In the first part of this article series, we discussed why it is so important to protect your business data, including the first two steps in the protection process. Once you have resolved the underlying human issues behind data theft, the remaining five steps will help you begin protecting the technological weaknesses common to many businesses.
- Start with the humans.
- Immunize against social engineering.
- Stop broadcasting your digital data. There are two main sources of wireless data leakage: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Both connections are constantly sniffed for unencrypted data being sent from your computer to the web.Strategy: Have a security professional configure the wireless router in your office to utilize WPA-2 encryption or better. If possible, implement MAC-specific addressing and mask your SSID. Don’t try to do this yourself. Instead, invest your money in proportion to the value of the asset you are protecting and hire a professional. While the technician is there, have him do a thorough security audit of your network. You will never be sorry for investing the additional money in cyber security.To protect your data while surfing on the road, set up wireless tethering with your mobile phone provider (Verizon, Sprint, AT&T, T-Mobile) and stop using other people’s free or fee hot spots. Using a simple program called Firesheep, data criminals can “sniff” the data you send across these free connections. Unlike most hot-spot transmissions, your mobile phone communications are encrypted and will give you Internet access from anywhere you can make a call.
Posted in Business, Cyber Crime, Identity Theft by John Sileo.
Tags: "Data Privacy", Business Security, data security, Detection Fraud, Engineering Social, Fraud, Fraud Detection, Fraud Expert, Fraud Speaker, Fraud Training, Identity Theft, identity theft expert, information, John Sileo, Keynote, Keynote Speaker, Part 2, Part II, Prevention, Privacy, professional speaker, Protection, Security, social engineering, social engineering expert, Speaker, Technology, Training Fraud
Businesses often make social engineering (or fraud) training boring! And that’s bad for your bottom line, because no one ends up remembering how to protect your organization against threats like data theft, corporate espionage or social networking exposure.
Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s actually in process at the moment. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.
This social engineering video was recorded at a fraud training I did recently and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:
Posted in Business, Cyber Crime, Human Fraud, Identity Theft by John Sileo.
Tags: Detection Fraud, Engineering Social, Fraud Detection, Fraud Expert, Fraud Speaker, Fraud Training, identity theft expert, John Sileo, Keynote Speaker, professional speaker, social engineering, social engineering expert, Training Fraud
During a recent 60 Minutes interview, I was asked off camera to name the Achilles’ heel of an entire country’s data security perspective; what exactly were the country’s greatest weaknesses. The country happened to be New Zealand, a forward-thinking nation smart enough to take preventative steps to avoid the identity theft problems we face in the States. The question was revealing, as was the metaphor they applied to the discussion.
Achilles, an ancient Greek superhero — half human, half god — was in the business of war. His only human quality (and therefore his only exploitable weakness) was his heel, which when pierced by a Trojan arrow brought Achilles to the ground, defeated. From this Greek myth, the Achilles’ Heel has come to symbolize a deadly weakness in spite of overall strength; a weakness that can potentially lead to downfall. As I formulated my thoughts in regard to New Zealand, I realized that the same weaknesses are almost universal — applying equally well to nations, corporations and individuals.
Posted in Business, Identity Theft, Social Media by Identity Theft Speaker John Sileo.
Tags: "New Zealand", 60 Minutes, data, Facebook, financial crime, Financial Speaker, Fraud Training, Identity, identity theft expert, Identity Theft Speaker, information, John Sileo, Privacy, Security, Sileo, social engineering, Social Media, social networking, Theft
Latest Identity Theft Trend is Stealing Your Business’s Identity to Falsify Accounts
In the past two weeks, I have been contacted separately by two local business owners to share how their business identity has been stolen and used to set up accounts with various companies on which thousands of dollars are charged and they (the actual owners) are left to pay the bills. There are no identity theft statistics on this type of crime, but I am certain that it is just coming onto the trend radar. In further proof that this is becoming a major problem for corporations, the Denver Post ran an article this morning titled “Corporate ID Thieves Mining the Store“.
Here’s how this incredibly easy form of business identity theft works:
- A thief scours the internet for your company information (Facebook is usually a good place to start, as is your local Secretary of State’s website). They are particularly interested in bids for government contracts, as they often contain a sample of your letterhead as well as your pertinent business information. If they can obtain the Federal ID# of your businesses, they have even more ammo to defraud you.
Posted in Business, Identity Theft by Identity Theft Expert John Sileo.
Tags: Business Identity Theft, Business Risk, Corporate Identity Theft, Corporate Privacy, data theft, Fraud Training, Identity Theft, Identity Theft Victim, TIN, Victim, Workplace ID Theft
John Sileo knows identity theft and data breach first hand – he became “America’s Leading Identity Theft Speaker and Expert” after losing his business and more than $300,000 to these costly crimes. He has provided these Identity Theft Resources to help you protect your organization from suffering from the losses that result from unprotected private information. Visit John’s Identity Theft Prevention Store to learn more.
Hire John to train your employees to prevent identity theft, data breach and corporate espionage
Safe data is profitable data, whether it’s a client’s credit card number, a patient’s medical file, an employee’s benefit plan or sensitive intellectual capital. By the time John finishes his hilarious closing story, your audience will be fully empowered to protect private information, at home and at work.
