Posts

Protect Your Packages this Holiday Season!

, ,

Almost 20 billion packages will be delivered through the mail this holiday season. Even at $5 per package, that’s more than $100 Billion in value going through the mail–a scale too large and tempting for criminals to ignore.

Why do thieves target us during the holidays? In addition to the volume and value of holiday mail, criminals are taking advantage of the perfect winter storm:

  • Trucks are overloaded, mail & UPS carriers are overworked and shoppers are overwhelmed, which makes theft easy and attractive
  • Thieves take advantage not just of our good nature during the holidays, but of how distracted we are
  • Criminals see our generosity of giving as a goldmine waiting to be exploited

But picking packages off of your doorstep isn’t the only type of crime that skyrockets during December. Thieves don’t just want to steal the gifts inside your packages, they want the identity information that goes along with them: credit card numbers, bank accounts, invoices, even the checks that grandma sends in a holiday card. Check washers want to soak your checks in acetone, erase the Pay To field and replacing it with the word CASH.

How do we protect our mail and packages during the holidays, or any day?

  • Install a locking mailbox at your home and retrieve your mail early in the day, before criminals have a chance to steal it
  • Get a PO box during heavy mailing times and use that address for packages, sensitive documents or payments
  • Instead of putting outbound packages in your mailbox, drop them directly at the post office. Even the blue USPS boxes are commonly emptied by thieves at night.
  • Tell Grandma to stop sending cash! It’s too easy to steal and impossible to trace.
  • If you must send a physical payment through the mail, use high security checks like those provided by Deluxe.
  • Use UPS or FedEx to ship packages so that you can track their progress, insure the contents and require a signature at the other end.
  • If you generally aren’t at home when packages are delivered, have them shipped to your work so that they don’t sit on your porch for hours.
  • Check out our 12 Days to a Safe Christmas for more tips on protecting yourself against cyber crime, party crashers and Facebook stalkers during the season.

Take these simple tips when sending gifts and cards and you won’t lose your valuable data and goods to the identity theft Grinches.

 

I Left My Credit Card @ The Restaurant, Now What?! – Privacy Project Episode #8

, ,

So I’m out to dinner with a professional speaker whose name I’ll drop so that you’ll be impressed. Larry Winget. Larry is the Pitbull of Personal Development and he’ll probably kill me for not putting a trademark after that title, because he owns it. If you have somebody in your life (kid, employee, boss) that doesn’t take responsibility for the life they lead and the work they’re supposed to do, Larry’s your man. Google his name and find out, or go to LarryWinget.com.

But back to my story. I treated Larry to dinner in Phoenix because I owe him a thousand meals for the coaching he gives me and we’re leaving the table when his wife (who is much nicer than Larry) asks if I’ve taken my credit card out of the folder. Nope. God I hate when that happens! Small oversight for someone who lives and breathes security and privacy. I left my card in the folder, on the table and was fully prepared to leave the restaurant!

Anyway, this brings up a good point. Now matter how much you know, no matter how hard you work at protecting your identity,sometimes you will slip up and be your own worst enemy. There are just simply times when identity is out of our control. But you don’t have to stress about it. A quick response solves a lost credit card without much pain. Take a look at the video for steps on what to do if you lose or misplace your card.

How to Prevent Child Identity Theft

, ,

Fraud Expert John Sileo discusses why your child is 51X more likely to become a victim of ID Theft on Fox Business.

Why are our kids, the very people we most want to protect, so vulnerable to identity theft? Because they have unused, unblemished credit profiles. According to Carnegie Mellon University’s CyLab 10.2% of the children in a recent report had someone else using their Social Security numbers. That figure is 51 times higher than the rate for adults of the same population.

Thieves steal a child’s identity early on, nurture it until they have a solid credit score, and then abuse and discard it. If it’s not discovered in time, fraudulent use of your child’s identity could mean the loss of educational and job opportunities and starting off adulthood at a serious disadvantage with someone else’s bad credit in her name.

Oddly enough, credit checks do not have any way to match your child’s date of birth with that listed with the Social Security Administration. Therefore, the criminal can put down any date of birth and gain access to your child’s credit. The most unsettling part is thatthe age of the applicant (in this case,the person posing as your child) becomes official with the credit bureaus upon the first credit application.This makes clearing a sabotaged credit record even more difficult because you have to prove to the credit bureau that your child is a child and not responsible for thousands of dollars of debt.

