The IRS admittedly has little control over protecting your tax returns against identity theft. The problem is too big, the data too widely available, prevention too rarely attended to until it’s already too late.
Your tax returns are the Holy Grail of identity theft because they contain virtually every piece of information a fraudster needs to BECOME you. But you don’t have to be a victim; you simply need to take responsibility for what is rightfully yours – your tax return information and your identity. The changes aren’t difficult, they simply require you read through this document so that you recognize the risks. Once that’s done, you simply avoid the highest-risk behaviors.

Here is a comprehensive list of frauds, scams and high risk tax-time practices.

Top Tips for Tax Time Identity Theft Protection

Your greatest risk of identity theft during tax season comes from your tax preparer (if you use one) either because they are dishonest (less likely) or because they are careless with your sensitive documents (more likely). Just walk into a tax-preparers office on April 1 and ask yourself how easy it would be to walk off with a few client folders containing mounds of profitable identity. The devil is in the disorganization. Effective Solutions:

• Choose your preparer wisely. How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Do they have an established record and are they recommended by the Better Business Bureau?
• Interview your preparer before you turn over sensitive information. Ask them exactly how they protect your privacy (do they have a privacy policy?). Are they meeting with you in a room full of client files, or do they take you to a neutral, data-free, conference room or office? Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the next section?
• Asking professional tax preparers these questions sends them a message that you are watching! Identity thieves tend to stay away from people they know are actively monitoring for fraud. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood.
• Make sure you always (not just at tax time) pay with security checks like those provided by Deluxe.

Secure Computers. Last year, more than 80 million Americans filed their tax returns electronically. To prevent electronic identity theft, you must take the necessary steps to protect your computer, network and wireless connection. Additionally, your tax preparer should be working only on a secured computer, network and internet connection. Hire a professional to implement the following security measures:

• Strong alpha-numeric passwords that keep strangers out of your system
• Anti-virus and anti-spyware software configured with automatic updates
• Encrypted hard drives or folders (especially for your tax preparer)
• Automatic operating system updates and security patches
• An encrypted wireless network protection
• A firewall between your computer and the internet
• Remove all file-sharing programs from your computer (limewire, napster, etc.)

Even though you use a strong password to protect your data file when e-filing, burn the file to a CD or flash drive once you’ve filed. Remove the personal information from the hard drive. Store the backup in a lock box or safe.

Private information should be transmitted by phone using your cell or land line (don’t use cordless phones). In addition, never email your private information to anyone unless you are totally confident that you are using encrypted email. This is a rarity, so don’t assume you have it. In a pinch, you can email password protected PDF documents, though these are relatively easy to hack.

Stop Falling for IRS Scams. We have a heightened response mechanism during tax season; we don’t want to raise any red flags with the IRS, so we tend to give our personal information without much thought. We are primed to be socially engineered. Here’s how to combat the problem:

• Make your default answer, “No”. When someone asks for your Social Security Number or other identifying information, refuse until you are completely comfortable that they are legitimate. Verify their credentials by calling them back on a published number for the IRS.
• If someone promises you (by phone, fax, mail, or in person) to drastically reduce your tax bill or speed up your tax return, don’t believe them until you have done your homework (call the IRS directly if you have to). These schemes flourish when the government issues economic stimulus checks and IRS refunds.
• If anyone asks you for information in order to send you your check, they are scamming for your identity. The IRS already knows where you live (and where to send your rebate)! By the way, the IRS will NEVER email you for any reason (e.g., promising a refund, requesting information, threatening you).
• To learn more about IRS scams, visit the only legitimate IRS website. If you are hit by an IRS scam, contact the IRS’s Taxpayer Advocate Service.
• If your tax records are not currently affected by identity theft, but you believe you may be at risk due to a lost wallet, questionable credit card activity, or credit report, you need to provide the IRS with proof of your identity. You should submit a copy of your valid government-issued identification, such as a Social Security card, driver’s license or passport, along with a copy of a police report and/or a completed IRS Form 14039, Identity Theft Affidavit, which should be faxed to the IRS at 978-684-4542. Please be sure to write clearly.
• As an option, you can also contact the IRS Identity Protection Specialized Unit, toll-free at 800-908-4490. IPSU hours of Operation: Monday – Friday, 7:00 a.m. – 7:00 p.m. your local time (Alaska & Hawaii follow Pacific Time).
• If you have information about the identity thief that impacted your personal information negatively, file an online complaint with the Internet Crime Complaint Center.  The IC3 gives victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. IC3 sends every complaint to one or more law enforcement or regulatory agencies that have jurisdiction over the matter.
• Subscribe to an identity theft detection, protection and resolution product like CSID.

