Posts

12th Day: Holiday Security Tips All Wrapped up Together

Would you like to give the people you care about some peace on earth during this holiday season? Take a few minutes to pass on our 12 privacy tips that will help them protect their identities, social media, shopping and celebrating over the coming weeks. The more people that take the steps we’ve outlined in the 12 Days of Christmas, the safer we all become, collectively.

Have a wonderful holiday season, regardless of which tradition you celebrate. Now sing (and click) along with us one more time.  

On the 12th Day of Christmas, the experts gave to me:

12 Happy Holidays,

11 Private Emails,

10 Trusted Charities

9 Protected Packages

8 Scam Detectors

7 Fraud Alerts

6 Safe Celebrations

Fiiiiiiiiiiive Facebook Fixes

4 Pay Solutions

3 Stymied Hackers

2 Shopping Tips

And the Keys to Protect My Privacy

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

US Companies Face Cyber Attacks; Live in a State of Cyberseige

When JP Morgan was recently asked about reported cyber attacks, their spokesperson replied that they were “closely safeguarding information and would notify anyone affected” and went on to add that companies of its size experience cyber attacks “nearly every day”.  It seems a rather casual reply for an event that may have resulted in the theft of multiple gigabytes of sensitive data!

Yet that is the reality today.  In fact, the financial industry, and most of the business world, has been described as being in a state of almost perpetual cybersiege.  Cyber attacks have become so commonplace that most businesses have almost come to expect it.

Which is why we have stopped paying attention, because breach is so normal. And breach is so normal because corporations don’t train their employees correctly on how to avoid it. 

In the case of the attacks on financial institutions this week, however, officials briefed on the attack said there had been multiple, very sophisticated, intrusions.  They are thought to have been “far beyond” the capability of normal hackers and seem to be part of an international wave of nationalist cybercrime campaigns against financial institutions.

It is expensive to battle a cyberseige.  JPMorgan Chase said in its 2013 annual report that it planned to spend more than $250 million and devote about 1,000 people to cybersecurity in 2014.  According to a report on cyber security and the banking sector released by the New York State Department of Financial Services in May, more than three-quarters of financial institutions expect their information technology security budgets to rise over the next three years. That might be the silver lining in what is a cloudy outlook for corporate security.

John Sileo is an an award-winning author and keynote speaker on data breach. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Sileo Speaking at NAFCU Technology and Security Conference

Credit Union Members: A special thanks to NAFCU for having me back a second year to present at their Technology and Security Conference.  Join us in Vegas for some fun and really get into the nuts and bolts of cyber security.

Screen shot 2013-09-09 at 11.04.06 AM

 
 

WWBD? (What Would Bond Do?) Five Steps to Secure Your Business Data

, , ,

I finally got around to watching the latest 007 installment, Skyfall, and it appears even James Bond has entered into the world of Cyber Crime as he tries to protect a computer drive with a list of British agents from falling into the wrong hands.  And like the proverbial victims in a James Bond flick, you and your business data are under assault, even though it may not always be as obvious as getting thrown off a train.  Why?  Because your business data is profitable to would-be thieves. And for many of those thieves, that data is easy to get and the theft can be next to impossible to trace.

Sony PlayStation Network, Citigroup, Lockheed and several others have seen more than 100 million customer records breached, costing billions in recovery costs and reputation damage.  If it can happen to the big boys, it can happen to you.  If you don’t have Bond on your side fighting off the villains, take these steps to take to secure your business data:

Involve your employees. No one in your organization will care about data security until they understand what it has to do with them. So train them to be skeptical. When they’re asked for information, teach them to automatically assume the requestor is a spy. If they didn’t initiate the transfer of information (e.g., someone official approaches them for login credentials), have them stop and think before they share. Empower them to ask aggressive questions. Once employees understand data security from a personal standpoint, it’s a short leap to apply that to your customer databases, physical documents and intellectual property. Start with the personal and expand into the professional. It’s like allowing people to put on their own oxygen masks before taking responsibility for those next to them.

Stop broadcasting your digital data. Wireless data leaks two ways: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Have a security pro configure the wireless router in your office for WPA-2 encryption or better and perform a thorough security audit of your network. To protect your data on the road, set up wireless tethering with your mobile phone provider and stop using other people’s hot spots.

Eliminate the inside spy. Perform serious background checks before hiring new employees. The number one predictor of future theft by an employee is past theft. Follow up on the prospect’s references and ask for some that aren’t on the application. Letting prospective hires know in advance that you will be performing a comprehensive background check will discourage them from malfeasance.

