And then hackers break in to a server in Kentucky this past weekend and steal private information on 24 million Zappos customers, including (if you are a customer) your name, email address, physical address, phone number, the last four digits of your credit card number and an encrypted version (thank goodness) of your password. Consequently, your junk email folder is overflowing (your email has been illicitly sold to marketing companies), you receive the doom-and-gloom breach notification from Zappos (just like I did), and suddenly, you don’t have quite the same confidence in this best-in-practice business any more. Your shaken confidence in Zappos costs them a fortune. For the foreseeable future, you will pause before using their website again.

“We’ve spent over 12 years building our reputation, brand, and trust with our customers,” Zappos CEO Tony Hsieh said in a note to employees Sunday. “It’s painful to see us take so many steps back due to a single incident.”

In a smart move, Zappos reset the passwords for all affected accounts and notified victims on how to create a new one. But their efforts to recover customer trust are just beginning. Here are 5 Core Concepts of Trust that Zappos leadership should weave into their breach recovery process:

1. Ownership. Leadership at the company should take complete responsibility for the loss of data and not make excuses as to how it was someone else’s fault (remember the BP oil spill finger pointing?). The last thing victims need is to become more victimized by a corporate spin cycle that further erodes trust. Authentically respecting their customer base (which they do), even when it costs a few extra dollars to maintain, is a sound investment strategy.
2. Transparency.  Zappos customers have the right to know exactly what was stolen and how it might be used. They deserve to know what the company knows and what law enforcement knows. Sharing their failure (as opposed to covering it up in any way, which they don’t seem to be doing) is a painful process with high short-term costs, but it is the first step in taking responsibility.
3. Expectation.  Zappos needs to set customer and marketplace expectations early and often about how they will make it better. Forcing users to change passwords does little to ease fears that it will happen again. What tangible steps will they take to repay customers for the trouble they have caused and what measures will they implement to better protect users in the future?
4. Delivery. Zappos must deliver on the expectations they set with the victims, with the media and with the marketplace. False promises (pretending to implement better security but underfunding the budget) are cheap Band-Aids but only further infect the inflicted wounds when nothing actually changes. To regain trust, Zappos must set impressive expectations and deliver on them flawlessly
5. Competence. Zappos is not in the business of recovering from identity theft or data breach. They need to aid their legal department by bringing in breach mitigation and recovery experts. Saving a few dollars up front keeping the efforts in house will raise downstream recovery by multiples.

In the meantime, if you are a victim of the Zappos’ breach, begin with these steps:

• Immediately change your password according to Zappos emailed instructions.
• Use an alpha-numeric-upper-lower-case password that has nothing to do with your personal life and can’t be found in a social networking profile or dictionary
• If you use the same password on other sites (webmail, financial), change those as well
• Implement identity theft monitoring services like those provided by CSID.com.
• Monitor your credit profile for suspicious activity at AnnualCreditReport.com
• Don’t click the links in that email. Zappos is sending every one of its affected customers a warning e-mail. However, more often than not such “official” e-mails are from hackers (for example, “We’ve had a security problem. Please change your password.”). These fraudulent e-mails can be virtually indistinguishable from legitimate communications, including identical graphics, logos, and authentic looking return e-mail addresses. Instead of clicking, type the URL (in this case Zappos.com) directly into your address bar. If there’s an important notice on your account, you’ll find it there.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. 7 Steps to Secure Profitable Business Data (Part I)
2. 5 Steps to Avoid Facebook Destruction in Business
3. 7 Steps to Secure Profitable Business Data (Part II)

Anderson Cooper’s 1st show of the year brought a panel of experts to discuss New Year’s resolutions, why we make them and how we can better keep them. Identity theft expert John Sileo closed out the show with 3 Tips for Avoiding Scams in the new year. Click on the video to the left to view the segment. Anderson and John discuss smartphone stupidity, passwords and social networking privacy.

Identity Theft Expert John Sileo Appears on the Anderson Cooper New Year’s Resolution Special.

John Sileo is an award-winning author and speaks internationally on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply results and increase performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his keynote or media appearances on Anderson Cooper, 60 Minutes or Fox Business. Contact him on 800.258.8076.

