Posts

Will breach-proof internet eliminate need for data security training?

Although there is a great deal of excitement over the concept of a breach-proof internet, for now Data security training is the only foolproof protection businesses have against the Syrian Electronic Army, Chinese hackers and a host of other internet-based attackers.

Such attackers know that employees tend to be the first line of defense against hackers targeting businesses and they’ve been succesfully breaching sensitive data—financial records, trade secrets and personal information — in more and more high profile cases.

But what if the internet was “hacker-proof”?

Researchers at Los Alamos National Labs in New Mexico believe they have found a way to use quantum physics to cloak internet communications.  Businessweek explains that this method, which researchers call “network-centric quantum communications,” uses “digital keys, generated by a truly random set of numbers, theoretically [leaving] hackers with no way to figure out the key’s internal coding.”

As you might imagine, it’s a complicated process, and one that is not without its flaws:

  • Cost: The going rate for a quantum-secured, impenetrable defense plan for just one business is “tens of thousands of euros” per year. That’s considerably higher than your average corporate VPN or intranet service.
  • Scope: Quantum messages can only be sent between two parties. That means no “reply all” option or sharing folders of information with multiple recipients.
  • Distance: Has your email service provider ever stopped you from sending a message to a recipient more than 100 miles away? Quantum messages may be hack-proof, but they can only be sent about that distance before parts of the transmission fade away.

These aren’t just minor hang-ups. We’re accustomed to our online interactions being free (or at least limited to the cost of Wi-Fi), with no real limitations on the size or locations of the audiences with which we interact.

The internet is like the modern U.S. highway system. It’s (relatively) free to use and you can go wherever the open road takes you. Using the quantum-powered internet is the equivalent of riding a streetcar or trolley everyday after driving your whole life. There’s less risk of getting into an accident than when you get behind the wheel of your own car, but the tracks limit where you’re able to go and how fast you can get there.

Until a truly hack-proof, efficient internet exists, data security training is a drivers’ education course for those who need a refresher course on how to keep their personal and corporate information safe.

John Sileo is a data security training provider and in-demand speaker on digital reputation, identity theft and online privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Online identity nightmare: will Twitter meet the challenge? Will we?

The jaw-dropping attack on the Associated Press last week may finally cause Twitter to start safeguarding our online identity – and it may even jolt us out of our apathy.

We’ve seen serious Twitter breaches for months. Hackers have damaged the digital reputations of major corporations and cultural groups. But Tuesday, the whole world was jolted when hackers falsely sent an AP tweet reporting that there had been two explosions at the White House. Within seconds, investors unloaded $139 billion worth of stocks, as reported by AP. Not all those investors were human; many were computers on autopilot doing high-speed trading. But the consequences are just as real and far reaching.

The ease with which organizations like the Syrian Electronic Army or LulzSec can infiltrate a powerhouse like Associated Press alerts us as to how vulnerable our digital footprint is. The universality of this threat is very real. Don’t be lulled into complacency because you think you’re not as attractive a target as AP. Hackers will continue to test the limits of our online identity security, especially on a platform like Twitter where messages can easily be deceptive or misinterpreted. Anyone with an internet connection has something to lose.

Shortly after the AP breach, better user-authentication was demanded by users and Twitter finally took notice, declaring it would make passwords stronger. Twitter announced it will soon implement the two-step process of authentication similar to that used by Google and Facebook. I doubt anyone today is skeptical about how much damage can be caused by a mere 140 characters.

Another security measure is available to ensure that a user is the only one logging into their account. If an unregistered device (e.g., not your home computer) attempts to gain access, a verification code can be sent to a registered device like a smartphone, reducing the risk of an unauthorized user.

Twitter is not alone in protecting our online identity

Effective security checks don’t let us humans off the hook. All the security checks can swoosh down the drain with one click on a bad link. Though we’ve been hearing it since the days of AOL and dial-up, if you don’t recognize the sender or you feel even a slight suspicion of the link, don’t click on it.

Your online identity, or digital footprint, is a composite of everything you watch, post and link to. When it’s compromised, how you are seen by others can be forever changed. Twitter’s response to the breach acknowledges that national security is at stake and signals a desire to encourage security for its users. It’s your responsibility to stay alert and take every possible precaution to protect your digital footprint.