Don’t let your mobile data walk away. Up to 50 percent of all major data breach originates with the loss of a laptop, tablet or mobile phone. Either carry these on your person (making sure not to set them down in airports, cafes, conferences, etc.), store them in the hotel room safe, or lock them in an office or private room when not using them. Physical security is the most overlooked, most effective form of protection. Also, have the security pro mentioned earlier implement strong passwords, whole disk encryption and remote data-wiping capabilities. Set your screen saver to engage after five minutes of inactivity and check the box that requires you to enter your password upon re-entry.

Spend a day in your dumpster. You may have a shredder, but the problem is no one uses it consistently. Pretend you are your fiercest competitor and sort through outgoing trash for old invoices, credit card receipts, bank statements, customer lists and trade secrets. If employees know you conduct occasional dumpster audits, they’ll think twice about failing to shred the next document.

Take these steps and you begin the process of starving data thieves of the information they literally take to the bank.  It will be a lot easier to sit back and relax- maybe even have a shaken martini- when you know your business is secure.

James Bond martini

John Sileo is an anti-fraud training expert and in-demand speaker on digital reputation, identity theft and online privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

 

 

 

 

 

 

Cyber Monday Cyber Security in 60 Seconds

,

Cyber Thieves are officially out today to steal your credit card information or any other private personal information they can intercept as you shop online during Cyber Monday (and for the rest of the holiday season). In less that 60 seconds, you can know what they are up to and what to watch out for. Only 50 seconds left, so here they are (note: some of the “for more info” links will only become live over the next few weeks in our 12 Days of Christmas series, so please check back):

  1. Be extremely careful when using free Wi-Fi hotspots to shop online, as you are being watched by data sniffers.
  2. Only shop on secure, reputable websites that: A. You know via other means (the press; you shop at their store) B. Look for “https” in the URL, C. The website has a small padlock icon in the bottom right corner of your browser or the URL turns green, signaling a “safe” site.
  3. Shop, online or in person, with a credit card and not a debit card, because debit cards are riskier.
  4. Never offer more personal information to online stores than absolutely necessary (e.g., Social Security numbers, bank account numbers, passwords, PINs)
  5. Never use the same password across multiple websites, and do not use your name, pet’s name, birthdate, dictionary word or other easily guessed attribute as a password. Use a combination of letters, symbols and numbers and vary upper and lower case.
  6. Leave suspicious websites immediately (they ask for more information than normal, require you to double enter information or trigger your BS meter).
  7. Log out of your online accounts when you are not actively shopping, and password protect your smartphone, iPad and laptop in case they do go missing.
  8. Use automated account alerts to effortlessly monitor your credit card charges and bank balances, allowing you to catch fraud immediately.
  9. Only cyber shop on a non-public (e.g., not in a library) computer with a secure internet connection, updated anti-virus software and up-to-date operating system.
  10. Only donate to known charities and only when you have initiated the gift. Never send money (via check, cash or electronically) based solely on a wall post, email or phone call.  Respond to such correspondence by contacting the charity on a reputable phone number or website.
  11. (Bonus Tip #1) Resist your curiosity to see that adorable elf dance in an email, wall post or tweet; only open attachments from trusted friends and family. If you don’t recognize the sender, don’t open the holiday greetings, as it is probably malware trying to intercept your shopping credentials.
  12. (Bonus Tip #2) Check out our 12 Days to a Safe Christmas: Prevent Holiday Identity Theft for day by day tips on preventing identity theft while shopping.

If you take these 10 tips to heart, you will not only save yourself the stress of shopping in person, you won’t have to think twice about doing your holiday buying online.

When John Sileo isn’t shopping online for holiday gifts, he’s off speaking at conferences who are looking for highly relevant content delivered with humorous audience interaction. See video clips of John on stage and in the media.

 

Avoiding Social Spam Hackers on Facebook and Twitter

, ,

The post appears like it’s coming from a known friend. It’s enticing (“check out what our old high school friend does for a living now!”), feeds on your curiosity and good nature, begs you to click. A quick peek at the video, a chance to win a FREE iPad or to download a coupon, and presto, you’ve just infected your computer with malware (all the bad stuff that sends your private information to criminals and marketers). Sound like the spam email of days gone by? You’re right – spam has officially moved into the world of social media, and it’s like winning the lottery for cyber thugs.

What is Social Spam?

Nothing more than junk posts on your social media sites luring you to click on links that download malicious software onto your computer or mobile device.