Related posts:

1. Business Killers: Identity Theft and Data Breach Protection FREE WEBINAR
2. IRS Overwhelmed by Tax Related Identity Theft
3. Britain, America Unite Against Identity Theft Trends

Identity theft increases a great deal when you are on the road. Start protecting yourself with these Top 5 Identity Theft Tips while traveling:

1. Travel Data Light. If you don’t have to take it with you, increase your safety and leave it at home. This includes checkbooks, debit cards, excess credit cards, Social Security cards and any excess digital gadgets. Simplicity is Security!
2. Guard Your Devices. Smartphones and tablets are as powerful as laptops. Turn on the auto-lock passcode to keep others out of your information.
3. Surf Protected. Stop using the free WiFi hotspots in cafes, airports and hotels, as they are constantly sniffed by cyber criminals. Instead, setup tethering between your mobile phone and tablet or laptop so that you are surfing safely.
4. Privacy Please! Instead of leaving loads of data unprotected in your hotel room (a major source of theft), hang your privacy sign on the door and let house cleaning know that you do not want to be disturbed. Lowering traffic lowers risk.
5. Mind the Lions at the Watering Hole. Take a minute to watch the video to the left to understand how increasing your awareness in airports, hotels, conferences and restaurants can save you tons of time and money.

Related posts:

1. Data Breach Expert Sileo Talks to Fox Business
2. iPad Vampires: 7 Simple Security Settings to Stop Data Suckers
3. Business Killers: Identity Theft and Data Breach Protection FREE WEBINAR

Cyber security expert John Sileo made the front page of the USA Today digital version, and the Money section of the print edition.

Excerpts from the full USA Today Article, Travelers at High Risk of Identity Theft, Experts Say:

“Data theft goes through the roof on the road,” says Sileo, a spokesman for CSID, an identity-protection provider . . .  Two key challenges for travelers involve the use of unsecured wireless networks at hotels, airports and other public venues and the infiltration of smartphones through Bluetooth technology . . .

When booking airline tickets, hotels or other arrangements, use a credit card rather than a debit card, because it decreases your liability. And never announce on social networks that you’re leaving town, if only to keep someone from breaking into your home . . .

Hackers also can easily get into computers. One method is a man-in-the-middle attack in which special software inserts a rogue user between the legitimate one and the unsecured wireless network. Experts recommend having updated anti-virus software, encrypting sensitive data and never typing in passwords or credit card numbers over an unsecured wireless network. Even fax and copier machines should be used judiciously, because they can store information, experts say.

John Sileo speaks and writes on defending against the dark art of deception (identity theft, social engineering, fraud) and leveraging the powerful use of trust (influence and power). His clients include the Department of Defense, Pfizer, FDIC, Homeland Security, Experian UK and Blue Cross, as well as individual leaders committed to building power and influence in a foundation of trust. Learn more about his keynote speeches or contact him directly on 800.258.8076.

Related posts:

1. Mobile Security Webinar: Defending SmartPhones, iPads, Laptops Against Cyber Attacks
2. Don’t Get Cyber-Scrooged on Cyber Monday!
3. Data Breach Expert Sileo Talks to Fox Business

1. Car Loans. According to the Financial Crimes Enforcement Network, auto loan identity theft is twice as high as any other form. Most dealerships have you complete paperwork with identifying personal data (name, address, date of birth, phone number) up to and including a loan application, which likely includes your Social Security Number. How is this data handled? Unless you actually purchase the vehicle, and your paperwork becomes part of a permanent file, refuse to complete it. Most dealerships simply toss your paperwork after 30 days if you don’t make a purchase. Their trash receptacle then becomes a pre-qualified source for identity thieves.
2. The Pharmacy. Pharmacy records contain your personal identifying information (name, address, date of birth, phone number, insurance plan information, employer and often, your Social Security number). Thieves look anywhere for taking basic information to build a new identity, or to re-fill prescriptions that they can then sell. Make sure your pharmacy asks for your ID, and request confirmation that they shred personal data.
3. Doctor’s Office. This can be very serious, especially if a thief has manipulated your medical history through stealing your identity. When you fill out the requested forms at a physician’s office, do not put your Social Security number on the form. There is no reason the office needs this unless you are requesting some type of “loan” from them. Much of today’s information is sent via the Internet. Ask them what protections they have in place to safeguard your information. Many have installed firewalls, and other software, to help insure patient information safety, but many have not. If any medical facility or physician that you don’t recognize calls you asking for personal or medical information, question them. Ask who they are, why they need the information, what doctor referred them and if they have a number where you can call them back with this information. Verify their credentials. If you access your medical information online, read the facility’s privacy policy, as they are all required to have one posted. Read what information they collect, who they share their files with, ensure they have an encrypted site, and be very careful if you are accessing those files from a Wi-Fi location where your computer may be vulnerable to hacking.
4. Mortgage ID Theft. The house you’re living in may not be yours. An identity thief will obtain your personal information and use it to obtain a home loan, or an equity loan, without your knowledge. An equity loan gives the criminal quick cash. Using the value of a home is one of the easiest ways to secure cash. There have been cases where the thieves have actually sold the victim’s home while they were still living in it, and were unaware they’d been victimized. Second homes and vacation homes are especially vulnerable to this type of identity theft, as it allows the thieves a longer period of time to get cash out of the property, or sell it before the real owner is aware there is a problem. All homeowners should routinely check with their county record’s office to ensure that their information is correct. If you receive any paperwork regarding your mortgage, a transfer of your mortgage or lender, don’t toss it out, pay attention because it may be the only warning you get until a new owner is knocking at your door.
5. Cyber Greeting Cards. As we head into the holiday season, a new method of hacking into your computer is lurking in those adorable greeting cards sitting in your e-mail. It blinks at you saying you’ve been sent a greeting from a “friend.”