John Sileo is an online identity expert and keynote speaker on digital security, reputation protection and social media privacy. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Once you go hack, you’ll never go back: Facebook scheme wreaking havoc on digital reputation

Facebook identity thefts are nothing new. The social media site has been the vehicle for all sorts of fake links and bots in years past. But a new trick that could threaten your digital reputation is proving particularly insidious. 

If you get a message to “Experience Facebook Black” sometime soon, you’d be advised to turn it down, unless you’re OK with your digital reputation being hijacked. This latest hack could spread malicious software without you or your Facebook friends even knowing until it’s too late.

The scam allegedly works by offering users the chance to change the color of the Facebook background to black – and then asks for users to respond to a series of questions by giving out information. Of course, the promised color conversion is a lie: play into the hands of this fraud and you’ll just wind up as a means of spreading it further, with your information used to make a dummy page to trick your connections.

It appears to be yet another example of an attack that exploits Javascript, and it has proven pervasive enough to get attention from Google, seeing as its browser Chrome can also be affected.

Social media exposure is a larger problem that demands the focus of big companies and anti-spyware professionals. But much of the prevention boils down to basic user habits. Specifically: don’t trust suspicious links, don’t click on something you don’t trust, and don’t sign up for apps that direct you to an outside source. Your information can make other people money, and if you’ve put it on the web, then it’s ripe for the taking. Making use of an online reputation consultant can help companies learn how to safeguard their personal data – before someone else paints it black.

John Sileo is an online reputation consultant and keynote speaker on identity, privacy and digital reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

InsightOne20 Small Business Conference in Los Angeles

Those interested in how to prevent identity theft can attend the InsightOne20 conference on March 16, where John Sileo will be presenting along with Seth Godin. Guests can register for the event on the InsightOne20 website.

The presentation, entitled “Spies, Hackers and Facebook Attackers: Bulletproofing Your Privacy & Profits in the Digital Age,” will contain information and instruction on how best to avoid the pitfalls of digital privacy and social media. The conference is hosted by City National Bank, and is considered a premiere event for small businesses. It will take place at the LA Convention Center.

Businesses of all sizes have many risks to consider when it comes to the stakes of modern commerce. Social media and even basic online browsing bring with them a host of dangers that concern your digital reputation. But the risk is especially palpable for startups and growing companies that may not yet have a strong security network in place. All data is valuable, and this presentation will seek to impart some wisdom about the best way to keep your information secure while promoting healthy online habits.

The internet isn’t going away, and there’s no use denying the importance social media and online privacy has in both our personal and professional lives. That’s why it’s now even more necessary to take the proper steps to control your digital reputation then ever before. The recent glut of attacks on corporate titans has made this a crucial part of the national conversation – don’t be left out of the loop.

Guests can register for the event on the InsightOne20 website.

John Sileo is a digital reputation expert and keynote speaker on privacy, identity and social media. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business. 

CEOs taking notice of online privacy threats?

Threats to online security have been coming thick and fast. But a new study shows that CEO's may finally be taking notice. Is that enough?

If there's an upside to the recent rash of hacks and digital subterfuge, it may be that businesses are beginning to see the ugly reality of online privacy exposure. According to the Wall Street Journal, a study by analysts at AIG recently showed that more executives are concerned about breaches than harm to their property. Eighty-five percent of executives polled placed more emphasis on their information and digital reputation than their physical holdings. 

Awareness is one thing, but are these executives putting their money where their mouth is?

It appears so. Studies show that there has been a corresponding increase in the amount of money recently spent by retail companies on cyber security measures and experienced anti-fraud experts. It's remarkable what a little bad press (hacking of the New York Times, Wall Street Journal, Twitter, Evernote) will do to motivate previously complacent companies.

As precious as your material property may be, it's not being targeted at all times like your data, which is under automated 24/7 attacks by hackers in their pajamas. Breaking into a house carries a great deal of risk, but hacking your email or bank account can be done from anywhere, anonymously, and with little chance of being caught. Unlike burglars, the cyber thieves that steal your personal information aren't very likely to leave behind a trail.

