Posts

Certified Speaking Professional – Sileo Earns CSP from National Speakers Association

, , , ,

I love my job as a keynote speaker. To be honored as one of only 570 Certified Speaking Professionals on the planet this past month was icing on the cake, and confirmation that we’d finally made it through that which almost destroyed our family.

Just a few years ago I thought I might go to jail for crimes that someone else committed using my identity. I lost nearly everything, including my business, my reputation and lots of money. Who would have thought then that all of the pain we experienced as a family would be turned into a highly satisfying career as an author and professional keynote speaker? Every day I get to go to work with the enviable conviction of empowering people to protect their privacy from identity theft, social media exposure and human manipulation. I get to steer people and corporations away from making the significant mistakes I did. It is vastly fulfilling.

And now, after five hard years on the speaking circuit, to be awarded the CSP by such highly accomplished peers in NSA, the National Speakers Association, satisfies me beyond words. If you’ve heard the details of my story and know how much it cost my family (I was basically absent in their lives for two full years), you’ll especially love how elegantly everything has come full circle. Sophie (my daughter, and the person who woke me out of my victim-induced stupor to become an author and a speaker), whispered to my row of supporters just as I was walking across the stage, “everyone stand up when dad gets his award.”

What she might not have known was that I was accepting the certification in honor of her, in honor of all of the family and friends that held me up in tough times (a special thanks to Mary, my wife and the love of my life). I get all the benefits of the CSP, but they deserve most of the credit. As Brad Montgomery, CSP, motivational humorist and my good friend, explained it:

“Getting your CSP doesn’t guarantee more bookings (well, maybe it does). But either way, it does mean that you’ve performed at the highest speaking level for five straight years – only 1% of all speakers worldwide get one! Also, I get to wear a medal and my kids think I’m cool… for the first day… and then I’m a dork.”

 

Another close friend, Steve Spangler, CSP CPAE said “I remember attending my first NSA convention in 2000 and being blown away by the wealth of talent and expertise in one place.” Being part of that group isn’t just good for the ego, it is the honor of a lifetime. Thanks to all of you for being part of the process.

What is NSA and what does the CSP really mean?

NSA, the National Speakers Association, is the leading organization for professional speakers not only in the U.S., but in the world.  CSP is an indicator in the speaking profession that you have achieved a standard set by the leading industry authority.

The Certified Speaking Professional (CSP) designation, conferred by the National Speakers Association and the Internationl Federation for Professional Speakers, is the speaking profession’s international measure of professional platform skill.  The CSP designation is earned through demonstrating competence in a combination of standards: Professional platform skills, professional business management, professional education and professional association. For more information, visit NSAspeaker.org.

7 Steps to Secure Profitable Business Data (Part II)

, , , ,

In the first part of this article series, we discussed why it is so important to protect your business data, including the first two steps in the protection process. Once you have resolved the underlying human issues behind data theft, the remaining five steps will help you begin protecting the technological weaknesses common to many businesses.