You open it and are directed to a site where malware will invade your computer, or you will be asked to “install” software to “play” the card. When this happens, malware, that could potentially destroy your computer or allow an identity thief access to your personal data, is unleashed. Unless the name of a real person that you know is attached to the greeting card, do not open it.

The Bottom Line

There is no way to protect your identity 100% of the time. Often, what happens to your personal information is completely out of your control. The only option you have is to be constantly diligent in tracking your information, protecting your information and asking where that information is going. You have the right to ask, you have the right to know and you have the right to withdraw that information if you feel uncomfortable.

Original story – 5 Overlooked Places Where Your Identity Can Be Stolen

Related posts:

1. Britain, America Unite Against Identity Theft Trends
2. IRS Overwhelmed by Tax Related Identity Theft
3. Top Tips to Stop Travel Identity Theft – Sileo on Fox Business

St. Louis Manager Tony La Russa changing course mid-stream (Dilip Vishwanat / Getty Images)

During Monday night’s World Series game, Tony La Russa, the coach of the St. Louis Cardinals, failed to warm up the right-handed relief pitcher he desperately needed to face the Texas Rangers red-hot right-handed batter, Mike Napoli. Napoli, with the games announcers in complete disbelief at the oversight, took advantage of the mistake, drilling the pitch into right center field for a double. The Texas Rangers went up 4-2 and won the game.

Directly following the game, La Russa blamed the dugout phone, the bullpen coach (indirectly) and the noisy crowd for his failure to warm up the right guy. Within minutes, you could almost hear the simultaneous guffaw of the entire sports world, “It’s the phone’s fault?”. Our collective BS meters went off because in some way, we sensed he was covering something up.

Suddenly, a coach with a glorious 30 year coaching reputation, a man known for his intricate patchwork of relief pitching to pry out of tough situations, had lessened his credibility. What actually happened to cause the mistake is immaterial; how La Russa addressed the blunder is what matters — his credibility was eroded more by his response and less by his mistake.

Look at the foundation of La Russa’s reputation:

• He’s earned the trust of his players and the respect of fans, opposing coaches and the media over 33 years of successful coaching
• He ranks 3rd on the all-time winningest coaches list and is the 2nd winningest playoff coach ever
• Baseball professionals commonly refer to him as one of the smartest, most capable coaches in the game
• He’s proven time and again that he knows how to maximize his pitching staff to its fullest potential (he just set the record for the most pitcher changes in a World Series)

In other words, his overall capability wasn’t really in question. But when he made the mistake, he tried to cover it with an excuse so as not to look incapable. Capability is commonly mistaken as the primary measure of our professional success. But even the most capable professionals make mistakes and we all know this. On top of that, we are very forgiving beings when people own up to their failures (Bill Clinton’s approval ratings have never been higher).

By covering the pitching snafu with excuses, La Russa damaged our perception of his integrity, which is just as important as capability to reputation and trustworthiness, but harder to quantify and more difficult to regain. Even if the call was someone else’s fault, La Russa is in charge and it happened on his watch. Something stank about his explanation and we could all smell it through the cable wires. What if, instead of blaming the phone or the bullpen coach or the noise of the crowd right out of the gate, he had said this:

“In a coaching career as long as mine, you’re gonna make some mistakes. Some are bigger than others. This one was BIG and I’m going to do everything in my power to make good on it. My bad. Please forgive me.”

Eventually he said something like that, but by then, the talking heads had begun their wording frenzy. Reputation that grows out of capability takes years to destroy (think Brett Favre), but the same reputation can be destroyed in a single act that lacks integrity.

