Posts

Are You Begging to Get Fired?

, , , ,

We’ve all done it before – left the table to get a coffee refill or go to the bathroom and left our laptop, iPad, smartphone or purse sitting on the table. We justify it by telling ourselves that we are in a friendly place and will only be gone a second. Our tendency is to blame technology for information theft, but the heart of the problem is almost always a human error, like leaving our devices unattended. Realizing that carelessness is the source of most laptop theft makes it a fairly easy problem to solve.

My office is directly above a Starbucks, so I spend way too much time there. And EVERY time I’m there, I watch someone head off to the restroom (see video) or refill their coffee and leave their laptop, iPad, iPhone, briefcase, purse, client files and just about everything else lying around on their table like a self-service gadget buffet for criminals and opportunists alike.

I trust deeply in the honesty and integrity of the people I know well, but if you are trusting your Starbucks crowd with this amazingly valuable data, you are going to get a steaming hot lap full of trouble. Data thieves target places like this because it is an upscale, trusting clientele. Just ask Ben Bernake, Chairman of the Federal Reserve, whose wife got taken at a Starbucks.

Just about 50% of major corporate data breaches are caused by the theft of a laptop computer. They don’t want the computer, they want the data on it, and it can cost your business millions. The average breach recovery cost, according to the highly respected Ponemon Institute, is $6.75 million dollars.

It’s one thing if you leave a personal computer and it gets stolen – you aren’t harming anyone other than you and your family. But when it’s a company computer, or has work files on it, you are putting your employer at risk for lawsuits, government compliance fines, reputation damage and months of headaches.

The answer is simple: train your employees first on personal responsibility with their data-bearing gadgets. If they understand the selfish reasons not to abandon their laptop or iPad in a cafe (the data on it is worth a mint, they could lose their job, etc.), the chances of them applying what they have learned strengthens. Additional points of training can include:

  • Proper usage guidelines including what data can be loaded to the laptop and what cannot.
  • Good password habits and a strong login password that is shared with no one.
  • Proper use of WiFi (not the free hotspots at the cafe, airport or hotel)
  • Tethering, remote tracking and remote wiping techniques to minimize risk.
  • Encryption, especially simple PDF password encryption to email private files.
  • Proper physical security while traveling with the laptop.

If you are going to expose yourself and your company while getting another cup of coffee, you might as well apply for a job as a Barista while you are there. Don’t endanger the health of your company (or the safety of your own personal data) for the sake of convenience. Next time, you might be the one caught on video.

Award-winning author and identity theft keynote speaker John Sileo trains executives and employees to respect and protect the data that makes their company profitable. His clients included the Department of Defense, Homeland Security, FDIC, Pfizer, Blue Cross and organizations of all sizes. Contact him directly on 800.258.8076 or watch him deliver an Identity Theft Speech.

Cyber-Bullying and Social Networking Identity Theft

, ,

With the meteoric rise in cyber-bullying, parents are desperate to find a way to shield their children. Unfortunately, most parents are far behind their child’s proficiency with technology. Many don’t text, aren’t on Facebook, and are oblivious to the many ways in which kids can taunt each other with technological ease. Although children may be quick and nimble with technology, they lack the maturity to understand its consequences.

A recent article in the New York Times on Digital Bullying (read the MSN version here) addressed these very issues and gave true and heart-wrenching accounts of how parents were left helpless at the hands of their children’s online bullies. “I’m not seeing signs that parents are getting more savvy with technology,” said Russell A. Sabella, former president of the American School Counselor Association. “They’re not taking the time and effort to educate themselves, and as a result, they’ve made it another responsibility for schools.”

Kids have a great deal of anonymity on the internet if they want it, and can easily impersonate another child or steal their identity. This modified form of identity theft (character theft, I tend to call it), allows the bully to hide behind his or her computer with no real consequences for what they are saying. A scathing remark made in passing by one child can haunt another child for the rest of their lives.

In a recent case, a young boy was taunted at school by classmates that claimed he was in turn bullying them on Facebook. He quickly became socially withdrawn until his mother looked on Facebook to see that someone with his name and picture was in fact taunting other students online. Except, of course, that it wasn’t him. Some fellow classmates had stolen his Social Networking Identity and set up a false Facebook account as if they were him. The bullies then berated other kids, attracting negative attention to the victim. The victim’s mother found out that it’s not so easy to stop this cycle.

For one thing, Facebook doesn’t make it easy to reclaim one’s identity. In the previous case, the mother had to contact police, who went through a process to subpoena both Facebook and the internet service provide to uncover the bullies’ identities. Only then were they able to shut down the account, but the damage to the victims reputation had already been done.

Some parents prefer to resolve the issue privately, by contacting the bully’s family. Although psychologists do not recommend that approach with schoolyard bullying, with cyber-bullying, a parent’s proof of cruel online exchanges can change that difficult conversation. So what do you say?

Approaching another parent can be awkward. Most parents see their children’s actions as a direct reflection of their ability to raise their child. This means they can easily become defensive and almost submissive of the actions. As quoted in the Times article, experts recommend you follow a script like:

“I need to show you what your son typed to my daughter online. He may have meant it as a joke. But my daughter was really devastated. A lot of kids type things online that they would never dream of saying in person. And it can all be easily misinterpreted.”

In most situations, the reporting parents should be willing to acknowledge that their child may have played a role in the dispute. To ease tension, suggests Dr. Englander, an expert on aggression reduction, offer the cyber-bully’s parent a face-saving explanation (like that it was probably meant as a joke). If they are willing to accept what happened, they are more likely to take action.