Mail Safely. A good deal of identity theft takes place while tax documents or supporting material are being sent through the mail. If you are sending your tax return through the mail, follow these steps:

• Walk the envelope inside of the post office and hand it to an employee. Too much mail is stolen out of the blue USPS mailboxes and driveway mailboxes that we use for everything else to make them safe.
• Send your return by certified mail so that you know it has arrived safely. This sends a message to each mail carrier that they had better provide extra protection to the document they are carrying.
• Consider filing electronically so that you take mail out of the equation. Make sure that you have a well-protected computer (discussed above).

Shred and Store Safely. Any copies of tax documents that you no longer need can be shredded using a confetti shredder. Store all tax records, documents and related materials in a secure fire safe. I recommend spending the extra money to have your safe bolted into your home so that a thief can’t walk away with your entire identity portfolio. Make sure that your tax provider appropriately destroys and locks up any lingering pieces of your identity as well. Tax returns provide more of your private information in a single place than almost any other document in our lives. Don’t waste your tax refund recovering from this crime.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. 5 Business Survival Lessons from Google’s Spying
2. Google Spying Cost Them $1
3. Protect Yourself Against Mail Fraud

It’s nerve racking to realize that the IRS increasingly struggles to control taxpayer identity theft. Since 2008, the IRS has identified 470,000 incidents of identity theft affecting more than 390,000 taxpayers. “Victims of tax-related identity theft are the casualties of a system ill-equipped to deal with the growing proficiency and sophistication of today’s tax scam artists” said  Sen. Bill Nelson, who chairs the newly formed Subcommittee on Fiscal Responsibility and Economic Growth.

Identity theft harms innocent taxpayers through (1) employment and (2) refund fraud, according to the GAO. In refund fraud, an identity thief uses a taxpayer’s name and Social Security number to file for a tax refund, which the IRS discovers after the legitimate taxpayer files. In the meantime, the victim is out the money due her, causing Sharon Hawa of the Bronx, N.Y. to take on a second job. Ms. Hawa testified before the Subcommittee, describing how she had become an ID theft victim for the second time in three years (the first in 2009) after thieves twice filed tax returns in her name and received her tax refunds. Painstakingly proving her identity to the IRS, time after time over a 14-month period, was only a small part of the stress and utter frustration in the first fraud.  And  then, as if that trauma hadn’t sufficiently wreaked havoc in Ms. Hawa’s life, it happened a second time.

In employment fraud, an identity thief uses a taxpayer’s name and SSN to obtain a job. When the thief’s employer reports income to the IRS, the taxpayer appears to have unreported income on his or her return, leading to enforcement action. Think of your stress level when you open that envelope from the IRS demanding taxes for money you didn’t earn and don’t have!

The GAO states that the IRS’s ability to address identity theft issues is constrained by several factors, one being that privacy laws limit the sharing of ID theft information with other agencies. Another problem is the timing of fraud detection efforts; more than a year may have passed since the original fraud occurred.  The resources necessary to pursue the large volume of potential criminal refund and employment fraud cases are another constraint.

