WWBD? (What Would Bond Do?) Five Steps to Secure Your Business Data

, , ,

I finally got around to watching the latest 007 installment, Skyfall, and it appears even James Bond has entered into the world of Cyber Crime as he tries to protect a computer drive with a list of British agents from falling into the wrong hands.  And like the proverbial victims in a James Bond flick, you and your business data are under assault, even though it may not always be as obvious as getting thrown off a train.  Why?  Because your business data is profitable to would-be thieves. And for many of those thieves, that data is easy to get and the theft can be next to impossible to trace.

Sony PlayStation Network, Citigroup, Lockheed and several others have seen more than 100 million customer records breached, costing billions in recovery costs and reputation damage.  If it can happen to the big boys, it can happen to you.  If you don’t have Bond on your side fighting off the villains, take these steps to take to secure your business data:

Involve your employees. No one in your organization will care about data security until they understand what it has to do with them. So train them to be skeptical. When they’re asked for information, teach them to automatically assume the requestor is a spy. If they didn’t initiate the transfer of information (e.g., someone official approaches them for login credentials), have them stop and think before they share. Empower them to ask aggressive questions. Once employees understand data security from a personal standpoint, it’s a short leap to apply that to your customer databases, physical documents and intellectual property. Start with the personal and expand into the professional. It’s like allowing people to put on their own oxygen masks before taking responsibility for those next to them.

Stop broadcasting your digital data. Wireless data leaks two ways: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Have a security pro configure the wireless router in your office for WPA-2 encryption or better and perform a thorough security audit of your network. To protect your data on the road, set up wireless tethering with your mobile phone provider and stop using other people’s hot spots.

Eliminate the inside spy. Perform serious background checks before hiring new employees. The number one predictor of future theft by an employee is past theft. Follow up on the prospect’s references and ask for some that aren’t on the application. Letting prospective hires know in advance that you will be performing a comprehensive background check will discourage them from malfeasance.

Don’t let your mobile data walk away. Up to 50 percent of all major data breach originates with the loss of a laptop, tablet or mobile phone. Either carry these on your person (making sure not to set them down in airports, cafes, conferences, etc.), store them in the hotel room safe, or lock them in an office or private room when not using them. Physical security is the most overlooked, most effective form of protection. Also, have the security pro mentioned earlier implement strong passwords, whole disk encryption and remote data-wiping capabilities. Set your screen saver to engage after five minutes of inactivity and check the box that requires you to enter your password upon re-entry.

Spend a day in your dumpster. You may have a shredder, but the problem is no one uses it consistently. Pretend you are your fiercest competitor and sort through outgoing trash for old invoices, credit card receipts, bank statements, customer lists and trade secrets. If employees know you conduct occasional dumpster audits, they’ll think twice about failing to shred the next document.

Take these steps and you begin the process of starving data thieves of the information they literally take to the bank.  It will be a lot easier to sit back and relax- maybe even have a shaken martini- when you know your business is secure.

James Bond martini

John Sileo is an anti-fraud training expert and in-demand speaker on digital reputation, identity theft and online privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

 

 

 

 

 

 

How long will Weiner’s bad online reputation haunt him?

Anthony Weiner is notorious for a gaffe made on Twitter, but will his online reputation recover?

I’m sure everyone remembers the infamous 2011 incident when Representative Weiner became something of a national punchline for lewd tweets that revealed his “private data,” so to speak.

Or do we remember?

At the time, Weiner’s indiscretions left him a laughingstock and a near-disgrace in one fell swoop. Now, as he ramps up a possible New York City mayoral campaign, he’s returned to the same social platform that almost cost him his political career. Is it possible that we will forget and forgive so soon?

A natural byproduct of our 140-character driven world is that everything is always old news. By the time the next tweet or Facebook post appears, we have forgotten the last one. Our online reputation, on the other hand, never disappears. And at some point, we will again value character in our public figures – making digital reputation a permanent, if often inaccurate, representation of that character.   

The lesson here is that you must cultivate your online reputation with the world view that it will forever be public, permanent and powerful. Because our posts and tweets, photos and videos are recorded for all of time, shared with all of humankind and used by ethical viewers and manipulative abusers alike, we must think before we hit the send button.

I bet this time in office, Weiner will pause before sending. Or maybe, just maybe, his reputation will get in the way of winning back the office his indiscretion squandered away.