In most cases, you won’t discover the illegal purchases and identity theft until your child applies for a job, tries to get a driver’s license or enters college. At that point, you are left with the time-consuming dilemma of cleaning up someone else’s fraudulent mess. If only clearing up a credit report was as easy as cleaning up after your kids.

Common Sources of Child Identity Theft

  1. Undocumented Workers who need identities to keep working in the US (see NBC News Video Above).
  2. Organized Criminals who reap huge financial gains with little risk of prosecution.
  3. Friendly Fraudsters (friends and relatives) who abuse their relationship with the child to cover debts and expensive habits.

Here are some of the ways your child’s information is stolen:

  • When registering for daycare, schools and recreational sports
  • On medical, dental and hospital records
  • When joining organizations like the Girl Scouts, Boy Scouts, etc.
  • When their identity is stored and accessed by volunteers or employees
  • When one of the above organizations is breached by a hacker or malicious software
  • When an adult befriends your child on a Facebook and socially engineers private information out of them

For parents, cleaning up the disaster of identity theft for their children is costly and incredibly time consuming. Getting a new Social Security number is almost impossible, and rarely the best option. Taking steps right now to protect your child from this horrible crime is one of the greatest investments you will ever make in their financial and emotional future.

Consequences of Child ID Theft

Acting now on behalf of your child will protect them from consequences common to child victims:

  • Starting adulthood with a credit rating low enough to scare away the hungriest of loan sharks.
  • Being denied a loan, credit card or apartment rental because of a crime committed 10-15 years earlier .
  • Being denied access to college, financial aid or a new job based on a past criminal record, falsified earnings or tarnished reputation.
  • Having an arrest warrant for crimes your child didn’t commit.

Protecting Your Children

In the same way that you can’t protect your children from every bruise and scrape, you can’t entirely remove the risk of identity theft. You can, however, prevent or soften the fall if it does happen. Take these steps first:

  1. Watch for mail in your child’s name. This is a potential sign that credit has been established using their identity. The most common types of mail that signal identity theft are financial (pre-approved credit cards, etc.).
  2. Consider ordering a free credit report for your child. If you suspect foul play, write to the three credit reporting bureaus (Equifax, Experian and TransUnion) to see if your child has a credit profile (no profile, no chance that it is being used illegally). If they do have an active credit profile, you will need to resolve this with the specific credit bureau. Please note that requesting your child’s credit report repeatedly can actually establish a credit profile in their name. For a more convenient option, use an identity monitoring service for you and your family that alerts you when credit is established in any of your names.
  3. Stop giving out your child’s personal information. Until you are confident that it is absolutely necessary to receive the services desired, withhold their personal information. More than 80% of organizations that ask for your child’s Social Security number don’t actually need it to establish services. If you must give it, ask them how they will use it, how long they will keep it and how it will be protected while they have it.
  4. Protect your child’s identity documents. Birth certificates, passports, bank account information, wills and trusts involving children should all be locked securely in a fire-safe or bank’s safety deposit box. Physical document theft is one of the most prevalent ways kid’s identities are stolen.
  5. If you find evidence of fraudulent activity, contact the police, the source of the fraud and all three credit bureaus. Filing a police report helps to establish your child’s innocence in an official way.Have the credit bureaus FREEZE your child’s credit for maximum protection. Keep detailed records of all correspondence between yourself, the police, the merchant and the credit bureaus. It will come in handy should you ever find yourself in court, as I did.
  6. Educate your children on the importance of protecting their personal information. Teach them about the value of their personal information: their name, address, phone numbers, email address, Social Security Number and any passwords and PIN numbers. Reinforce that they own their private information and that it should not be shared with friends, over the internet or with anyone whom they don’t know or trust.Education is absolutely the best financial gift you will ever give to them.

In the case of child identity theft, an ounce of prevention is worth a lifetime of financial security. Don’t let the center of your universe become just another statistic. Because you love and protect your children as much as I do, start this process immediately.

John Sileo is an award-winning author and speaker on social media privacy, data security, fraud and identity theft. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentations or watch him on Anderson Cooper, 60 Minutes or Fox Business

ID Theft – Five Tips for Vacation Protection

, ,

Holiday travel brings various levels of challenge and stress. Don’t let identity theft risk add to your anxiety.

Here are five tips to help you to avoid becoming a victim while on vacation:

1. Stop your mail and newspaper. Avoid letting un-invited credit invitations sit in your mail box. You can stop your mail by phone or online at usps.com. Also, ask a trusted neighbor to watch for package & parcel deliveries and to hang on to them until you return. If you receive a daily newspaper, put your subscription on hold. A pile of un-retrieved newspapers in your driveway is a “Welcome” sign to thieves.