It’s imperative that we taxpayers take responsibility and implement the steps necessary to protect ourselves. There is very little that is more damaging and dangerous to your identity than losing your tax records. After all, tax records generally contain the most sensitive personally identifying information that you own, including Social Security Numbers (for you, your spouse and maybe even your kids), names, addresses, employers, net worth, etc. Because of this high concentration of sensitive data, tax time is like an all-you-can-eat buffet for identity thieves. Here are some of the dishes on which they greedily feed:

• Tax documents exposed on your desk (home and work)
• Private information that sits unprotected in your tax-preparer’s office
• Improperly mailed, emailed and digitally transmitted or filed records
• Photocopiers with hard drives that store a digital copy of your tax forms
• Copies of sensitive documents that get thrown out without being shredded
• Improperly stored and locked documents once your return is filed
• Tax-time scams that take advantage of our propensity to do whatever the IRS says (even if it’s not really the IRS asking)

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. H&R Block Customers Suffer Tax Time Identity Theft
2. Avoid Tax Time Identity Theft
3. Identity Theft Expert John Sileo on 60 Minutes

What is Social Spam?

Nothing more than junk posts on your social media sites luring you to click on links that download malicious software onto your computer or mobile device.

Social media (especially Facebook and Twitter) are under assault by social spam. Even Facebook cautions that the social spam volume is growing more rapidly than their user base. The spam-fighting teams at both Facebook and Twitter are growing rapidly. The previous handful of special engineers has seen the inclusion of lawyers, user-operations managers, risk analysts, spam-science programmers and account-abuse specialists. Spammers are following the growing market share, exploiting our web of social relationships. Most of us are ill-prepared to defend against such spam attacks. Here’s how social spam tends to work:

1. Malware infects your friend’s computer, smartphone or tablet, allowing the spammer to access their Facebook or Twitter account exactly as if the spammer were your friend.
2. The spammer posts a message on your friend’s Facebook or Twitter page offering a free iPad, amazing coupons or a video you can’t ignore.
3. You click on the link, photo, Like button (see Like-jacking below) or video and are taken to a website that requires you to click a second time to receive the coupon, video, etc. It’s this second click that kills you, as this is when you authorize the rogue site to download malware onto your computer (not a coupon or video).
4. The malware infects your computer just like it has your friend’s and starts the process all over again using your contacts, your wall and your profile to continue the fraud.
5. Eventually, the spammer has collected a massive database of information including email addresses, login information and valuable social relationship data that they can exploit in many ways. In the process, the malware may have given them access to other data on your computer like bank logins, personal information or sensitive files. In a highly disturbing growth of criminal activity, social malware can actually impersonate users, initiating one-on-one Facebook chat sessions without your consent.

“Like-jacking” involves convincing Facebook users to click on an image or a link that looks as if a friend has clicked the “Like” button, thereby recommending that you follow suit. If our friends Like it, why shouldn’t we. So we click and download in an almost automated response. The key is to interrupt this automatic reflex before we get stung.

Fighting social spam requires immense investments of time, which can mean lost productivity (and money). Gratefully, various company site-integrity teams watch trends in user activity to spot spam. Every day, Facebook says it blocks 200 million malicious actions, such as messages linking to malware. The company can’t prevent spam, but it’s diligently working to make it harder to create and use fake profiles.

But never count on someone else to protect what is yours. You must Own Up to your responsibility. Follow these 5 Steps to Minimize the Risks of Social Spam:

1. If the offer in the post is too enticing, too good to be true or too bad to be real, Don’t Click.
2. If you do click and aren’t taken directly to what you expected, make sure you Don’t Click a 2nd Time. This gives the spammer the ability to download malware to your system.
3. Don’t let hackers gain access to your account in the first place – use strong alpha-numberic-upper-lower case passwords that are different for every site and that you change frequently.
4. Remember, in a world where your friend’s accounts are pretty easily taken over, not all friends are who they say they are. Be judicious. If something they post is out of character, it might not be them writing the post. Call them and verify.
5. Don’t befriend strangers. Your ego wins, but you loose.
6. Make sure you have updated computer security: operating system patches, robust passwords, file encryption, security software, firewall and protected Wi-Fi connection.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. Twitter Security Loophole Exposes Your Direct Messages
2. Has Twitter Peaked? Is Privacy Back?
3. Facebook Safety: New HTTPS Facebook Settings