John Sileo is an online reputation expert and professional speaker on building digital trust. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Online reputation site must defend itself after losing customer data

Online reputation services have a special responsibility to keep clients safe. How can you protect yourself when the very company you rely on is breached?

Would you trust a site with your personal information after it suffered a breach? What if that site’s sole purpose is to protect your reputation?

Reputation.com helps its members maintain a reputable online profile, but the site’s own profile was damaged by a recent data breach that led to the exposure of customer information. Although no Social Security numbers or financial information was lost, names, email addresses, and physical addresses were exposed. It’s been reported that some dates of birth, phone numbers, and occupational information were also lost. A “small minority” of customer accounts had hashed and salted passwords stolen. 
 
Hashing’ passwords is the process of using algorithms to change customers’ passwords to a unique data string. The ‘salt’ adds more characters to produce a unique data fingerprint. The company has notified all customers of the breach and reset passwords to protect them. But Reputation.com is not alone in being hacked recently. LivingSocial, a daily-deal website, was breached, affecting 50 million customers.
Maintaining our online reputation is important to us and the internet, social media and mobile technology are great tools that give us a competitive advantage. However, we cannot ever take our online privacy for granted. Three tips to keep you ahead of identity theft are:
  • Use a password protection program that makes it easy to use highly-encrypted passwords
  • Change passwords on sensitive accounts monthly
  • Maintain strict privacy and security settings in your browser preferences

John Sileo is an online reputation expert and in-demand speaker on data security, social media safety and identity theft. His clients have included the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Are Millennials ignoring online privacy protection?

,

The Millennial generation tends to have a lax approach to online privacy protection – and it might put all of our security in jeopardy.

Those in their teens, 20s and early 30s – the “Millennials” – have widely prompted discussions as they enter and redefine the modern workplace. Recent information gives us a more in-focus picture of the general operating philosophy of this age group when it comes to handing out personal information over the internet. It’s been found that a devil-may-care attitude is much too prevalent.

A survey from the University of South California’s Annenberg Center for the Digital Future revealed that more than half of the Millennials it questioned would willingly give their personal information to companies in exchange for some sort of coupon or incentive. And then a disconnect occurs because the same study interestingly showed that 70 percent of those same Millennials believed their personal data should be kept private.

Perhaps the young Millennials simply don’t have enough experience to understand why giving away their personal information is so detrimental. The older Millennials, however, choose to ignore that their loose surfing, online buying and phone habits leave behind a digital footprint. They disregard that their identity and their online privacy is a type of currency, and the more they squander it now, the less they have later. And all the while, Facebook and other social networks are all too willing to profit from this data.

This isn’t to say that other generations were impervious to making bad decisions in the folly of youth. They just weren’t made in the online world we now know. How much easier it was when our bad decisions were wrapped in privacy! We have to remember, too, that online privacy protection is not the onus of just one group of people. It’s up to all of us to ensure that we’re not putting ourselves in danger through our digital interactions.

John Sileo is an online privacy protection expert and in-demand speaker on digital reputation, cyber security and online asset protection. His clients included the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Associated Press Twitter Account Hacked by Syrian Electronic Army

,

The Associated Press’ primary Twitter account was hacked today, allegedly by a group called the Syrian Electronic Army. This is the same group that took responsibility for the 60 Minutes and 48 Hours account takeovers. 

Syrian Electronic ArmySyrian Electronic Army AP Hack

Once again, the Syrian Electronic Army has managed to take over the Twitter feed of a highly respected news agency, the Associated Press. As you can see in the screen shots above, the hackers used the hacked AP Twitter account to falsely report that there had been two explosions in the White House and that President Obama was injured. Note: Both reports are false.

Hijacking high-profile Twitter accounts and using them for nefarious purposes is nothing new. But causing the stock markets, oil and gold prices to plunge in response is a new, critically significant development.

Are we living in an age where 140 characters are so powerful that they can send the Dow Jones down by more than 100 points? Yes, we are.

That is the undeniable power of digital reputation. The Associated Press has a strong, well-respected reputation online and off. The Syrian Electronic Army hijacked that reputation and used it to manipulate financial markets (however briefly).

