In the first part of this article series, we discussed why it is so important to protect your business data, including the first two steps in the protection process. Once you have resolved the underlying human issues behind data theft, the remaining five steps will help you begin protecting the technological weaknesses common to many businesses.
- Start with the humans.
- Immunize against social engineering.
- Stop broadcasting your digital data. There are two main sources of wireless data leakage: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Both connections are constantly sniffed for unencrypted data being sent from your computer to the web.Strategy: Have a security professional configure the wireless router in your office to utilize WPA-2 encryption or better. If possible, implement MAC-specific addressing and mask your SSID. Don’t try to do this yourself. Instead, invest your money in proportion to the value of the asset you are protecting and hire a professional. While the technician is there, have him do a thorough security audit of your network. You will never be sorry for investing the additional money in cyber security.To protect your data while surfing on the road, set up wireless tethering with your mobile phone provider (Verizon, Sprint, AT&T, T-Mobile) and stop using other people’s free or fee hot spots. Using a simple program called Firesheep, data criminals can “sniff” the data you send across these free connections. Unlike most hot-spot transmissions, your mobile phone communications are encrypted and will give you Internet access from anywhere you can make a call.
Posted in Business, Cyber Crime, Identity Theft by John Sileo.
Tags: "Data Privacy", Business Security, data security, Detection Fraud, Engineering Social, Fraud, Fraud Detection, Fraud Expert, Fraud Speaker, Fraud Training, Identity Theft, identity theft expert, information, John Sileo, Keynote, Keynote Speaker, Part 2, Part II, Prevention, Privacy, professional speaker, Protection, Security, social engineering, social engineering expert, Speaker, Technology, Training Fraud
Businesses often make social engineering (or fraud) training boring! And that’s bad for your bottom line, because no one ends up remembering how to protect your organization against threats like data theft, corporate espionage or social networking exposure.
Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s actually in process at the moment. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.
This social engineering video was recorded at a fraud training I did recently and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:
Posted in Business, Cyber Crime, Human Fraud, Identity Theft by John Sileo.
Tags: Detection Fraud, Engineering Social, Fraud Detection, Fraud Expert, Fraud Speaker, Fraud Training, identity theft expert, John Sileo, Keynote Speaker, professional speaker, social engineering, social engineering expert, Training Fraud
Quoted from the original CSO Online story:
Social engineering stories: The sequel
Two more social engineering scenarios demonstrate how hackers still use basic techniques to gain unauthorized access, and what you can do to stop them
By Joan Goodchild, Senior Editor
May 27, 2010 —
John Sileo, an identity theft expert who trains on repelling social engineering, knows from first-hand experience what it’s like to be a victim. Sileo has had his identity stolen—twice. And both instances resulted in catastrophic consequences.
The first crime took place when Sileo’s information was obtained from someone who had gained access to it out of the trash (yes, dumpster diving still works). She bought a house using his financial information and eventually declared bankruptcy.
“That was mild,” said Sileo, who then got hit again when his business partner used his information to embezzle money from clients. Sileo spent several years, and was bankrupt, fighting criminal charges.
Now that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.
ow that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.
Posted in Business, Human Fraud, Identity Theft by Identity Theft Speaker John Sileo.
Tags: CSO Online, Fraud, Fraud Training, Fraud Training Expert, Fraud Workshops, John Sileo, Scams, social engineering, social engineering expert
Mark Zuckerberg, CEO of Facebook, was interviewed just last week by Mike Arrington, co-founder of TechCrunch. They discussed privacy and how Facebook is looking to move forward in the future. Zuckerberg made some really interesting comments on Facebook, but I think the most prevalent to Identity Theft would be what he said on the progression of information sharing.
“People have really gotten comfortable, not only sharing more information and different kinds, but more openly and with more people.”
Zuckerberg also said that when Facebook began most people thought: why would I put any information on the internet at all? Now most users don’t think twice about privacy before making posts. Due to the Privacy changes Facebook made in December, your name, profile picture, gender, current city, networks, Friends List, and all the pages you subscribe to are now publicly available information on Facebook. Many people feel that this is a contradiction to what Zuckerberg had said before — that Facebook privacy controls are “the vector around which Facebook operates.” With more than 350 million users on Facebook, privacy is more important than ever.
It is also imperative that we all understand that we don’t have to share that information. It isn’t just Facebook’s responsibility to look after our privacy, it is ours as well.
Posted in Identity Theft, Social Media by Identity Theft Speaker John Sileo.
Tags: Facebook, facebook privacy, facebook privacy expert, John Sileo, Mark Zuckerberg, social engineering expert, social networking
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!