And then hackers break in to a server in Kentucky this past weekend and steal private information on 24 million Zappos customers, including (if you are a customer) your name, email address, physical address, phone number, the last four digits of your credit card number and an encrypted version (thank goodness) of your password. Consequently, your junk email folder is overflowing (your email has been illicitly sold to marketing companies), you receive the doom-and-gloom breach notification from Zappos (just like I did), and suddenly, you don’t have quite the same confidence in this best-in-practice business any more. Your shaken confidence in Zappos costs them a fortune. For the foreseeable future, you will pause before using their website again.

“We’ve spent over 12 years building our reputation, brand, and trust with our customers,” Zappos CEO Tony Hsieh said in a note to employees Sunday. “It’s painful to see us take so many steps back due to a single incident.”

In a smart move, Zappos reset the passwords for all affected accounts and notified victims on how to create a new one. But their efforts to recover customer trust are just beginning. Here are 5 Core Concepts of Trust that Zappos leadership should weave into their breach recovery process:

1. Ownership. Leadership at the company should take complete responsibility for the loss of data and not make excuses as to how it was someone else’s fault (remember the BP oil spill finger pointing?). The last thing victims need is to become more victimized by a corporate spin cycle that further erodes trust. Authentically respecting their customer base (which they do), even when it costs a few extra dollars to maintain, is a sound investment strategy.
2. Transparency.  Zappos customers have the right to know exactly what was stolen and how it might be used. They deserve to know what the company knows and what law enforcement knows. Sharing their failure (as opposed to covering it up in any way, which they don’t seem to be doing) is a painful process with high short-term costs, but it is the first step in taking responsibility.
3. Expectation.  Zappos needs to set customer and marketplace expectations early and often about how they will make it better. Forcing users to change passwords does little to ease fears that it will happen again. What tangible steps will they take to repay customers for the trouble they have caused and what measures will they implement to better protect users in the future?
4. Delivery. Zappos must deliver on the expectations they set with the victims, with the media and with the marketplace. False promises (pretending to implement better security but underfunding the budget) are cheap Band-Aids but only further infect the inflicted wounds when nothing actually changes. To regain trust, Zappos must set impressive expectations and deliver on them flawlessly
5. Competence. Zappos is not in the business of recovering from identity theft or data breach. They need to aid their legal department by bringing in breach mitigation and recovery experts. Saving a few dollars up front keeping the efforts in house will raise downstream recovery by multiples.

In the meantime, if you are a victim of the Zappos’ breach, begin with these steps:

• Immediately change your password according to Zappos emailed instructions.
• Use an alpha-numeric-upper-lower-case password that has nothing to do with your personal life and can’t be found in a social networking profile or dictionary
• If you use the same password on other sites (webmail, financial), change those as well
• Implement identity theft monitoring services like those provided by CSID.com.
• Monitor your credit profile for suspicious activity at AnnualCreditReport.com
• Don’t click the links in that email. Zappos is sending every one of its affected customers a warning e-mail. However, more often than not such “official” e-mails are from hackers (for example, “We’ve had a security problem. Please change your password.”). These fraudulent e-mails can be virtually indistinguishable from legitimate communications, including identical graphics, logos, and authentic looking return e-mail addresses. Instead of clicking, type the URL (in this case Zappos.com) directly into your address bar. If there’s an important notice on your account, you’ll find it there.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. 7 Steps to Secure Profitable Business Data (Part I)
2. 5 Steps to Avoid Facebook Destruction in Business
3. 7 Steps to Secure Profitable Business Data (Part II)