While it's good that executives appear to be getting the message, there's no substitute for proper cyber security training. Behind all of the technology and at the source of every data breach is a human being (generally, a poorly trained human being). Security isn't a department, it's a system of beliefs that must be instilled in your people. And when those people take protecting your data as seriously as they do their homes, then you've made progress.

John Sileo is a cyber security expert and keynote speaker on privacy, identity and reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Jeep jacked and Burger King busted as company Twitter feeds get hacked

So far, 2013 has been the Year of the Hack, as the past few weeks have proven positively lousy with big-name security breaches. 

Social networks, news outlets, and now…jeeps and fast food? That’s right, recent events have seen two prominent businesses get their Twitter accounts hacked, and worse. Not only did identity pirates shanghai the feeds (and therefore the reputations) of Burger King and Jeep, they used this illegal access to send embarrassing and scandalous messages to their followers.

Last Monday, @BurgerKing began tweeting that it had been sold to McDonalds, changing its image to a golden arches logo and posting ridiculous, wildly provocative comments about rappers and mad cow disease. The same thing happened to Jeep the next day, when its account claimed it had been sold to Cadillac and that its CEO had been fired for doing drugs.

The incidents had huge and bizarre repercussions. Many users tweeted quips about how hackers “had it their way” with the fast food giant. Actually, if the plan was to send people away from the burger chain, it backfired: Burger King now has 30,000 new followers and tons of media attention. In fact, soon after MTV and BET actually pretended to have been hacked, apparently just for the publicity.

Burger King’s well-managed response is a fantastic example of a corporate character trait I call repetitional jujitsu – using negative digital events to your competitive advantage. If you think that BK’s response was accidental, or casual, think again.

Despite the silver lining for the company, this is an alarming series of events. It may seem funny now, but will you be laughing when strangers start using your digital reputation for a prank?  

In response to this, Twitter is determined to make its system more secure by implementing use of the email authentication system DMARC, which will hopefully limit hackers from using false emails to gain private information. While this will help, only time will tell how much difference it actually makes.

It may seem trifling, but your digital reputation is vital to how you’re perceived in the offline world. Proper social media risk management is the key to combating such attacks, and its best to take it to heart before someone makes you the next big online joke.

John Sileo is a social media reputation expert and keynote speaker on online identity and risk management. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business. 

Social Media Privacy Can Sabotage Your Digital Reputation

Your social media privacy, if ignored, could can leave your digital reputation on life support.

Everyone from CEOs and company founders to part-time employees leave their own digital footprints on social media platforms, and how they comport themselves doesn’t always stay as private as it might seem. That’s why it’s important to think carefully about exactly what information you’re putting out there.  Even a popular site like OkCupid.com, which prides itself on its smart, statistic-driven design, temporarily made its users’ information public through a security glitch last month. 

The glitch was in the company’s “Crazy Blind Date” app, which normally only reveals its members’ first names, locations, sexual preferences and a scrambled photo. Although it lasted less than a day and there were reportedly no instances of data being stolen, users found their information at risk and out of their control.  

Mindlessly using social media of any kind can be a minefield, and you need to know where to step so it doesn’t blow up in your face.  There’s a reason why professionals make the effort to keep their personal and business lives separate, and breaches like this could permanently impact one’s digital reputation. Here are a few ways to avoid identity theft, maximize your safety and protect your business while using such Web services:

Don’t post sensitive information on your profile page. This seems like a no-brainer, but remember that anything you post could potentially be accessed by an unsavory party. Also, be careful not to give out any personal details to people you don’t trust. Keeping your cards close to your vest will help ensure you don’t lose it all.

Do your research before signing up: make sure you choose online service providers with high security standards and be wary of any site that charges you for “premium access.”

John Sileo is an online privacy expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.

Digital Reputations Are Quickly Becoming Currency in the Business World

Are we entering an age where one’s digital reputation is a form of career currency – or are we already there?

That is the subject of an article in Forbes last month that gets some things right and others wrong. It absolutely seems like online histories and reputations could become more important than resumes, portfolios and credit scores.