Parents need to be mindful that their children might be victims of cyber-bullying, and they need to be just as aware that their kids might be the cyber-bullies. Here are some steps to get you started down the right track with your kids:

  • Have short, frequent coversations over dinner about what it means to be cyber bullied
  • Establish a no-tolerance stance on your child bullying anyone, in person or on line
  • Friend your child and if possible, your child’s friends to keep tabs on the dialogue taking place. Let them know that you are interested and observant by communicating with them using social networking. If you are more fond of the stick approach, post a sticky note on your monitor (like another parent in the article did) that says “Don’t Forget That Mom Sees Everything You Do Online.”
  • Be open and honest with your child. Communicate the real issues of cyber-bullying and how in some cases this leads to very negative consequences, like suicide
  • Encourage your children to talk with you if they have any concerns about their online life
  • For more answers and background on keeping yourself and your kids safe, take a look at the Facebook Safety Survival Guide below.

Facebook Safety Survival Guide
Includes the Parents’ Guide to Online Safety

This Survival Guide is an evolving document that I started writing for my young daughters and my employees, and is an attempt to give you a snapshot of some of the safety and privacy issues as they exist right now.

Social networking, texting, instant messaging, video messaging, blogging – these are all amazing tools that our kids and employees use natively, as part of their everyday lives. In fact, they probably understand social networking better than most adults and executives. But they don’t necessarily have the life experiences to recognize the risks.

I’d like to make their online vigilance and discretion just as native, so that they learn to protect the personal information they put on the web before it becomes a problem. Social networking is immensely powerful and is here for the long run, but we must learn to harness and control it.

Electronic Pickpocketing Hype Banks on Your Fear!

, ,

Electronic Pickpocketing is Possible, but Over-Hyped.

There is a new wave of hi-tech identity theft that allows thieves to steal your credit card information using inexpensive technology to intercept credit card (and sometimes even passport) information without even touching your wallet. Watch the video to the left or read our Electronic Pickpocket post to learn the basics.

And make sure you pay attention to the fact that the person they are interviewing for the news piece in the video MAKES MONEY FROM YOUR FEAR OF ELECTRONIC PICKPOCKETING! The gentleman they interview runs a company that makes shields for your credit cards and passports to stop electronic pickpocketing. I’m not saying that the products don’t work or aren’t somewhat valid; I’m saying that you have to take this gentleman’s perspective into consideration before buying the hype. He benefits from your fear, so do a little more research before you go gettin’ all paranoid.

The amount of hype this old form of theft is receiving (yes, this has been possible for years, despite all of the attention it’s getting now) is a bit overblown. Here are just a few reasons why:

  • The person being interviewed in the video benefits from your fear of electronic pickpocketing.
  • When a thief steals this information from you, they generally get your credit card number, expiration date and quite possibly your name. They DO NOT get your 3-digit security code or address. This is the same amount of information that the average waiter or retail clerk gets simply by looking at your card.
  • Because they don’t get your 3-digit security code or address, it is much more difficult for them to use the credit card number to make purchases on the internet, as most sites require some form of address verification or 3-digit security confirmation.
  • Only a fraction of cards utilize the RFID/Contactless Swipe technology, lowering your chances significantly.
  • As long as you catch your card being used fraudulently (see the protection suggestions below), you will not be held liable for the losses, the business that accepted the illegal card will. Even if your information is used to make a new card, if you are monitoring your identity properly, your out of pocket will be minimal.
  • Most cards only transmit 2-3 inches, which means that someone has to get a laptop-sized bag within two inches of your purse or wallet. This isn’t impossible, but it takes a fair amount of time and skill (notice how the news report doesn’t show them doing it without asking the people first). In most cases, this amount of work is too time intensive for the identity thief – it’s more lucrative to hack into a system that contains hundreds of thousands of credit card numbers (and other information) all in one place.
  • Fraud departments in credit card companies have come a long way. Most credit card companies are able to detect fraud on your card faster that you can. More secure credit card companies will call to confirm suspicious purchases or purchasing patterns.
  • If you want to get technical, which you probably don’t, credit card theft isn’t actually identity theft. They don’t have access to the personal items they need to actually steal your identity.

But it can happen, and it’s worth preventing. Which is simple:

  • First, check to see if you even have credit cards with the ability to beam your information to an RFID receiver (look for the circled symbol in the photo to the right). If not, stop worrying and just monitor any future cards you receive.
  • Second there are sleeves and wallets built to protect your cards and make them unable to scan and be lifted. Several companies, like Checks Unlimited make RFID wallets & products that shield the electromagnetic energy necessary to power and communicate with contactless smart cards, passports, and enhanced drivers licenses.
  • Next, set up account alerts and monitor your statements to cover yourself in the small chance that it happens to you. That way if your credit card is compromised, you can detect it immediately and take the necessary steps to contact the bank, report the fraud, and cancel the card.
  • If you are worried about having a credit card that can transmit your personal information, call your credit card company and ask them to send you a card that doesn’t transmit or have RFID capabilities (you know it transmits if it has the small broadcast or sonar icon circled to the left). Get rid of the source of the fraud!
  • Never leave your purse or wallet in an easy to scan place. Get rid of all of the excess credit cards that you don’t use and lower the chances that one of them will be compromised.
  • For added protection, especially for your Passport (which carries a much higher volume of very sensitive information), consider purchasing a sleeve or shield that makes RFID scanning less likely.  Checks Unlimited offers a wide variety of these types of RFID blocking sleeves & cases.”

But whatever you do, don’t buy into the hype and paranoia just because a video has gone viral on YouTube.

John Sileo is the award-winning author of two identity theft prevention books, Stolen Lives and Privacy Means Profit (Wiley, August 2010) and America’s top Identity Theft Speaker. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.