If you received an iPad for the holidays (or already have one), you own the most powerful productivity tool invented in the last 20 years – it’s like command central for your life and work. I use the iPad as a step-by-step, centralized way to keep tabs on everything related to my business. Over a cup of coffee, I consume highly-relevant information (no Angry Birds at this point in the day) in a low-stress way simply by clicking through my iPad apps in a consciously prioritized order. I’m not actually taking action on anything at this point, just getting an overview of the appointments, current events, and communications that will make me more effective. That way, when I get down to work,  I know exactly what should get my attention. The routine is always the same, so I never have to remember what I need to do except to open my iPad before I officially start the day. The process takes me about 20 minutes, and by the time I get to work, my brain has sorted most of the information and knows where to start. Here’s how I consciously prioritize my apps (see screen shot):

1. Calendar (iCal). I look at my calendar first to remind myself of appointments taking place that day.
2. Project Planner (OmniFocus). I use OmniFocus to organize larger projects. It is a great way to do a brain dump of all of the little tasks that clutter my creative thinking. These project lists are shared with my team and give us a centralized way to track and prioritize our business.
3. Event Management (eSpeakers and SalesForce). Because I speak professionally as my main source of revenue, I utilize an industry specific app called eSpeakers that tracks every aspect of my speaking engagements. In 30 seconds, I have a quick view of what speeches are on the horizon and what tasks need to be completed. Since this is a revenue center of my business, I want to keep very close tabs on what is taking place. SalesForce is for leads, accounts and contact management.
4.  News (local paper, USA Today, Zite, Instapaper, NPR). Once I have a view of the day ahead, I skim the news (general and industry specific) to determine if there are any stories I need to pay closer attention to. This isn’t a complete reading, just to put it on my radar.
5. Note Taking (Evernote). I use Evernote as a clearing house for all of the notes I take, whether it’s an article, random thoughts, etc. By keeping my note taking app close to the news apps, I record anything highly relevant.
6. Social Networking (HootSuite). I use HootSuite to monitor my Facebook Fan Page, Twitter Feed and LinkedIn Profile. I might quickly post an interesting piece of current news in my field or an upcoming event or media appearance. I do NO personal updates at this point in the day. Business only.
7. Email. Email always seems like the most important task, but I find it to be distracting. I leave it until last and simply read through all emails and flag them for later work. If they require more than a three word answer, I don’t use my iPad to communicate. I do this once I am sitting at my computer; in the meantime, my subconscious has generally come up with the necessary responses.

7 Simple Security Settings for Your iPad

1. Turn On Passcode Lock. Your iPad is just as powerful as your laptop or desktop, protect it like one. Your iPad is only encrypted when you enable the passcode feature. (Settings/General)
2. Turn Simple Passcode to Off. Why use only an easy to crack 4-digit passcode when you can implement a full-fledged alphanumeric password? If you can tap out short emails, why not spend 5 seconds on a proper password.
3. Require Passcode Immediately. It is slightly inconvenient and considerably more secure to have your iPad automatically lock up into passcode mode anytime you leave it alone for a few minutes.
4. Set Auto Lock to 2 Minutes. Why give the table thief at your favorite café more time to modify your settings to his advantage (to keep it from locking) as he walks out the door with your bank logins, emails and kid pictures.
5. Turn Erase Data after 10 Tries to On. Even the most sophisticated passcode-cracking software can’t get it done in 10 tries or less. This setting wipes out your data after too many failed attempts. Just make sure your kids don’t accidentally wipe out your iPad (forcing you to restore from your latest iTunes backup).
6. Use a Password Manager. Your passwords are only as affective as your ability to use them wisely (they need to be long and different for every site). Keeping your passwords in an unencrypted keychain or document is a recipe for complete financial disaster. Download a reputable password-protection app to manage and protect any sensitive passwords, credit card numbers, software licenses, etc. Not only is it safe, it’s incredibly convenient and efficient.
7. Avoid Untrustworthy Apps. Not all applications are friendly. Despite Apple’s well-designed vetting process, there are still malicious apps that slip through the cracks to siphon data out of your device. If the app hasn’t been around for a while and if you haven’t read about it in a reputable journal (Macworld, Wall Street Journal, New York Times, etc.), don’t load it onto your system. 

