, it is very easy for criminals to post malicious apps that steal information from your mobile device (like your bank account numbers).
- The average smartphone or tablet user has installed no security software on their mini-computer (that’s what smartphones and tablets are), meaning that they have only a fraction of the security of a laptop or desktop.
- Detected malware developed for the Android platform alone has increased by 400% in the past year.
- The technology that keeps apps separate on your smartphone or tablet doesn’t separate them out into private sandboxes, meaning that one app can read the juicy details stored in the other without much difficulty.
Dropbox a Crystal Ball of Cloud Computing Pros & Cons
Dropbox is a brilliant cloud based service (i.e., your data stored on someone else’s server) that automatically backs up your files and simultaneously keep the most current version on all of your computing devices (Mac and Windows, laptops, workstations, servers, tablets and smartphones). It is highly efficient for giving you access to everything from everywhere while maintaining an off-site backup copy of every version of every document.
And like anything with that much power, there are risks. Using this type of syncing and backup service without understanding the risks and rewards is like driving a Ducati motorcycle without peering into the crystal ball of accidents that take the lives of bikers every year. If you are going to ride the machine, know your limits.
This week, Dropbox appears to have altered their user agreement (without any notice to its users), making it a FAR LESS SECURE SERVICE. Initially, their privacy policy stated:
… all files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password. (Quoted from PCWorl)
Currently, the privacy policy says that Dropbox can access and view your encrypted data, and it might do so to share information with law enforcement. Why is that important? Because it means that the encryption keys that keep your files private are actually stored on Dropbox’s server, not on your own computer. This puts the keys to your data (and every other Dropbox user) in the hands not only of Dropbox employees and law enforcement, but vulnerable to hackers. When the encryption key is located on your computer, at least the risk is spread over Dropbox’s user’s network.
The Grinch Effect: Identity Theft at Holiday Parties
Huzzah! The holiday party season has officially begun! It is my favorite time of year because I try to take a few weeks off of the professional speaking circuit to slow down to a normal pace. Over the coming weeks, all of the Whos in Whoville gather to celebrate the communities to which we all belong. Whether it is a neighborhood party, a work celebration or an association shindig (okay, I’m starting to use words that my parents use), it is a great time to honor our friendships, colleagues and causes.
Unfortunately, the abundance of the season attracts malcontents who try to take advantage of our happiness and busy-ness. I call this the Grinch Effect: stealing from others while they are lost in a brief moment of joy. Like the Grinch pilfering the last stocking from the fireplace, identity thieves use our distraction to pluck pieces of private data from our festive homes. Enough already! If you are hosting a holiday party (either at your home or in your office), here are some tips on protecting your identity to foster holiday serenity:
Workplace Identity Theft: Shredding
The following is an excerpt from John’s latest book Privacy Means Profit. To learn more and to purchase the book, visit our website www.ThinkLikeASpy.com.
For businesses, shredding is low-hanging fruit (one of the easiest sources of data breach to eliminate). But businesses are so often focused on electronic forms of data breach that they fail to heed the following statistics highlighted in a recent Ponemon Institute study conducted for the Alliance for Secure Business Information:
- More than 50 percent of sensitive business data is still stored on paper documents.
- Forty-nine percent of data breaches reported in the survey were the result of paper documents.
- Sixty percent of businesses admitted that they didn’t provide the proper tools (e.g., shredders) to safely discard documents that were no longer needed.
- The average data breach recovery cost according to this survey was $6.3 million.
If you own a business, make sure to destroy sensitive documents prior to discarding them, to decrease your legal liability. Businesses are required to destroy all consumer information before discarding it in the trash. The Fair & Accurate Credit Transaction Act (FACTA) Disposal Rule states that ‘‘any person who maintains or otherwise possesses consumer information for a business purpose’’ must properly destroy the information prior to disposal. FACTA further states that every person and/or business must take ‘‘reasonable measures’’ to protect against unauthorized access to the use of the information in connection with its disposal… Click Here to Continue.
5 Reasons NOT to Buy Our Latest Book!
Privacy Means Profit (Wiley) available in bookstores today!
Here are The Top 5 Reasons You Shouldn’t Buy It:
You love sharing bank account numbers, surfing habits and customer data with cyber thieves over unprotected wireless networks
You never tempt hackers and con artists by using Gmail, Facebook, LinkedIn, Twitter, Google Docs, or other cloud computing platforms to store or communicate private info, personally or professionally.
You bury your head in the sand, insisting that “insider theft” won’t affect your home or business.
You’ve already hardened your laptops and other mobile computing devices in 7 vital ways, eliminating a major source of both personal and corporate data theft.
You have a “thing” for identity theft recovery costs and would rather invest thousands in recovery than $25 in prevention.
If you want to defend yourself and your business against identity theft, data breach and corporate espionage, then buy a copy of Privacy Means Profit.
Privacy Means Profit
Prevent Identity Theft and Secure You and Your Bottom Line
Privacy Means Profit builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).
Identity Monitoring Services
CSIdentity Protector Tri-Bureau
Only 25% of identity theft can be detected by traditional credit report monitoring, which means that you need a more sophisticated service than the average offering (LifeLock). If you are time starved, convenience based or just simply want a comprehensive way to detect the inappropriate use of your data, you need to enlist an identity monitoring service. It’s similar to having someone monitor your home alarm system.
Here’s a bit of background. Traditional credit monitoring only detects a portion of identity theft. The remaining theft happens on non-credit loan activities (pay-day loans, etc), as part of public records (court cases, real estate transactions, government filings, etc.), over the internet (bought and sold on identity-for-sale sites), or in relation to medical or criminal records. It is important to monitor these forms of potential identity theft as well as your credit file. CSIdentity’s Protector Tri-Bureau product wins the award for Best-in-Class identity monitoring based on 7 criteria:
Document Shredding
Fellowes Powershred
Workplace identity theft isn’t caused by paper documents because we have gone paperless, right? Rubbish. Paper rubbish, in fact.
You and I both know that we use as much paper as ever. We sign up for electronic statements and then print and file them, along with important emails, financial documents, etc. Paper documents are more plentiful than ever, and they pose a significant risk of workplace identity theft and data breach.
According to a recent study* conducted by the Alliance for Secure Business Information (ASBI):
80% of large organizations surveyed indicated that they had experienced one or more data breaches over the previous 12 months. 49% of those breaches involved the loss or theft of paper documents. The average breach recovery cost $6.75 Million!
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