2. Don’t advertise that you’re on vacation. Make sure if you are going to post vacation updates on your e-mail, on social networking websites, or on your voice mail greeting, that you post generically, no specifics. Put a few lights on timers so that your home doesn’t look unoccupied for the entire time you’re gone. Replace the front porch light bulb.

3. Enroll in a protection product that safeguards your most valuable asset, your identity. You may think you have all your bases covered, but it can be harder than you think, especially once you need to recover from a theft. One way to make sure you’re protected is by using a product that monitors if you are vulnerable to having your identity stolen. A number of quality service providers offer alerts via text or email of potentially suspicious activity as well as resolution assistance to help you cut through the red tape should you need it.

4. Leave your checkbook & debit card at home. If you don’t want to use cash or credit cards, purchase traveler’s checks instead of bringing your checkbook or debit card. A stolen checkbook has your bank account number and routing number on the checks – valuable tools a thief can use to steal your identity or clean out your bank account. Traveler’s checks require a signature when you purchase them, and then another when you use them at a store or restaurant on your travels. And, usually a photo ID is required when you use them. A thief that steals them will find them much harder to use. A debit card is essentially an immediate cash transaction.

5. Give your credit card company a heads up. This is especially important if you are traveling internationally, because any activity that happens domestically will raise a red flag. If you don’t let them know, they may become concerned when they see overseas transactions and freeze your card, potentially ruining your holiday.

A good measure of common sense and basic precaution can go a long way to protect you and your family.  Taking some of these simple steps can give you the peace of mind you deserve during your hard-earned vacation. Travel safely (and securely)!

John Sileo is an award-winning author and speaks worldwide on the dark art of deception (identity theft, social media privacy, data breach) and it’s polar opposite, the powerful use of trust to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply results and increase positive impact by building a culture of deep trust. His satisfied clients include the Department of Defense, Pfizer, the FDIC, Homeland Security, Experian UK and Blue Cross. Contact him on 800.258.8076, follow him on Facebook and Twitter, or view his work on YouTube.

Use a Credit Freeze to Stop Financial Identity Theft and Secure Your Wealth


Freezing your credit is the number one way to protect against financial identity theft. If everyone in the country applied for a Credit Freeze, identity thieves would quickly be out of business. At least, a major part of their business. Take 30 minutes and lower your chances of identity theft drastically (see the online Freeze links at the bottom of this post).

To go directly to placing a security freeze on your 3 bureau accounts, page down to the bottom section.

Every time you establish new credit (e.g., open up a new credit card, store account or bank account, finance a car or home loan, etc.), an entry is created in your credit file which is maintained by companies like Experian, Equifax and TransUnion (listed below). The trouble is, with your name, address and social security number, an identity thief can pretend to be you and can establish credit (i.e., spend your net worth) in your name.

A credit freeze is simply an agreement you make with the three main credit reporting bureaus (Experian, Equifax and TransUnion – listed below) that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time. Yes, freezing your credit takes a bit of time (maybe an hour of work), can be a little inconvenient when you want to set up a new account (that said, let’s face it, businesses want to make it as easy as possible to unfreeze your credit because they benefit when you set up new accounts and spend more money) and it can cost a few dollars (generally about $10 to unfreeze, a small price compared to the recovery costs of identity theft). And it is worth it! It’s like putting locks on your doors.

Since all states don’t allow you, by law, to freeze your credit, the three credit reporting bureaus have begun to offer credit freezes on a national basis. This is a major step forward in the prevention of identity theft, even if they are offering it for profit reasons (they make money every time you freeze/unfreeze your credit). If your state does not currently offer credit freezes by law, you can now apply with each credit reporting bureau individually. Regardless of where you live, freeze your credit today.A credit freeze doesn’t affect your existing credit – it doesn’t freeze credit cards, bank accounts or loans you already have. It only freezes access to your account unless someone has a password to get in. It’s like having a PIN number on your ATM card. It also doesn’t lower (or raise) your credit score.

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348credit-freeze
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Protect Your Taxes from Prying & Spying Eyes

, ,

The IRS admittedly has little control over protecting your tax returns against identity theft. The problem is too big, the data too widely available, prevention too rarely attended to until it’s already too late.
Your tax returns are the Holy Grail of identity theft because they contain virtually every piece of information a fraudster needs to BECOME you. But you don’t have to be a victim; you simply need to take responsibility for what is rightfully yours – your tax return information and your identity. The changes aren’t difficult, they simply require you read through this document so that you recognize the risks. Once that’s done, you simply avoid the highest-risk behaviors.