  1. Start with the humans.
  2. Immunize against social engineering.
  3. Stop broadcasting your digital data. There are two main sources of wireless data leakage: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Both connections are constantly sniffed for unencrypted data being sent from your computer to the web.Strategy: Have a security professional configure the wireless router in your office to utilize WPA-2 encryption or better. If possible, implement MAC-specific addressing and mask your SSID. Don’t try to do this yourself. Instead, invest your money in proportion to the value of the asset you are protecting and hire a professional. While the technician is there, have him do a thorough security audit of your network. You will never be sorry for investing the additional money in cyber security.To protect your data while surfing on the road, set up wireless tethering with your mobile phone provider (Verizon, Sprint, AT&T, T-Mobile) and stop using other people’s free or fee hot spots. Using a simple program called Firesheep, data criminals can “sniff” the data you send across these free connections. Unlike most hot-spot transmissions, your mobile phone communications are encrypted and will give you Internet access from anywhere you can make a call.
  4. Eliminate the inside spy. Most businesses don’t perform a serious background check before hiring a new employee. That is short sighted, as much of the worst data theft ends up being an “inside job” where a dishonest employee siphons information out the back door when no one is looking. In the consulting work we have done with breached companies, we have discovered the number one predictor of future theft by an employee – past theft. Most employees who are dishonest now were also dishonest in the past, which is why they no longer work for their former employer.Strategy: Invest in a comprehensive background check before you hire rather than wasting multiples cleaning up after a thief steals valuable data assets. Follow up on the prospect’s references and ask for some that aren’t on the application. Investigating someone’s background will give you the knowledge necessary to let your gut-level instinct go to work. More importantly, letting your prospective hire know in advance that you will be performing a comprehensive background check will discourage dishonest applicants from going further in the process (watch the video for further details). I personally recommend CSIdentity’s SAFE product, which is a technologically superior service to other background screen services.
  5. Don’t let your mobile data walk away. In the most trusted research studies, 36-50% of all major data breach originates with the loss of a laptop or mobile computing device (smart phone, etc.). Mobility, consequently, is a double-edged sword (convenience and confidentiality); but it’s a sword that we’re probably not going to give up easily.Strategy: Utilize the security professional mentioned above to implement strong passwords, whole disk encryption and remote data-wiping capabilities. Set your screen saver to engage after 5 minutes of inactivity and check the box that requires you to enter your password upon re-entry. This will help keep unwanted users out of your system. Finally, lock this goldmine of data down when you aren’t using it. Either carry the computer on your person (making sure not to set it down in airports, cafes, conferences, etc.), store it in the hotel room safe, or lock it in an office or private room when not using it. Physical security is the most overlooked, most effective form of protection.
  6. Spend a day in your dumpster. You have probably already purchased at least one shredder to destroy sensitive documents before they are thrown out. The problem tends to be that no one in the business uses it consistently.Strategy: Take a day to pretend that you are your fiercest competitor and sort through all of the trash going out your door for sensitive documents. Do you find old invoices, credit card receipts, bank statements, customer lists, trade secrets, employee records or otherwise compromising information? It’s not uncommon to find these sources of data theft, and parading them before your staff is a great way to drive the importance of privacy home. If your employees know that you conduct occasional “dumpster audits” to see what company intelligence they are unsafely throwing away, they will think twice about failing to shred the next document. In addition to properly disposing of new documents, make sure that you hire a reputable on-site shredding company to dispose of the banker’s boxes full of document archives you house in a back room somewhere within your offices.
  7. Anticipate the clouds. Cloud computing (when you store your data on other people’s servers), is quickly becoming a major threat to the security of organizational data. Whether an employee is posting sensitive corporate info on their Facebook page (which Facebook has the right to distribute as they see fit) or you are storing customer data in a poorly protected, noncompliant server farm, you will ultimately be held responsible when that data is breached.Strategy: Spend a few minutes evaluating your business’s use of cloud computing by asking these questions: Do you understand the cloud service provider’s privacy policy (e.g. that the government reserves the right to subpoena your Gmails for use in a court of law)? Do you agree to transfer ownership or control of rights in any way when you accept the provider’s terms of service (which you do every time you log into the service)? What happens if the cloud provider (Salesforce.com, Google Apps) goes out of business or is bought out? Is your data stored locally, or in another country that would be interested in stealing your secrets (China, Iran, Russia)? Are you violating any compliance laws by hosting customer data on servers that you don’t own, and ultimately, don’t control? If you are bound by HIPAA, SOX, GLB, Red Flags or other forms of legislation, you might be pushing the edges of compliance.

By taking these simple steps, you will begin starving data thieves of the information they literally take to the bank. This is a cost-effective, incremental process of making your business a less attractive target. But it doesn’t start working until you do.

John Sileo, the award-winning author of Privacy Means Profit, delivers keynote speeches on identity theft, data security, social media exposure and weapons of influence. His clients include the Department of Defense, Pfizer, Homeland Security, Blue Cross, the FDIC and hundreds of corporations, organizations and associations of all sizes. Learn more at www.ThinkLikeASpy.com.

 

7 Steps to Secure Profitable Business Data (Part I)

, , , , ,

Everybody wants your data. Why? Because it’s profitable, it’s relatively easy to access and the resulting crime is almost impossible to trace. Take, for example, Sony PlayStation Network, Citigroup, Epsilon, RSA, Lockheed and several other businesses that have watched helplessly in the past months as more than 100 million customer records have been breached, ringing up billions in recovery costs and reputation damage. You have so much to lose.

To scammers, your employees’ Facebook profiles are like a user’s manual about how to manipulate their trust and steal your intellectual property. To competitors, your business is one poorly secured smartphone from handing over the recipe to your secret sauce. And to the data spies sitting near you at Starbucks, you are one unencrypted wireless connection away from wishing you had taken the steps in this two-part article.

Every business is under assault by forces that want access to customer databases, employee records, intellectual property, and ultimately, your bottom line. Research is screaming at us—more than 80% of businesses surveyed have already experienced at least one breach and have no idea of how to stop a repeat performance. Combine this with the average cost to repair data loss, a stunning $7.2 million per incident (both statistics according to the Ponemon Institute), and you have a profit-driven mandate to change the way you protect information inside of your organization. “But the risk inside of my business,” you say, “would be no where near that costly.” Let’s do the math.

A Quick and Dirty Way to Calculate Your Business’s Data Risk

Here is a quick ROI formula for your risk: Add up the total number of customer, employee and vendor database records you collect that contain any of the following pieces of information – name, address, email, credit card number, SSN, Tax ID Number, phone number, address, PIN – and multiply that number by $250 (a conservative average of the per record cost of lost data). So, if you have identifying information on 10,000 individuals, your out-of-pocket expenses (breach recovery, notification, lawsuits, etc.) are estimated at $2.5 million even if you don’t lose a SSN or TIN. And that cost doesn’t necessarily factor in the public relations and stock value damage done when you make headlines in the papers.