It will only take a minute to implement these steps and will encourage thieves to move on to the next victim.

John Sileo is an award-winning author and speaks worldwide on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply results and increase performance. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Contact him on 800.258.8076 or learn more at ThinkLikeASpy.com.

Related posts:

1. iPad Vampires: 7 Simple Security Settings to Stop Data Suckers
2. iPad & Tablet Users Asking for Identity Theft
3. 7 Steps to Secure Profitable Business Data (Part I)

Your instincts are dead on. Facebook has been saying one thing to our faces and doing another behind our backs. Facebook is in pre-IPO mode and has the propaganda machine running overtime like Big Brother at an Animal Farm.

Enter the Federal Trade Commission (FTC). The FTC just released a formal complaint identifying eight counts against Facebook for violating the Federal Trade Commission Act. The FTC confirmed what we’ve always known: Facebook tells us what they think we want to hear, not necessarily the truth. Here are the details of Facebook’s dishonesty:

• Under the guise of increasing user privacy, Facebook has consistently provided their advertisers with ever-expanding access to sensitive user information, not less.
• Contrary to Facebook’s marketing machine, user profiles are assigned a unique User ID that allows applications (e.g. Farmville) to track us as individuals, not as anonymous, aggregated members of a group.
• Even if you restrict all applications’ access to your data, your friends can install applications that allow Facebook to expose your personal information without your consent or knowledge.
• When a user deletes their account, Facebook will remove the user’s profile, but they do not remove the private data associated with the profile upon deletion. It remains stored on Facebook-managed servers, forever available to vendors, advertisers and applications.
• Worst of all, the FTC confirms that anytime Facebook makes updates to the website, a user’s personal security settings are lost and must be re-set because prior settings have been “overridden” by the updates. In other words, all of the time and work you put into customizing your privacy and security settings are lost anytime Facebook adds or tweaks a feature.
• Within every count in the complaint about Facebook’s business practices, the FTC used one or more of the following “qualifiers”: False or misleading representation, Deceptive act or practice, Unfair act or practice, Contrary to the statements made…

But Facebook hasn’t just violated a law imposed by the FTC, they have violated the trust of their profit-makers, all of us, the users. At the most basic level, Facebook has failed 6-7 clear litmus tests of trust leadership. Here are three of their biggest violations:

1. Transparency – the right of those on the outside (users) to know what those on the inside (Facebook, application developers, law enforcement) know about us. Users know nothing, and in fact, it often seems that Facebook employees don’t know how the ‘engine on the inside’ works.
2. Expectation – the reasonable assumption that Facebook honestly tells us how our data is being collected, aggregated, used and sold. As shown by the FTC complaint, they are doing no such thing.
3. Respect – the most basic component of customer service, which says that users should be treated as stakeholders in the company, not as naive profit-centers who donate their data, for free, as endless inventory to be packaged and sold to multiple bidders.

The FTC reveals an arrogant Facebook, an organization that has systematically exempted itself from the rules, because of it’s size, it’s wunderkind story and our obsession with comparing our lives to others’. With an IPO expected early next year, it’s feared Facebook will tell the FTC what they think it wants to hear, once again, protecting their bottom-line at any cost.

Ultimately, if Facebook continues to ignore the elephant in the room, all stakeholders (including stock holders) will divest their investment and delete their profiles and we will start to speak of Facebook like we do MySpace. Of course, Facebook is too successful right now to fathom that outcome.

John Sileo is a leadership speaker on deception and trust, including: social media privacy, trust leadership and identity theft. His clients include the Department of Defense, Experian, Homeland Security Pfizer and the FDIC. Contact him on 800.258.8076. 

Related posts:

1. Facebook Privacy Breach – Eventually, We’ll Lose our Trust
2. What Larussa’s Botched Bullpen Call Teaches About Trust
3. Trust and Betrayal Online and Offline

The FTC (Federal Trade Commission) is about to hold Facebook to stronger safeguards regarding user privacy, but in the end, it won’t matter very much because they are leaving Facebook with lots of wiggle room.