Social media (especially Facebook and Twitter) are under assault by social spam. Even Facebook cautions that the social spam volume is growing more rapidly than their user base. The spam-fighting teams at both Facebook and Twitter are growing rapidly. The previous handful of special engineers has seen the inclusion of lawyers, user-operations managers, risk analysts, spam-science programmers and account-abuse specialists. Spammers are following the growing market share, exploiting our web of social relationships. Most of us are ill-prepared to defend against such spam attacks. Here’s how social spam tends to work:

  1. Malware infects your friend’s computer, smartphone or tablet, allowing the spammer to access their Facebook or Twitter account exactly as if the spammer were your friend.
  2. The spammer posts a message on your friend’s Facebook or Twitter page offering a free iPad, amazing coupons or a video you can’t ignore.
  3. You click on the link, photo, Like button (see Like-jacking below) or video and are taken to a website that requires you to click a second time to receive the coupon, video, etc. It’s this second click that kills you, as this is when you authorize the rogue site to download malware onto your computer (not a coupon or video).
  4. The malware infects your computer just like it has your friend’s and starts the process all over again using your contacts, your wall and your profile to continue the fraud.
  5. Eventually, the spammer has collected a massive database of information including email addresses, login information and valuable social relationship data that they can exploit in many ways. In the process, the malware may have given them access to other data on your computer like bank logins, personal information or sensitive files. In a highly disturbing growth of criminal activity, social malware can actually impersonate users, initiating one-on-one Facebook chat sessions without your consent.

“Like-jacking” involves convincing Facebook users to click on an image or a link that looks as if a friend has clicked the “Like” button, thereby recommending that you follow suit. If our friends Like it, why shouldn’t we. So we click and download in an almost automated response. The key is to interrupt this automatic reflex before we get stung.

Fighting social spam requires immense investments of time, which can mean lost productivity (and money). Gratefully, various company site-integrity teams watch trends in user activity to spot spam. Every day, Facebook says it blocks 200 million malicious actions, such as messages linking to malware. The company can’t prevent spam, but it’s diligently working to make it harder to create and use fake profiles.

But never count on someone else to protect what is yours. You must Own Up to your responsibility. Follow these 5 Steps to Minimize the Risks of Social Spam:

  1. If the offer in the post is too enticing, too good to be true or too bad to be real, Don’t Click.
  2. If you do click and aren’t taken directly to what you expected, make sure you Don’t Click a 2nd Time. This gives the spammer the ability to download malware to your system.
  3. Don’t let hackers gain access to your account in the first place – use strong alpha-numberic-upper-lower case passwords that are different for every site and that you change frequently.
  4. Remember, in a world where your friend’s accounts are pretty easily taken over, not all friends are who they say they are. Be judicious. If something they post is out of character, it might not be them writing the post. Call them and verify.
  5. Don’t befriend strangers. Your ego wins, but you loose.
  6. Make sure you have updated computer security: operating system patches, robust passwords, file encryption, security software, firewall and protected Wi-Fi connection.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Cyber-Bullying and Social Networking Identity Theft

, ,

With the meteoric rise in cyber-bullying, parents are desperate to find a way to shield their children. Unfortunately, most parents are far behind their child’s proficiency with technology. Many don’t text, aren’t on Facebook, and are oblivious to the many ways in which kids can taunt each other with technological ease. Although children may be quick and nimble with technology, they lack the maturity to understand its consequences.

A recent article in the New York Times on Digital Bullying (read the MSN version here) addressed these very issues and gave true and heart-wrenching accounts of how parents were left helpless at the hands of their children’s online bullies. “I’m not seeing signs that parents are getting more savvy with technology,” said Russell A. Sabella, former president of the American School Counselor Association. “They’re not taking the time and effort to educate themselves, and as a result, they’ve made it another responsibility for schools.”

Kids have a great deal of anonymity on the internet if they want it, and can easily impersonate another child or steal their identity. This modified form of identity theft (character theft, I tend to call it), allows the bully to hide behind his or her computer with no real consequences for what they are saying. A scathing remark made in passing by one child can haunt another child for the rest of their lives.

In a recent case, a young boy was taunted at school by classmates that claimed he was in turn bullying them on Facebook. He quickly became socially withdrawn until his mother looked on Facebook to see that someone with his name and picture was in fact taunting other students online. Except, of course, that it wasn’t him. Some fellow classmates had stolen his Social Networking Identity and set up a false Facebook account as if they were him. The bullies then berated other kids, attracting negative attention to the victim. The victim’s mother found out that it’s not so easy to stop this cycle.

For one thing, Facebook doesn’t make it easy to reclaim one’s identity. In the previous case, the mother had to contact police, who went through a process to subpoena both Facebook and the internet service provide to uncover the bullies’ identities. Only then were they able to shut down the account, but the damage to the victims reputation had already been done.