Our digital footprints are already considered by others when determining if they want to hire or do business with us. And many people don’t even have a traditional resume anymore, but have substituted it with a LinkedIn profile.

Forbes goes through a handful of questions and offers its own answers on the topic. Yes, everything we do on the Web, from Facebook to Twitter to LinkedIn, is becoming more and more connected, meaning that they influence one another as well as how others perceive us. But, there are a few things that the article misses the mark on.

For example, it says “use only the most secure sites for online transactions; and put all settings on the most restrictive possible.” It goes on to add that certain information will likely still seep out for companies to grab and use to target ads or other initiatives at you. But look at the holes in what the article says.

How do you know if a site qualifies as secure before conducting online transactions? And if a social media or other online platform has horrendous privacy settings, how does setting them to “the most restrictive possible” do you any good?

We don’t need generic rules to follow. Instead, we must cultivate a better understanding of internet privacy and online reputation management, so that we can take the steps necessary to protect ourselves. This doesn’t just apply to individuals, but businesses as well. Just like employers evaluate current and prospective employees through the lens of their digital reputations, so do consumers judge companies from which they might purchase goods and services.

John Sileo is an online privacy expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.

Employee Live-Tweets Her Firing From Company Account (Ouch)

Let’s start with a tip today. If you fire your company’s social media manager, you might want to disable their access to the business’ official Twitter account first – and every other social media platform, too.

British company HMV learned that lesson the hard way when an employee live-tweeted her firing. Here are some of the tweets she sent out from the company’s Twitter handle before her access was shut off:

“We’re tweeting live from HR where we’re all being fired! Exciting!!!”
“There are over 60 of us being fired at once! Mass execution of loyal employees who love the brand. #hmvXFactorFiring”

In another amusing twist – amusing at least to everyone but HMV management – the employee tweeted that she overheard the company’s marketing director ask “How do I shut down Twitter?”.

While not every business executive is a social media expert, this situation underscores how dangerous a lack of appreciation for the power of the internet and social media can be. When a police officer is given a sidearm, it’s understood that he or she has received the proper training and will not literally shoot themselves in the foot. Business leaders, however, shoot themselves in the foot all the time when it comes to social media risk management.

The ultimate goal should be to part ways with employees on good terms, but unfortunately, that is not always possible. In either scenario, whether an individual chooses to use personal online accounts or hijack company ones, businesses must be prepared to actively manage their digital reputations. But, more than that, this should be an ongoing focus for companies, not just one that pops up whenever something negative happens.

John Sileo is a digital reputation expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.

Maintaining Privacy While Living in a Digital Fishbowl

,

“When you put something out there, anyone can see it – from a future job interviewer to an internet creep.”

This was what the title character on the ABC drama “Castle” said to his daughter in a recent episode upon discovering a video blog in which she was sharing personal details about her life. Richard Castle, played by actor Nathan Fillion, was distraught over his 18-year-old daughter’s over-sharing, worried that any number of miscreants could use details she posts online to do her harm.

When he explained this to her and added that he didn’t want something she posted on a whim to haunt her years later, she showed a fractured appreciation of the topic of online privacy.

“My generation grew up in a digital fishbowl,” she said. “No matter how careful we are stuff will get out there. Friends will tag me in photos, inevitably doing something stupid. Why should that define me?”

Yes, she did indeed grow up in a digital fishbowl. However, acknowledging that fact and then throwing her hands in the air and saying there’s nothing she can do about it is a cop out. There are a number of things one can do to safeguard their digital reputation. For starters, read the terms and conditions of online services and websites you use and make sure you spend enough time customizing the privacy settings (60 minutes per site is a good rule of thumb).

While Castle’s mother points out that he was wild in his day, he correctly responds that his day is not today. There was no Facebook or Twitter 20 years ago. Both older and younger generations must accept responsibility for their online reputation management.

For parents, it’s about protecting their children. But, for business owners, it’s about safeguarding an enterprise they’ve worked their whole lives to build. Employees are a reflection on the companies they work for, and when their digital reputations are tarnished, that can and likely will come back to haunt the business.

When we put something out there on the internet, it’s out there. Putting the genie back in the bottle afterward is no simple task.

John Sileo is an online privacy expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.