Posts

Fighting Friendly Fraud (Webinar): 5 Insider Theft Secrets to Protect You

Do you know what’s behind the masks your employees may wear? A staggering number of businesses falter and even fail because someone on the inside – an employee, vendor or even a partner – steals money, goods, data or intellectual property from the organization. Will yours be one of them? Not if you learn about the warning signs of fraudsters and the weaknesses in your current hiring procedures.

The strongest indicator that your business is at risk? Denial. If you have ever said to yourself, “My people would never do that,” or “were too small to be worth a fraudster’s time”, you are caught in a cycle of self-delusional naiveté. Most inside theft happens at the hands of a “trusted” team member. In fact, insider theft and fraud aren’t generally committed by experienced criminals.

In John Sileo’s webinar (video above), he shares his own history of experiencing a fraudulent case of insider theft that destroyed his small business, cost him nearly $300,000 and almost landed him in jail. His story will serve as the framework for five insider secrets that will help you and your business avoid his fate.

In Fighting Friendly Fraud, you will learn:

  • 10 Fraud Early Warning Signs
  • What goes on inside the mind of a friendly fraudster
  • Why good employees sometimes make bad choices
  • 5 Universal truths that underlie most types of fraud
  • Simple, inexpensive controls you can put in place to discourage fraud
  • Deterrence tactics to discourage the most devious inside spies

If you learn these five lessons, it will save you from learning others the hard way!

Using an iPad to Your Competitive (and Secure) Advantage

If you received an iPad for the holidays (or already have one), you own the most powerful productivity tool invented in the last 20 years – it’s like command central for your life and work. I use the iPad as a step-by-step, centralized way to keep tabs on everything related to my business. Over a cup of coffee, I consume highly-relevant information (no Angry Birds at this point in the day) in a low-stress way simply by clicking through my iPad apps in a consciously prioritized order. I’m not actually taking action on anything at this point, just getting an overview of the appointments, current events, and communications that will make me more effective. That way, when I get down to work,  I know exactly what should get my attention. The routine is always the same, so I never have to remember what I need to do except to open my iPad before I officially start the day. The process takes me about 20 minutes, and by the time I get to work, my brain has sorted most of the information and knows where to start. Here’s how I consciously prioritize my apps (see screen shot):

  1. Calendar (iCal). I look at my calendar first to remind myself of appointments taking place that day.
  2. Project Planner (OmniFocus). I use OmniFocus to organize larger projects. It is a great way to do a brain dump of all of the little tasks that clutter my creative thinking. These project lists are shared with my team and give us a centralized way to track and prioritize our business.
  3. Event Management (eSpeakers and SalesForce). Because I speak professionally as my main source of revenue, I utilize an industry specific app called eSpeakers that tracks every aspect of my speaking engagements. In 30 seconds, I have a quick view of what speeches are on the horizon and what tasks need to be completed. Since this is a revenue center of my business, I want to keep very close tabs on what is taking place. SalesForce is for leads, accounts and contact management.
  4.  News (local paper, USA Today, Zite, Instapaper, NPR). Once I have a view of the day ahead, I skim the news (general and industry specific) to determine if there are any stories I need to pay closer attention to. This isn’t a complete reading, just to put it on my radar.
  5. Note Taking (Evernote). I use Evernote as a clearing house for all of the notes I take, whether it’s an article, random thoughts, etc. By keeping my note taking app close to the news apps, I record anything highly relevant.
  6. Social Networking (HootSuite). I use HootSuite to monitor my Facebook Fan Page, Twitter Feed and LinkedIn Profile. I might quickly post an interesting piece of current news in my field or an upcoming event or media appearance. I do NO personal updates at this point in the day. Business only.
  7. Email. Email always seems like the most important task, but I find it to be distracting. I leave it until last and simply read through all emails and flag them for later work. If they require more than a three word answer, I don’t use my iPad to communicate. I do this once I am sitting at my computer; in the meantime, my subconscious has generally come up with the necessary responses.
You get the point. When you have covered the critical items, close the iPad and go make breakfast. Let your brain mull it over and process what’s important and what’s a waste of time. Don’t continue to consume more information, spend the rest of your day acting on what you’ve already reviewed. This will keep you from information overload.
If you apply this method, your iPad desktop will look completely different, customized to your needs, industry and interests. The power here is in the cutomization of what makes you effective and efficient and the ritualization of the process. Instead of remembering 20 things, you remember one – open your iPad before your work day begins. Twenty minutes well spent can give you a sizable competitive advantage. Try it for a week and see what you think. If you have other ways that you leverage your iPad for work, share them in the comments below. And don’t forget to keep all of this mission-critical data out of the hands of identity thieves and competitors by following these 7 Simple Security Steps:

7 Simple Security Settings for Your iPad

  1. Turn On Passcode Lock. Your iPad is just as powerful as your laptop or desktop, protect it like one. Your iPad is only encrypted when you enable the passcode feature. (Settings/General)
  2. Turn Simple Passcode to Off. Why use only an easy to crack 4-digit passcode when you can implement a full-fledged alphanumeric password? If you can tap out short emails, why not spend 5 seconds on a proper password.
  3. Require Passcode Immediately. It is slightly inconvenient and considerably more secure to have your iPad automatically lock up into passcode mode anytime you leave it alone for a few minutes.
  4. Set Auto Lock to 2 Minutes. Why give the table thief at your favorite café more time to modify your settings to his advantage (to keep it from locking) as he walks out the door with your bank logins, emails and kid pictures.
  5. Turn Erase Data after 10 Tries to On. Even the most sophisticated passcode-cracking software can’t get it done in 10 tries or less. This setting wipes out your data after too many failed attempts. Just make sure your kids don’t accidentally wipe out your iPad (forcing you to restore from your latest iTunes backup).
  6. Use a Password Manager. Your passwords are only as affective as your ability to use them wisely (they need to be long and different for every site). Keeping your passwords in an unencrypted keychain or document is a recipe for complete financial disaster. Download a reputable password-protection app to manage and protect any sensitive passwords, credit card numbers, software licenses, etc. Not only is it safe, it’s incredibly convenient and efficient.
  7. Avoid Untrustworthy Apps. Not all applications are friendly. Despite Apple’s well-designed vetting process, there are still malicious apps that slip through the cracks to siphon data out of your device. If the app hasn’t been around for a while and if you haven’t read about it in a reputable journal (Macworld, Wall Street Journal, New York Times, etc.), don’t load it onto your system. 

It will only take a minute to implement these steps and will encourage thieves to move on to the next victim.

John Sileo is an award-winning author and speaks worldwide on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply results and increase performance. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Contact him on 800.258.8076 or learn more at ThinkLikeASpy.com.

Data Breach Expert Sileo Talks to Fox Business

, ,

Victim of a Cyber Attack? What You Should Tell Customers

By Donna Fuscaldo, Fox Business

It seems like every day consumers are learning of data breeches from companies like Sega, Sony and Google. Major corporations like these tend to have the funds and resources to recover from an attack, but for small businesses, that’s often not the case.

A slow response and lack of communication with customers are among the missteps many small businesses make when facing an attack, both of which can cause irreparable damage to the business.

“When consumers are a victim of ID fraud based on interaction with a small business, 1 in 3 never come back,” said Phil Blank, senior analyst for security and fraud at Javelin Strategy & Research.

While data breaches hitting major banks and corporations tend to dominate headlines, small businesses are increasingly becoming targets. Hackers like to prey on small businesses because computers and mobile phones tend to be used for both work and personal use, and many small businesses don’t have an IT staff monitoring and protecting operations.

According to Javelin, small business fraud totaled $8 billion in 2010. Of that, banks, merchants and other providers absorbed $5.43 billion of the loss while the cost to victims was $2.61 billion.

Although the first line of defense against an attack is to have proper procedures and policies in place, if it does happen, there are steps that need to be taken immediately to mitigate the impact. The experts advise owners’ first step should be to communicate with customers quickly.

“You don’t have a large amount of time between a hack and when you tell a client,” said Blank at Javelin. That doesn’t mean you have to tell clients within a day of it happening, but you shouldn’t wait a couple of months either. Blank said customers should be notified within a week of the hack. “If people know within a week they have the ability to do something about it.”

To ensure the small business is communicating correctly to the customers, John Sileo, founder of ThinkLikeASpy.com and a professional identity theft speaker, said a small business owner should get professional help, whether it’s a privacy lawyer or a company that deals with data breach responses.

Each state has different laws and regulations pertaining to data breaches and a data breach company will be well versed in the rules governing the states. “This is too big for a small business to handle internally,” said Sileo. “They could end up making some legal choices without knowing it that can get them in hot water.”

John Sileo is a data breach expert and data breach keynote speaker on identity theft, social media exposure, data breach and weapons of influence. Bring him in to motivate your employees to care about data security. Contact him directly on 800.258.8076.