Have you ever forgotten to go to the bullpen when you should have and then made excuses? I sure have. The more quickly we admit our errors, express our regrets and work to overcome the deficit, the less damage we do to our character. In fact, strategic admission of failure can actually increase credibility, because it lets others know that you are both human and honest. While this lesson seems to be lost on politicians and the occasional celebrity, it needn’t be on the rest of us.

There is a highly powerful lesson in his example, especially for leaders:

Own your failures, use them to fuel positive change and allow them to improve your future decisions. You will gain trust, respect and credibility.

John Sileo speaks and writes on building trust and defending against dishonesty. His clients include the Department of Defense, Pfizer, FDIC, Homeland Security, Experian UK and Blue Cross, as well as individual leaders committed to building power and influence from a foundation of trustworthiness. Learn more about his keynote speeches or contact him directly for Trust Coaching on 800.258.8076.

Related posts:

1. Why Facebook is Losing Face (Trust)
2. Reputation Gets You What You Want

The world of identity theft is changing rapidly. Earlier this week Experian UK, a unit of one of the world’s largest credit-reporting agencies, hosted the 2011 Identity Theft & Fraud Forum at The Grove, a prestigious five-star resort located on the outskirts of London. The purpose of the Forum was to assemble a cross-cultural collection of thought leaders on identity theft prevention and to focus attention on Britain’s increasing financial battle with identity theft. Keynote presenters included highly regarded American identity theft expert John Sileo, Jairam Sridharan, Head of Retail Assets, Axis Bank of India and Jonathan Walsh, Head of Consulting and Analytics, Identity & Fraud at Experian.

During his afternoon presentation, Mr. Walsh revealed the results of a newly released study commissioned by Experian UK. The study found that cases of identity fraud have doubled in Britain over just the past six months and that the trend is likely to continue unless addressed.

“Britain is determined to identify the latest trends in identity theft and define leading-edge solutions to avert the costly eight ball we are behind here in the States,” says Sileo, who founded ThinkLikeASpy.com and has worked with organizations from the U.S. Department of Defense and Homeland Security to Pfizer, Blue Cross and the FDIC. “Experian UK helped all of us take a huge step in the right direction with the Forum.”

During his closing keynote presentation, Sileo, himself a two-time victim of severe identity theft, shared not only his eye opening personal story, but what he considers to be the latest trends in the booming world of identity fraud.

“Right now, the business of financial fraud is being overtaken by organized crime,” says Sileo. “They’re intent on rolling up a highly profitable business that used to be the turf of petty criminals, drug addicts and the terminally underemployed. Of course, those people are still at the center of the crimes, they just have a nasty new boss.” He adds, with obvious frustration, “And their bosses aren’t just criminals, they’re highly effective businesspeople.”

According to Sileo, social media over exposure, mobile device hacking and offshore data hijacking are three trends to take very seriously. “It’s all about scale,” he explains. “Why steal one identity at a time on Facebook when you can socially engineer a queen bee [using her Facebook profile, he adds later] into giving you the keys to the corporate database.”

When he refers to queen bees, he’s referring to corporate employees with vast access to data but little training on how to protect it. Prompted for examples, he listed financial controllers, bookkeepers, laid-off IT staff, secretaries, executive assistants and employees who haven’t been properly trained to recognize and repel fraud.

The outlook at the Forum wasn’t entirely negative. By the end of the conference, there was a general consensus that the disease of identity theft, still somewhat immature in this country, can be eradicated like previous plagues in Britain’s history with intensive educational initiatives and fraud detection analytics.

Experian is a global leader in consumer and business credit reporting and marketing services and a constituent of the United Kingdom’s FTSE 100 index, with revenues in excess of US$4 billion.

John Sileo is a leading American keynote speaker and author on identity theft, fraud, social networking exposure, social engineering and trust; he is the founder of ThinkLikeASpy.com and blogs at Sileo.com.

Related posts:

1. Business Killers: Identity Theft and Data Breach Protection FREE WEBINAR
2. Commonly Overlooked Sources of Identity Theft
3. Top Tips to Stop Travel Identity Theft – Sileo on Fox Business

In the work we do to change the culture of privacy inside of organizations, we have discovered a dilemma: iPads are not as secure as other forms of computing and are leaking significant amounts of organizational data to corporate spies, data thieves and even competing economies (China, for example, which would dearly love to pirate the recipe for your secret sauce). Do corporations, then, sacrifice security for the sake of efficiency, privacy for the powerful touch screens that offer a jugular of sensitive information?