Immediate Steps that Associated Press, Twitter Must Take

Twitter has been the focus of so many attacks, it makes you wonder when they will begin to take the basic steps necessary to prevent account takeovers like the AP, 60 Minutes and NPR:

  1. Twitter should immediately implement Two-Factor Authentication, which requires both a password and a texted passcode in order to get into an account. This makes it much harder to hack high-profile handles. 
  2. Both Twitter and the AP should champion a User Education Process that trains their users/readers on how to best detect phishing emails (which is how most of these accounts have been taken over). See the painfully simple video below that gives an example of how to educate people users about what a phishing attack looks like.
  3. Again, both entities should give their users guidance on how to create long, strong, site-specific and frequently varied passwords to lower the relative hackability of their accounts.

 

In previous weeks, NPR and CBS both had their online presence temporarily hijacked by the SEA. The group did get its own Twitter account suspended in the process, though new ones have been springing up in response.

Unlike some similar attacks by other groups, the SEA is very public about its involvement, often leaving messages like “Syrian Electronic Army was here.” The official “60 Minutes” and “48 Hours” accounts were among those compromised and made to display pro-Syria tweets bashing the U.S. Although control of the CBS feeds was eventually wrestled back, they have been officially suspended in response.

This hack is a wake up call: the more people you reach, the greater your circle of influence, the more appetizing it is for politically motivated groups to take control of your social media accounts and use them to move markets. 

John Sileo is CEO of The Sileo Group and speaks around the world on social media privacy, identity theft prevention and reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Your online reputation has a life of its own…even after you die

Here’s a spooky thought: there’s a good chance your online reputation could outlive you on the web – and still be vulnerable to attacks.

Have you ever wondered what will happen to your digital information after you’re gone? It’s a morbid topic, but no less important than dividing up your estate or making plans for your life insurance. Even once you’re no longer posting or “liking” on networks like Facebook, it’s possible that your name will stay active, unless you take plans to deactivate it. And if you don’t, you leave it to the whims of whichever company controls your data – or hackers that manage to steal it.

Some systems already exist to help cope with this situation. Facebook lets you turn the page of a recently departed loved one into a memorial site. Google has recently announced a service currently called “Inactive Account Manager” to allow you to set up “retirement” plans for your profiles after they go a certain amount of time without being used. This is worth considering even if you have no plans of shuffling off this mortal coil any time soon, as it’s a way of keeping forgotten email addresses and other services from cluttering up your computer and impacting your online reputation.

It sounds like something out of William Gibson, the concept of “uploading yourself” to live forever on the internet. But it’s happening all around us; there are even ominous reports of the accounts of deceased Facebook users suddenly being attached to things they may or may not have ever actually “liked.” It’s just another example that proves if you don’t take the reins to control your online reputation, the people who own it will.  Take advantage of the tools being offered to you to make sure your information isn’t doing anything without your knowledge, and won’t do so after you’re gone.  

John Sileo is an online reputation expert and keynote speaker on identity theft, cyber security and fraud. His clients have included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Once you go hack, you’ll never go back: Facebook scheme wreaking havoc on digital reputation

Facebook identity thefts are nothing new. The social media site has been the vehicle for all sorts of fake links and bots in years past. But a new trick that could threaten your digital reputation is proving particularly insidious. 

If you get a message to “Experience Facebook Black” sometime soon, you’d be advised to turn it down, unless you’re OK with your digital reputation being hijacked. This latest hack could spread malicious software without you or your Facebook friends even knowing until it’s too late.

The scam allegedly works by offering users the chance to change the color of the Facebook background to black – and then asks for users to respond to a series of questions by giving out information. Of course, the promised color conversion is a lie: play into the hands of this fraud and you’ll just wind up as a means of spreading it further, with your information used to make a dummy page to trick your connections.

It appears to be yet another example of an attack that exploits Javascript, and it has proven pervasive enough to get attention from Google, seeing as its browser Chrome can also be affected.

Social media exposure is a larger problem that demands the focus of big companies and anti-spyware professionals. But much of the prevention boils down to basic user habits. Specifically: don’t trust suspicious links, don’t click on something you don’t trust, and don’t sign up for apps that direct you to an outside source. Your information can make other people money, and if you’ve put it on the web, then it’s ripe for the taking. Making use of an online reputation consultant can help companies learn how to safeguard their personal data – before someone else paints it black.

John Sileo is an online reputation consultant and keynote speaker on identity, privacy and digital reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

InsightOne20 Small Business Conference in Los Angeles

Those interested in how to prevent identity theft can attend the InsightOne20 conference on March 16, where John Sileo will be presenting along with Seth Godin. Guests can register for the event on the InsightOne20 website.

