In the first part of this article series, we discussed why it is so important to protect your business data, including the first two steps in the protection process. Once you have resolved the underlying human issues behind data theft, the remaining five steps will help you begin protecting the technological weaknesses common to many businesses.
- Start with the humans.
- Immunize against social engineering.
- Stop broadcasting your digital data. There are two main sources of wireless data leakage: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Both connections are constantly sniffed for unencrypted data being sent from your computer to the web.Strategy: Have a security professional configure the wireless router in your office to utilize WPA-2 encryption or better. If possible, implement MAC-specific addressing and mask your SSID. Don’t try to do this yourself. Instead, invest your money in proportion to the value of the asset you are protecting and hire a professional. While the technician is there, have him do a thorough security audit of your network. You will never be sorry for investing the additional money in cyber security.To protect your data while surfing on the road, set up wireless tethering with your mobile phone provider (Verizon, Sprint, AT&T, T-Mobile) and stop using other people’s free or fee hot spots. Using a simple program called Firesheep, data criminals can “sniff” the data you send across these free connections. Unlike most hot-spot transmissions, your mobile phone communications are encrypted and will give you Internet access from anywhere you can make a call.
Posted in Business, Cyber Crime, Identity Theft by John Sileo.
Tags: "Data Privacy", Business Security, data security, Detection Fraud, Engineering Social, Fraud, Fraud Detection, Fraud Expert, Fraud Speaker, Fraud Training, Identity Theft, identity theft expert, information, John Sileo, Keynote, Keynote Speaker, Part 2, Part II, Prevention, Privacy, professional speaker, Protection, Security, social engineering, social engineering expert, Speaker, Technology, Training Fraud
Everybody wants your data. Why? Because it’s profitable, it’s relatively easy to access and the resulting crime is almost impossible to trace. Take, for example, Sony PlayStation Network, Citigroup, Epsilon, RSA, Lockheed and several other businesses that have watched helplessly in the past months as more than 100 million customer records have been breached, ringing up billions in recovery costs and reputation damage. You have so much to lose.
To scammers, your employees’ Facebook profiles are like a user’s manual about how to manipulate their trust and steal your intellectual property. To competitors, your business is one poorly secured smartphone from handing over the recipe to your secret sauce. And to the data spies sitting near you at Starbucks, you are one unencrypted wireless connection away from wishing you had taken the steps in this two-part article.
Every business is under assault by forces that want access to customer databases, employee records, intellectual property, and ultimately, your bottom line. Research is screaming at us—more than 80% of businesses surveyed have already experienced at least one breach and have no idea of how to stop a repeat performance. Combine this with the average cost to repair data loss, a stunning $7.2 million per incident (both statistics according to the Ponemon Institute), and you have a profit-driven mandate to change the way you protect information inside of your organization. “But the risk inside of my business,” you say, “would be no where near that costly.” Let’s do the math.
Posted in Business, Cyber Crime, Human Fraud, Identity Theft, Social Media by Identity Theft Expert John Sileo.
Tags: "Data Privacy", Business Security, data security, Fraud, Identity Theft, information, John Sileo, Keynote, Prevention, Privacy, Protection, Security, social engineering, Speaker, Technology
Businesses often make social engineering (or fraud) training boring! And that’s bad for your bottom line, because no one ends up remembering how to protect your organization against threats like data theft, corporate espionage or social networking exposure.
Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s actually in process at the moment. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.
This social engineering video was recorded at a fraud training I did recently and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:
Posted in Business, Cyber Crime, Human Fraud, Identity Theft by John Sileo.
Tags: Detection Fraud, Engineering Social, Fraud Detection, Fraud Expert, Fraud Speaker, Fraud Training, identity theft expert, John Sileo, Keynote Speaker, professional speaker, social engineering, social engineering expert, Training Fraud
During a recent 60 Minutes interview, I was asked off camera to name the Achilles’ heel of an entire country’s data security perspective; what exactly were the country’s greatest weaknesses. The country happened to be New Zealand, a forward-thinking nation smart enough to take preventative steps to avoid the identity theft problems we face in the States. The question was revealing, as was the metaphor they applied to the discussion.
Achilles, an ancient Greek superhero — half human, half god — was in the business of war. His only human quality (and therefore his only exploitable weakness) was his heel, which when pierced by a Trojan arrow brought Achilles to the ground, defeated. From this Greek myth, the Achilles’ Heel has come to symbolize a deadly weakness in spite of overall strength; a weakness that can potentially lead to downfall. As I formulated my thoughts in regard to New Zealand, I realized that the same weaknesses are almost universal — applying equally well to nations, corporations and individuals.
Posted in Business, Identity Theft, Social Media by Identity Theft Speaker John Sileo.
Tags: "New Zealand", 60 Minutes, data, Facebook, financial crime, Financial Speaker, Fraud Training, Identity, identity theft expert, Identity Theft Speaker, information, John Sileo, Privacy, Security, Sileo, social engineering, Social Media, social networking, Theft
You and your business are worth a lot of money, whether your bank accounts show it or not. The goldmine lies in your data, and everyone wants it. Competitors want to hire the employee you just fired for the thumb drive full of confidential files they smuggled out. Data thieves salivate over your Facebook profile, which provides as a “how to” guide for exploiting your trust. Cyber criminals are digitally sniffing the wireless connection you use at Starbucks to make bank transfers and send “confidential” emails.