Of course not! That’d be like driving a race car minus seat belts and air bags.

iPads provide a competitive advantage, and like generations of tools before it (the cotton gin, the PC), individuals and organizations alike will be forced to learn how to operate this equipment safely or risk the bite of intellectual property vampires. Here are 7 Simple Security Settings to help you lock down your iPad much like you would your laptop.

7 Simple Security Settings for Your iPad

1. Turn On Passcode Lock. Your iPad is just as powerful as your laptop or desktop, so stop treating it like a glorified book. Your iPad is only encrypted when you enable the passcode feature. (Settings/General)
2. Turn Simple Passcode to Off. Why use only an easy to crack 4-digit passcode when you can implement a full-fledged alphanumeric password? If you can tap out short emails, why not spend 5 seconds on a proper password.
3. Require Passcode Immediately. It is slightly inconvenient and considerably more secure to have your iPad automatically lock up into passcode mode anytime you leave it alone for a few minutes.
4. Set Auto Lock to 2 Minutes. Why give the table thief at your favorite café more time to modify your settings to his advantage (to keep it from locking) as he walks out the door with your bank logins, emails and kid pictures.
5. Turn Erase Data after 10 Tries to On. Even the most sophisticated passcode-cracking software can’t get it done in 10 tries or less. This setting wipes out your data after too many failed attempts. Just make sure your kids don’t accidentally wipe out your iPad (forcing you to restore from your latest iTunes backup).
6. Use a Password Manager. Your passwords are only as affective as your ability to use them wisely (they need to be long and different for every site). Keeping your passwords in an unencrypted keychain or document is a recipe for complete financial disaster. Download a reputable password-protection app like 1Password to manage and protect any sensitive passwords, credit card numbers, software licenses, etc. Not only is it safe, it’s incredibly convenient and efficient.
7. Avoid Untrustworthy Apps. Not all applications are friendly. Despite Apple’s well-designed vetting process, there are still malicious apps that slip through the cracks to siphon data out of your device. If the app hasn’t been around for a while and if you haven’t read about it in a reputable journal (Macworld, Wall Street Journal, New York Times, etc.), don’t load it onto your system. Don’t jail-break your iPad to download apps outside of iTunes. Short-term gain equals long-term risk.

Believe it or not, these simple steps begin to give you a level of security that will discourage casual data vampires. After implementing the Simple 7, move on to 5 Sophisticated Security Settings for iPads for even more robust data defense.

John Sileo lost almost a half-million dollars, his business and his reputation to identity theft. Since then, he’s become America’s leading keynote speaker on identity theft, social media exposure and weapons of manipulation. He helps organizations build successful cultures of privacy. His clients include the Department of Defense, Pfizer and Homeland Security. To learn more, visit ThinkLikeASpy.com or contact him directly on 1.800.258.8076.

Related posts:

1. Using an iPad to Your Competitive (and Secure) Advantage
2. 13 Data Security Tips for Meeting Professionals – SGMP
3. iPad & Tablet Users Asking for Identity Theft

By Kevin Torres, 9News

AURORA – Five of Aurora’s most powerful politicians found out how vulnerable they truly are. They’ve joined a long list of people who have fallen victim to identity theft.

The city councilors thought they were alone, until they heard from their colleagues at a council meeting.

“It was kind of a relief when I found it was a council thing and not me personally,” said Councilor Molly Markert.

Markert and four other councilors received bills for items they never even purchased, including electronic devices.

If there was ever an expert on identity theft, John Sileo would certainly be high on the list.

He’s written a few books on the issue and even does work for the Department of Defense and Homeland Security.

Sileo says the thief or thieves likely cracked the councilors’ codes by one of two ways.

“It’s either an inside job which is someone got paid to funnel information out, or, the second way is their systems were hacked in to, it’s also very common,” Sileo said.

Read the full Aurora City Council Identity Theft Story.

John Sileo is America’s leading keynote speaker on identity theft, social media privacy and trust building. His clients include the Department of Defense, Homeland Security, the FDIC, Pfizer and organizations of all sizes. Learn more at ThinkLikeASpy.com.

Related posts:

1. Identity Theft Expert John Sileo on 60 Minutes
2. Top Tips to Stop Travel Identity Theft – Sileo on Fox Business
3. Sileo Identity Theft Prevention Checklist

Read the full PC Magazine Article.

Related posts:

1. Facebook Safety Tips to Stop Social Networking Hangovers
2. Top Tips to Stop Travel Identity Theft – Sileo on Fox Business
3. 13 Data Security Tips for Meeting Professionals – SGMP