In an economy where you already stretch every resource to the limit, you need to do more with less. Certain solutions have a higher return on investment. Start with these 7 Steps to Secure Profitable Business Data.

  1. Start with the humans. One of the costliest data security mistakes I see companies make is to only approach data privacy from the perspective of the company. But this ignores a crucial reality: All privacy is personal. In other words, no one in your organization will care about data security, privacy policies, intellectual property protection or data breach until they understand what it has to do with them.Strategy: Give your people the tools to protect themselves personally from identity theft. In addition to showing them that you care (a good employee retention strategy), you are developing a privacy language and framework that can be easily adapted to business. Once your people understand opting out, encryption and identity monitoring from a personal standpoint, it’s a short leap to apply that to your customer databases, physical documents and intellectual property. Start with the personal and expand into the professional. It’s like allowing people to put on their own oxygen masks before taking responsibility for those next to them. For an example of how the Department of Homeland Security applied this strategy, take a look at the short video.
  2. Immunize against social engineering. The root cause of most data loss is not technology; it’s a human being who makes a costly miscalculation out of fear, obligation, confusion, bribery or sense of urgency. Social engineering is the craft of manipulating information out of humans by pushing buttons that elicit automatic responses. Data thieves push these buttons for highly profitable ends, including spear-phishing, social networking fraud, unauthorized building access, and computer hacking.Strategy: Immunize your workforce against social engineering. First, when asked for information, they should immediately apply a healthy dose of professional skepticism. Train them to automatically assume that the requestor is a spy of some sort. Second, teach them to take control of the situation. If they didn’t initiate the transfer of information (e.g., someone official approaches them for login credentials), have them stop and think before they share. Finally, during this moment of hesitation, empower them to ask a series of aggressive questions aimed at exposing fraud. When we do this type of training, whether it is for the Department of Defense, a Fortune 50 or a small business, the techniques are the same. You have to make a game out of it, make it interesting, interactive and fun. That’s how people learn. For an example of fraud training in action, visit www.Sileo.com/fun-fraud.

You will notice that the first 2 Steps have nothing to do with technology or what you might traditionally associate with data security. They have everything to do with human behavior. Failing to begin with human factor, with core motivations and risky habits, will almost certainly guarantee that your privacy initiatives will fail. You can’t simply force a regime of privacy on your company. You need to build a coalition; you need to instill a culture of privacy, one security brick at a time.

Once you have acknowledged the supreme importance of obtaining buy-in from your employees and training them as people first, data handlers second, then you can move on to the next 5 Steps to Secure Profitable Business Data.

John Sileo, the award-winning author of Privacy Means Profit, delivers keynote speeches on identity theft, data security, social media exposure and weapons of influence. His clients include the Department of Defense, Pfizer, Homeland Security, Blue Cross, the FDIC and hundreds of corporations, organizations and associations of all sizes. Learn more at www.ThinkLikeASpy.com.

Motivational Keynote Speech

, , , ,

After a financial conference speech I gave this afternoon on controlling social media data exposure, an executive asked me how long I’d been giving motivational keynote speeches.

My jaw dropped at the reference… “Motivational keynote speeches?”, I asked. “I’ve never really thought of myself as a motivational speaker. I’m more of a content speaker who focuses your organization on playing information offense… using and protecting information to your profitable advantage.” Yeah, I know, sounds like an elevator speech. It was.

The executive then explained his remarks in a very thoughtful way. He said that his organization had stopped hiring traditional “fluffy motivational speakers” when the economy went south, and now only hires content-rich speakers who motivate the audience to take action in a very specific area of need. If he and the rest of the audience came out of the speech ready to take action and clear on what steps to take next, then they referred the speech as motivational. “Every speaker we hire had better be motivational,” he said, “but that’s a given. We bring in a keynoter for their content, and they’d better bring their inspirational A-game as part of the package.”

His point is a good one. Motivation is not about giving individuals in the audience the motivation to do everything they need to do – work smarter, sell more, exercise, be a better person, give back to their community, live with integrity, etc., it’s about getting them to do what you need them to do. The average corporation doesn’t have the kind of resources necessary to take broadly motivational brush strokes (self-help), and even the best speakers can’t accomplish so much change in just an hour. The end game isn’t to make an audience of generically motivated attendees, but to motivate them to take very specific steps toward a worthy cause (and one that you have defined). In my case, the cause was to help audience members understand some of the risks and rewards inherent in social networking technology, mobile data access and cloud computing. That they considered my speech to be motivational is gravy; that they learned something and have concrete next steps to take when the conference is over – well, that’s just my job.

Watch John Sileo in action (above), listen to audience testimonials (left), learn more about content-rich motivational keynote speeches, or read about his personal experiences with data theft and how they lead him down the keynote speaking path and into the conference rooms of the Department of Defense, FDIC, Pfizer Homeland Security and others.