Rumor has it that Facebook will soon have to acquire users’ consent before making changes to privacy policies that affect current user data. That is a total contrast to what they’ve done in the past, which is to rewrite their privacy policies to be less protective without so much as giving users a whiff of the changes to their privacy.

It looks like Facebook, much like happened recently with Google, may have to submit to independent privacy audits annually over the next 20 years. At issue is the fact that the settlement will prohibit Facebook from making information that’s already on the site available to  a wider audience without user consent.

Here’s the rub: the ruling doesn’t affect any new features that Facebook adds to their service in the future. It’s likely going to be a retroactive slap on the wrist for rolling back user privacy in 2009.

Privacy is paramount. Dozens of privacy bills have been submitted to Congress this year alone. The Obama administration has called for a “privacy bill of rights” and the FTC last year called for the development of a “do not track” system that would make it easier for Internet users to protect their browsing habits.

Privacy settings and unannounced changes have challenged the reputation of Facebook. It’s not entirely clear if these privacy-settings guidelines are being implemented in the best interest of the end-user, or if Facebook is trying to bolster their privacy concerns, and user reception, in preparation for a pending IPO in April 2012.

John Sileo speaks on social media exposure and corporate risk. Learn more at www.ThinkLikeASpy.com.

Related posts:

1. Facebook Reveals the End of Privacy
2. Facebook Privacy: Hide from Google
3. Will Facebook Make Privacy Policy Understandable?

Business Killers: Identity Theft and Data Breach Protection Webinar on November 10

On November 10, I will host an interactive webinar sponsored by Deluxe that will explore how small businesses can protect themselves from identity theft. As someone who lost more than $300,000 and my small business to identity theft, this is a topic I care about deeply. In addition to delivering keynote speeches at conferences, I also provide consulting and guidance to organizations like the Federal Trade Commission, Pfizer and the Department of Defense on how to best protect the sensitive data inside of their organizations.

Register now for tomorrow’s webinar.

During this multi-part webinar, I will provide simple, actionable tools and advice to help small businesses protect their data and retain information privacy. I’ll also explain how the information economy has shifted the competitive landscape and increased our data exposure. Attendees will learn the following:

• The new reality: information does not equal power
• How to think like a spy and apply critical thinking to the power equation
• Manipulation triggers thieves use against your employees and defense techniques
• Interrogation tools to uncover fraud before it erodes your profits and net worth
• Fraud hotspot best practices
• Trends in data theft
• Holiday identity theft prevention tips

Sign up now and make sure that your business doesn’t experience the losses that mine did.

John Sileo, the award-winning author of Privacy Means Profit, is a keynote speaker on identity theft, data security, social media exposureand weapons of influence. His clients include the Department of Defense, Pfizer, Homeland Security, Blue Cross, the FDIC and hundreds of corporations, organizations and associations of all sizes. Learn more at www.ThinkLikeASpy.com.

Related posts:

1. Data Breach Expert Sileo Talks to Fox Business
2. Identity Theft for Businesses: Mobile Data Breach
3. Mobile Security Webinar: Defending SmartPhones, iPads, Laptops Against Cyber Attacks

• Verizon Wireless – rolling one-year records of cell tower usage & what phone accessed what web site
• AT&T / Cingular – ongoing records of cell tower usage since July of 2008
• T-Mobile USA – doesn’t keep any data on Web browsing activity
• Sprint Nextel’s Virgin Mobile – 3 month record of text content
• Other than Virgin Mobile and Verizon, none of the carriers keep texts but they keep records of who visited a particular web site.
• Verizon keeps some information for up to a year that can be used to ascertain if a particular phone visited a particular Web site
• Sprint Nextel’s Virgin Mobile keeps the text content of text messages for three months. Verizon keeps it for three to five days. None of the other carriers keep texts at all, but they keep records of who texted who for more than a year.
• AT&T keeps up to seven years of records of who texts who — and when, but not the message content. Virgin Mobile keeps that data for two to three months.