Every business is under assault by forces that want access to your valuable data: identity records, customer databases, employee files, intellectual property, and ultimately, your net worth. Research is screaming at us—more than 80% of businesses surveyed have already experienced at least one breach (average recovery cost: $6.75 million) and have no idea of how to stop a repeat performance. These are clear, profit-driven reasons to care about who controls your data.
Here are 5 Information Espionage Hotspots that your business should address now:
Posted in Business, Identity Theft by Identity Theft Speaker John Sileo.
Tags: Business, data theft, Expert, Fraud, Hot Spots, Identity Theft, Information Hot Spots, Information Security, Inside Spies, mobile data, Prevention, Privacy, Protection, Sileo, social engineering, Speaker
Businesses often make social engineering (or fraud) training boring! And that’s bad for your bottom line, because no one ends up remembering how to protect your organization against threats like data theft, corporate espionage or social networking exposure.
Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s actually in process at the moment. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.
This social engineering video was recorded at a fraud training I did recently for the Department of Defense, and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:
Posted in Business, Human Fraud, Identity Theft by Identity Theft Expert John Sileo.
Tags: Business Speaker, Detection Fraud, Engineering Social, Financial Speaker, Fraud Detection, Fraud Training, Fraud Training Expert, social engineering, Social Engineering Speaker, Training Fraud
Quoted from the original CSO Online story:
Social engineering stories: The sequel
Two more social engineering scenarios demonstrate how hackers still use basic techniques to gain unauthorized access, and what you can do to stop them
By Joan Goodchild, Senior Editor
May 27, 2010 —
John Sileo, an identity theft expert who trains on repelling social engineering, knows from first-hand experience what it’s like to be a victim. Sileo has had his identity stolen—twice. And both instances resulted in catastrophic consequences.
The first crime took place when Sileo’s information was obtained from someone who had gained access to it out of the trash (yes, dumpster diving still works). She bought a house using his financial information and eventually declared bankruptcy.
“That was mild,” said Sileo, who then got hit again when his business partner used his information to embezzle money from clients. Sileo spent several years, and was bankrupt, fighting criminal charges.
Now that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.
ow that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.
Posted in Business, Human Fraud, Identity Theft by Identity Theft Speaker John Sileo.
Tags: CSO Online, Fraud, Fraud Training, Fraud Training Expert, Fraud Workshops, John Sileo, Scams, social engineering, social engineering expert
Wouldn’t you think Ben Stiller is famous enough to be immune to losing his identity to a thief? Not so! Credit card scams can bring anyone to their knees, even Hollywood’s most famous!
Many celebrities have recently been the victims of a credit card scam that seems too easy to be true. All it took was the suspect calling the credit card companies using the stars’ personal information, claiming the cards had been lost. He requested the replacement cards be sent to a Chicago address and in a matter of days was able to begin his shopping spree. Eventually, a skeptical undercover agent from the US Postal Inspection Service was able to think like a spy and detect the fraud after he hand-delivered the cards to the suspect.
Now this week Adedamola Olatunji, 29, a Nigerian-born man who allegedly used Stiller’s card to run up charges on iTunes and an on-line dating service, was indicted on forgery, mail fraud, theft, aggravated identity theft, computer fraud and other felony charges.
Olatunji allegedly told investigators he tried to purchase several thousand dollars worth of merchandise with the card to send to a friend in the United Kingdom, the source said. The scam is a way to work around companies’ refusal to ship items to Nigeria and other countries where fraud is a big-time business.
Posted in Identity Theft by Identity Theft Speaker John Sileo.
Tags: Ben Stiller, Credit card Scams, Identity Theft, identity theft expert, Identity Theft Speaker, John Sileo, social engineering, Think Like A Spy
Businesses often make fraud training boring! And that’s bad for their bottom line, because no one ends up remembering anything about the subject.
Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s happening. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.
This social engineering video was recorded at a fraud training I did recently for the Department of Defense, and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:
Posted in Business, Identity Theft by Identity Theft Expert John Sileo.
Tags: Detection Fraud, Engineering Social, Expert, Fraud Detection, Fraud Speaker, Fraud Training, social engineering, Training Fraud
What started in 1997 as a research project and a mission as the way to organize the world’s information has turned into the worlds largest search engine. Google has given anyone with an Internet connection access to more information than they realize. With such quick access to information, you need to be careful what you put on the World Wide Web and realize what is contained in your Google History. Remember, posts – and searches - are permanent. Here are a few privacy issues when it comes to Google:
1. Google’s Cookie and Toolbar. When you use their search engine, Google places a self-renewing cookie with a unique ID number on your hard disk. As you search websites, Google records your surfing activity and saves your searches. There are ways to change your Internet options to stop the cookie tracking and you can learn more by visiting www.google.com/support/accounts/.Remember, nothing you do on the Internet is private; it is all tracked, aggregated, analyzed, sold and used for a variety of purposes (many of them good). The advanced features of Google’s new toolbar for Internet Explorer not only updates automatically, but it also tracks which websites you visit.
Posted in Identity Theft by Identity Theft Speaker John Sileo.
Tags: Google History, Google Privacy, John Sileo, John Sileo Identity theft Expert, social engineering, Social Networking Speaker
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!