5 Steps to Avoid Facebook Destruction in Business

, ,

How should my business balance the risks of social media with the rewards of this increasingly dominant and highly profitable marketing medium? That’s the very insightful question that a CEO asked me during a presentation I gave on information leadership for a Vistage CEO conference.

Think of your move into social media (Facebook/Fan/Business Pages, LinkedIn, Twitter, YouTube, etc.) like you would approach the task of helping your fifteen-year-old daughter prepare to drive on her own. You love her more than anything on earth and would do anything for her (just like you will go to great lengths grow your business), but that doesn’t mean you just hand her the keys. Trying to forbid or ignore the movement into social marketing is like telling your teen that they can’t get their license. It isn’t going to happen, so you might consider putting down the denial and controlling those pieces of change that are within your power. The task is to maximize the positives of her newly bestowed freedom while minimizing any negatives; the same is true in social media.

Here’s a simple plan to follow that will help keep you safe and productive:

  1. Understand the Risks & Rewards. Just like you need to know the risks of a teen driving (peer pressure, alcohol, inexperience, inferior equipment), you need to fully understand the risks of operating this powerful piece of equipment we call social media or social networking. Privacy Concerns: Users who fail to customize their Facebook privacy, security and sharing settings are giving away massive amounts of information to other Facebook users, Facebook Vendors (e.g., Farmville), Facebook itself and potentially competitors, thieves and social engineers. Over Exposure: You can share too much on Facebook, including posts, photos and videos that you later regret uploading. If done improperly or without thought, this can lead to increased risk of identity theft, reputation hijacking, burglary or fraud. Reputation Damage: AFLAC fired comedian Gilbert Godfrey as their spokesperson for making a negative comment about the insurance giant on his wall. How you and your employees use social media directly influences your reputation.  Account Takeover: Imagine a pornography crime-ring taking over your fan page for a day. It’s usually not this extreme of a case, but accounts are constantly being compromised and used for nefarious and illegal purposes (sending SPAM, peddling pornography, covering crimes). Just because there are risks doesn’t mean you abandon the medium. It means that you prepare for them, just like training your daughter to drive defensively, break properly on ice and make smart choices about who gets in the car.
  2. Define Your Destination. Many businesses that utilize social media don’t actually know why they are using it, other than it’s the thing to do. But using it effectively takes a huge time and knowledge investment, so make sure you define what you want to achieve before you invest. Are you there to make friends, to network, to increase visibility, reshape your reputation or improve customer service? Driving without a destination in mind might be fun, but it will ultimately get you nowhere.
  3. Choose the Right Equipment. Once you have defined your objective, you will have a better idea of which social medium to use (Facebook, Fan Page, Twitter, etc.). If your objective is to get your daughter safely from one place to another, you will choose a very different car than if you are trying to enhance her image with friends by buying a sports car. Trying to be part of every last social network means that you will use none of them effectively. Choose one or two platforms and take the time to perform the final two steps.
  4. Fasten Your Seat belt. An hour spent understanding and modifying the default privacy and security settings (which are very lax by default) on Facebook or another social site can save you and your organization tragic amounts of data loss and abuse. Our refusal as a society to take this simple, available step to protect our information is the equivalent of not fastening our seat belts while driving. Is it slightly inconvenient and a occasionally uncomfortable? Yes. Does it drastically increase your safety? Without question. With great power comes great responsibility, and we must start communicating that to others around us.
  5. Educate Your Driver. This knowledge, from awareness to customization, is only effective if it is passed on to others. You might know how to drive safely, but that doesn’t mean your daughter has picked it up by osmosis. The same is true inside of your organization; it’s not good enough for you do drive safely, the other members of the team must do the same – and not just for their own good, but because it also helps you be safe. After all, just like your daughter will ride in another teen’s car (and you want them to be well trained), your contacts will be handling your data in a social context (think of the picture of you at a St. Patrick’s Day party they consider posting) and need to know how to treat it.

There is nothing gained by ignoring or denying this social movement. It won’t be stopped and you will be part of it, either directly or indirectly. In turn, your business will be affected by how the employees and executives approach and even leverage the energy of social media. If you’re not out there educating your drivers, they are off doing it on their own anyway, seat belt-less and clueless.

John Sileo trains organizations on information leadership, including social media control, identity theft prevention and reputation management. His satisfied clients include the Department of Defense, FDIC, Pfizer and Homeland Security. To bring John in to speak to your organization, contact his staff on 800.258.8076 or watch him entertain audiences with vital content at www.ThinkLikeASpy.com.