Some parents prefer to resolve the issue privately, by contacting the bully’s family. Although psychologists do not recommend that approach with schoolyard bullying, with cyber-bullying, a parent’s proof of cruel online exchanges can change that difficult conversation. So what do you say?

Approaching another parent can be awkward. Most parents see their children’s actions as a direct reflection of their ability to raise their child. This means they can easily become defensive and almost submissive of the actions. As quoted in the Times article, experts recommend you follow a script like:

“I need to show you what your son typed to my daughter online. He may have meant it as a joke. But my daughter was really devastated. A lot of kids type things online that they would never dream of saying in person. And it can all be easily misinterpreted.”

In most situations, the reporting parents should be willing to acknowledge that their child may have played a role in the dispute. To ease tension, suggests Dr. Englander, an expert on aggression reduction, offer the cyber-bully’s parent a face-saving explanation (like that it was probably meant as a joke). If they are willing to accept what happened, they are more likely to take action.

Parents need to be mindful that their children might be victims of cyber-bullying, and they need to be just as aware that their kids might be the cyber-bullies. Here are some steps to get you started down the right track with your kids:

  • Have short, frequent coversations over dinner about what it means to be cyber bullied
  • Establish a no-tolerance stance on your child bullying anyone, in person or on line
  • Friend your child and if possible, your child’s friends to keep tabs on the dialogue taking place. Let them know that you are interested and observant by communicating with them using social networking. If you are more fond of the stick approach, post a sticky note on your monitor (like another parent in the article did) that says “Don’t Forget That Mom Sees Everything You Do Online.”
  • Be open and honest with your child. Communicate the real issues of cyber-bullying and how in some cases this leads to very negative consequences, like suicide
  • Encourage your children to talk with you if they have any concerns about their online life
  • For more answers and background on keeping yourself and your kids safe, take a look at the Facebook Safety Survival Guide below.

Facebook Safety Survival Guide
Includes the Parents’ Guide to Online Safety

This Survival Guide is an evolving document that I started writing for my young daughters and my employees, and is an attempt to give you a snapshot of some of the safety and privacy issues as they exist right now.

Social networking, texting, instant messaging, video messaging, blogging – these are all amazing tools that our kids and employees use natively, as part of their everyday lives. In fact, they probably understand social networking better than most adults and executives. But they don’t necessarily have the life experiences to recognize the risks.

I’d like to make their online vigilance and discretion just as native, so that they learn to protect the personal information they put on the web before it becomes a problem. Social networking is immensely powerful and is here for the long run, but we must learn to harness and control it.

Tyler Clementi Doesn't Care About Cyber-Bullying Policies

,

Guest Blogger: Kathleen Keelan, Prevention Consultants, LLC

Tyler ClementiI have a hard time telling the parents of a cyber-bullied student that their school “has a policy.”  I have a hard time explaining to a child that even though they feel like their whole existence is being shattered every day, all day and all night, that their school district really does care about them.    It’s hard to explain to a cyber-bullied student and their parents that the school truly cares that they feel safe.

This I know for sure: the policy is only as good as the people who enforce it.

School officials are scrambling right now due to the “epidemic” of suicides from cyber bullying.  Law enforcement is scrambling right now to define their role in this growing phenomenon.  The National Crime Prevention Council is happy that physical bullying amongst children has declined.  However, the rate of cyber bullying is increasing at an alarming rate.  Right now the NCPS found that among teenagers, more than 43% are victims of cyber bullying.

Do you think that 50% of the kids care about a national law against cyber bullying?  I stood in front of a group of parents last night and tried to explain to them that although there is no program to teach about cyber bullying prevention in their school, there is a policy.  This I know for sure: the policy is only as good as the people who enforce it.  As one mom of a teen who was ruthlessly cyber bullied screamed at the top of her lungs at a school board meeting, “Don’t wave that cyber bullying policy in my face and tell me that is what you are doing to help my son.”

Ellen DeGeneres tearfully proclaimed on her now famous video October 3, 2010 that “Things will get better, and you should be alive to see it.”  We have got to stop hiding behind policies and help assure kids we care that they are alive to see the policies actually help those who are being cyber bullied.

Sileo: Kathleen Keelan is a dear friend of mine and an expert in this subject matter. Kathleen’s point that policy does not automatically guarantee action and even more importantly, that policy is never a replacement for action is one that I deal with every day in the corporate world. Having a policy isn’t good enough. You have to build a culture around that policy that weaves a belief system of action into the very fabric of the organization. Whether we are trying to protect data, our employees or our children, a policy without follow through is but an empty set of words. If you need help with cyber bullying in your school, please contact her on 303-521-5427 or learn more about Prevention Consultants, LLC at their website.