John’s Most Requested Identity Theft Training Presentations (Keynote Topics)
The biggest threat to our identities (and to valuable corporate data) is our lack of a Privacy Reflex. Few of us have ever been trained to respond appropriately when someone requests our sensitive information. Think of how easily you give your information away on the Internet when someone promises you a free gift. This presentation will give your audience the fundamental building blocks to proactively protect valuable information assets. The result is a safer individual with strategic privacy skills that protect your organization’s bottom line.
Posted in Business, Human Fraud, Identity Theft by Identity Theft Speaker John Sileo.
Tags: Data Breach, Data Breach Training, Fraud Training, Identity Theft, Identity Theft Resources, identity theft training, Information Security, seminars, Speaking, Speech, Speeches, training, workshops
Businesses often make social engineering (or fraud) training boring! And that’s bad for your bottom line, because no one ends up remembering how to protect your organization against threats like data theft, corporate espionage or social networking exposure.
Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s actually in process at the moment. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.
This social engineering video was recorded at a fraud training I did recently for the Department of Defense, and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:
Posted in Business, Human Fraud, Identity Theft by Identity Theft Expert John Sileo.
Tags: Business Speaker, Detection Fraud, Engineering Social, Financial Speaker, Fraud Detection, Fraud Training, Fraud Training Expert, social engineering, Social Engineering Speaker, Training Fraud
Quoted from the original CSO Online story:
Social engineering stories: The sequel
Two more social engineering scenarios demonstrate how hackers still use basic techniques to gain unauthorized access, and what you can do to stop them
By Joan Goodchild, Senior Editor
May 27, 2010 —
John Sileo, an identity theft expert who trains on repelling social engineering, knows from first-hand experience what it’s like to be a victim. Sileo has had his identity stolen—twice. And both instances resulted in catastrophic consequences.
The first crime took place when Sileo’s information was obtained from someone who had gained access to it out of the trash (yes, dumpster diving still works). She bought a house using his financial information and eventually declared bankruptcy.
“That was mild,” said Sileo, who then got hit again when his business partner used his information to embezzle money from clients. Sileo spent several years, and was bankrupt, fighting criminal charges.
Now that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.
ow that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.
Posted in Business, Human Fraud, Identity Theft by Identity Theft Speaker John Sileo.
Tags: CSO Online, Fraud, Fraud Training, Fraud Training Expert, Fraud Workshops, John Sileo, Scams, social engineering, social engineering expert
The story about the Harvard student who fraudulently gained access into Harvard University is an excellent lesson in repelling fraud. Watching the video to the left, you will be struck by how many opportunities there were to catch him in the act of lying. But it didn’t happen for a long time. The underlying reason he didn’t get caught is the same for prestigious universities like Harvard, Fortune 500 Companies and small businesses alike:
No one verified his claims (until recently). Verification is a learned skill that is under-utilized and under-
trained in corporate America.
Apparently the university, the financial aid office and a list of other responsible parties didn’t double check any of the claims he made – his grades, his transfer from MIT, his financial status, nothing. This happens inside of businesses everyday. New hires are processed without so much as a background check, reference check or educational check actually taking place. It is on the HR checklist of to-dos, but that doesn’t mean it is getting done. As a matter of fact, this is a similar case to the Bernie Madoff case – had the SEC taken just a few hours to verify his claims, his victims wouldn’t be out $54 billion. At some point, businesses are going to begin taking notice, and will train their executives and employees on detecting the human side of fraud. It’s not that difficult.
Posted in Identity Theft by Identity Theft Expert John Sileo.
Tags: Adam Wheeler, Admissions, Fraud Training, Harvard, Identity Theft, Identity Theft Speaker, John Sileo, Scam
Businesses often make fraud training boring! And that’s bad for their bottom line, because no one ends up remembering anything about the subject.
Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s happening. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.
This social engineering video was recorded at a fraud training I did recently for the Department of Defense, and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:
Posted in Business, Identity Theft by Identity Theft Expert John Sileo.
Tags: Detection Fraud, Engineering Social, Expert, Fraud Detection, Fraud Speaker, Fraud Training, social engineering, Training Fraud
During your fraud training exercises, fostering an attitude of curiosity (or in the corporate world, a culture of curiosity) is the most powerful critical thinking skill in your arsenal of tools to protect sensitive information. Employees who can think critically and ask the right questions regarding data privacy make up the fabric that supports a Culture of Privacy. Interrogation is the art of questioning someone thoroughly and assertively to verify intentions, identities and facts.
Questions: Who’s in Control? Can I Verify? What are my Options? What are the Benefits?
When spies need information, they ask for it. They “socially engineer” or con their victims with a variety of tools.
The primary tool for evaluating risk once your reflexes have been triggered (Hogwash) is to interrogate the person or institution asking for your information. Interrogation is not meant to be about forceful or physical questioning. I define interrogation as clear, aggressive questioning used to establish whom you can trust, how far you can trust them, and with what information.
Sticking with the language of espionage, an Enemy is anyone or anything (including a computer, fax machine, email, letter, etc.) requesting your information, information of someone you know, or information about your organization. It is not designed to make you confrontational or warlike – that is taking the metaphor too far. Once you have established a trusted relationship, you are no longer in enemy territory.
Posted in Business, Human Fraud, Identity Theft by Identity Theft Speaker John Sileo.
Tags: Data Breach, Engineering Social, Fraud Training, John Sileo, Privacy Means Profit, social engineering, Training Fraud
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!