The presentation, entitled “Spies, Hackers and Facebook Attackers: Bulletproofing Your Privacy & Profits in the Digital Age,” will contain information and instruction on how best to avoid the pitfalls of digital privacy and social media. The conference is hosted by City National Bank, and is considered a premiere event for small businesses. It will take place at the LA Convention Center.

Businesses of all sizes have many risks to consider when it comes to the stakes of modern commerce. Social media and even basic online browsing bring with them a host of dangers that concern your digital reputation. But the risk is especially palpable for startups and growing companies that may not yet have a strong security network in place. All data is valuable, and this presentation will seek to impart some wisdom about the best way to keep your information secure while promoting healthy online habits.

The internet isn’t going away, and there’s no use denying the importance social media and online privacy has in both our personal and professional lives. That’s why it’s now even more necessary to take the proper steps to control your digital reputation then ever before. The recent glut of attacks on corporate titans has made this a crucial part of the national conversation – don’t be left out of the loop.

Guests can register for the event on the InsightOne20 website.

John Sileo is a digital reputation expert and keynote speaker on privacy, identity and social media. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business. 

Jeep jacked and Burger King busted as company Twitter feeds get hacked

So far, 2013 has been the Year of the Hack, as the past few weeks have proven positively lousy with big-name security breaches. 

Social networks, news outlets, and now…jeeps and fast food? That’s right, recent events have seen two prominent businesses get their Twitter accounts hacked, and worse. Not only did identity pirates shanghai the feeds (and therefore the reputations) of Burger King and Jeep, they used this illegal access to send embarrassing and scandalous messages to their followers.

Last Monday, @BurgerKing began tweeting that it had been sold to McDonalds, changing its image to a golden arches logo and posting ridiculous, wildly provocative comments about rappers and mad cow disease. The same thing happened to Jeep the next day, when its account claimed it had been sold to Cadillac and that its CEO had been fired for doing drugs.

The incidents had huge and bizarre repercussions. Many users tweeted quips about how hackers “had it their way” with the fast food giant. Actually, if the plan was to send people away from the burger chain, it backfired: Burger King now has 30,000 new followers and tons of media attention. In fact, soon after MTV and BET actually pretended to have been hacked, apparently just for the publicity.

Burger King’s well-managed response is a fantastic example of a corporate character trait I call repetitional jujitsu – using negative digital events to your competitive advantage. If you think that BK’s response was accidental, or casual, think again.

Despite the silver lining for the company, this is an alarming series of events. It may seem funny now, but will you be laughing when strangers start using your digital reputation for a prank?  

In response to this, Twitter is determined to make its system more secure by implementing use of the email authentication system DMARC, which will hopefully limit hackers from using false emails to gain private information. While this will help, only time will tell how much difference it actually makes.

It may seem trifling, but your digital reputation is vital to how you’re perceived in the offline world. Proper social media risk management is the key to combating such attacks, and its best to take it to heart before someone makes you the next big online joke.

John Sileo is a social media reputation expert and keynote speaker on online identity and risk management. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business. 

Digital Reputations Are Quickly Becoming Currency in the Business World

Are we entering an age where one’s digital reputation is a form of career currency – or are we already there?

That is the subject of an article in Forbes last month that gets some things right and others wrong. It absolutely seems like online histories and reputations could become more important than resumes, portfolios and credit scores.

Our digital footprints are already considered by others when determining if they want to hire or do business with us. And many people don’t even have a traditional resume anymore, but have substituted it with a LinkedIn profile.

Forbes goes through a handful of questions and offers its own answers on the topic. Yes, everything we do on the Web, from Facebook to Twitter to LinkedIn, is becoming more and more connected, meaning that they influence one another as well as how others perceive us. But, there are a few things that the article misses the mark on.

For example, it says “use only the most secure sites for online transactions; and put all settings on the most restrictive possible.” It goes on to add that certain information will likely still seep out for companies to grab and use to target ads or other initiatives at you. But look at the holes in what the article says.

How do you know if a site qualifies as secure before conducting online transactions? And if a social media or other online platform has horrendous privacy settings, how does setting them to “the most restrictive possible” do you any good?

We don’t need generic rules to follow. Instead, we must cultivate a better understanding of internet privacy and online reputation management, so that we can take the steps necessary to protect ourselves. This doesn’t just apply to individuals, but businesses as well. Just like employers evaluate current and prospective employees through the lens of their digital reputations, so do consumers judge companies from which they might purchase goods and services.

John Sileo is an online privacy expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.