Readily available via a simple Internet search, this document shows how cellphone companies in the U.S. treat data about their subscribers’ cell phone use.

Bring privacy and security expert John Sileo in to scare the care into your next audience. Identity theft, data breach, social media exposure and human manipulation keynote training.

Related posts:

1. iPhone Location Tracking Leads to Privacy Lawsuit
2. Internet Explorer 9 Privacy Feature Limits Tracking
3. 5 Steps to Good Privacy Habits

In the work we do to change the culture of privacy inside of organizations, we have discovered a dilemma: iPads are not as secure as other forms of computing and are leaking significant amounts of organizational data to corporate spies, data thieves and even competing economies (China, for example, which would dearly love to pirate the recipe for your secret sauce). Do corporations, then, sacrifice security for the sake of efficiency, privacy for the powerful touch screens that offer a jugular of sensitive information?

Of course not! That’d be like driving a race car minus seat belts and air bags.

iPads provide a competitive advantage, and like generations of tools before it (the cotton gin, the PC), individuals and organizations alike will be forced to learn how to operate this equipment safely or risk the bite of intellectual property vampires. Here are 7 Simple Security Settings to help you lock down your iPad much like you would your laptop.

7 Simple Security Settings for Your iPad

1. Turn On Passcode Lock. Your iPad is just as powerful as your laptop or desktop, so stop treating it like a glorified book. Your iPad is only encrypted when you enable the passcode feature. (Settings/General)
2. Turn Simple Passcode to Off. Why use only an easy to crack 4-digit passcode when you can implement a full-fledged alphanumeric password? If you can tap out short emails, why not spend 5 seconds on a proper password.
3. Require Passcode Immediately. It is slightly inconvenient and considerably more secure to have your iPad automatically lock up into passcode mode anytime you leave it alone for a few minutes.
4. Set Auto Lock to 2 Minutes. Why give the table thief at your favorite café more time to modify your settings to his advantage (to keep it from locking) as he walks out the door with your bank logins, emails and kid pictures.
5. Turn Erase Data after 10 Tries to On. Even the most sophisticated passcode-cracking software can’t get it done in 10 tries or less. This setting wipes out your data after too many failed attempts. Just make sure your kids don’t accidentally wipe out your iPad (forcing you to restore from your latest iTunes backup).
6. Use a Password Manager. Your passwords are only as affective as your ability to use them wisely (they need to be long and different for every site). Keeping your passwords in an unencrypted keychain or document is a recipe for complete financial disaster. Download a reputable password-protection app like 1Password to manage and protect any sensitive passwords, credit card numbers, software licenses, etc. Not only is it safe, it’s incredibly convenient and efficient.
7. Avoid Untrustworthy Apps. Not all applications are friendly. Despite Apple’s well-designed vetting process, there are still malicious apps that slip through the cracks to siphon data out of your device. If the app hasn’t been around for a while and if you haven’t read about it in a reputable journal (Macworld, Wall Street Journal, New York Times, etc.), don’t load it onto your system. Don’t jail-break your iPad to download apps outside of iTunes. Short-term gain equals long-term risk.

Believe it or not, these simple steps begin to give you a level of security that will discourage casual data vampires. After implementing the Simple 7, move on to 5 Sophisticated Security Settings for iPads for even more robust data defense.

John Sileo lost almost a half-million dollars, his business and his reputation to identity theft. Since then, he’s become America’s leading keynote speaker on identity theft, social media exposure and weapons of manipulation. He helps organizations build successful cultures of privacy. His clients include the Department of Defense, Pfizer and Homeland Security. To learn more, visit ThinkLikeASpy.com or contact him directly on 1.800.258.8076.

Related posts:

1. Using an iPad to Your Competitive (and Secure) Advantage
2. 13 Data Security Tips for Meeting Professionals – SGMP
3. iPad & Tablet Users Asking for Identity Theft