Here is a comprehensive list of frauds, scams and high risk tax-time practices.

Top Tips for Tax Time Identity Theft Protection

One of the least recognized risks for identity theft during tax season comes from your tax preparer (if you use one) either because they are dishonest (less likely) or because they are careless with your sensitive documents (more likely). Just walk into a tax-preparers office on April 1 and ask yourself how easy it would be to walk off with a few client folders containing mounds of profitable identity. The devil is in the disorganization. Effective Solutions:

  • Choose your preparer wisely. How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Do they have an established record and are they recommended by the Better Business Bureau?
  • Interview your preparer before you turn over sensitive information. Ask them exactly how they protect your privacy (do they have a privacy policy?). Are they meeting with you in a room full of client files, or do they take you to a neutral, data-free, conference room or office? Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the next section?
  • Asking professional tax preparers these questions sends them a message that you are watching! Identity thieves tend to stay away from people they know are actively monitoring for fraud. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood.
  • Make sure you always (not just at tax time) pay with security checks.

Secure Computers. Last year, more than 80 million Americans filed their tax returns electronically. To prevent electronic identity theft, you must take the necessary steps to protect your computer, network and wireless connection. Additionally, your tax preparer should be working only on a secured computer, network and internet connection. Hire a professional to implement the following security measures:

  • Strong alpha-numeric passwords that keep strangers out of your system
  • Anti-virus and anti-spyware software configured with automatic updates
  • Encrypted hard drives or folders (especially for your tax preparer)
  • Automatic operating system updates and security patches
  • An encrypted wireless network protection
  • A firewall between your computer and the internet
  • Remove all file-sharing programs from your computer (limewire, napster, etc.)

Even though you use a strong password to protect your data file when e-filing, burn the file to a CD or flash drive once you’ve filed. Remove the personal information from the hard drive. Store the backup in a lock box or safe.

Private information should be transmitted by phone using your cell or land line (don’t use cordless phones). In addition, never email your private information to anyone unless you are totally confident that you are using encrypted email. This is a rarity, so don’t assume you have it. In a pinch, you can email password protected PDF documents, though these are relatively easy to hack.

Stop Falling for IRS Scams. We have a heightened response mechanism during tax season; we don’t want to raise any red flags with the IRS, so we tend to give our personal information without much thought. We are primed to be socially engineered. Here’s how to combat the problem:

  • Make your default answer, “No”. When someone asks for your Social Security Number or other identifying information, refuse until you are completely comfortable that they are legitimate. Verify their credentials by calling them back on a published number for the IRS.
  • If someone promises you (by phone, fax, mail, or in person) to drastically reduce your tax bill or speed up your tax return, don’t believe them until you have done your homework (call the IRS directly if you have to). These schemes flourish when the government issues economic stimulus checks and IRS refunds.
  • If anyone asks you for information in order to send you your check, they are scamming for your identity. The IRS already knows where you live (and where to send your rebate)! By the way, the IRS will NEVER email you for any reason (e.g., promising a refund, requesting information, threatening you).
  • To learn more about IRS scams, visit the only legitimate IRS website. If you are hit by an IRS scam, contact the IRS’s Taxpayer Advocate Service.
  • If your tax records are not currently affected by identity theft, but you believe you may be at risk due to a lost wallet, questionable credit card activity, or credit report, you need to provide the IRS with proof of your identity. You should submit a copy of your valid government-issued identification, such as a Social Security card, driver’s license or passport, along with a copy of a police report and/or a completed IRS Form 14039, Identity Theft Affidavit, which should be faxed to the IRS at 978-684-4542. Please be sure to write clearly.
  • As an option, you can also contact the IRS Identity Protection Specialized Unit, toll-free at 800-908-4490. IPSU hours of Operation: Monday – Friday, 7:00 a.m. – 7:00 p.m. your local time (Alaska & Hawaii follow Pacific Time).
  • If you have information about the identity thief that impacted your personal information negatively, file an online complaint with the Internet Crime Complaint Center.  The IC3 gives victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. IC3 sends every complaint to one or more law enforcement or regulatory agencies that have jurisdiction over the matter.
  • Subscribe to an identity theft detection, protection and resolution product.

Mail Safely. A good deal of identity theft takes place while tax documents or supporting material are being sent through the mail. If you are sending your tax return through the mail, follow these steps:

  • Walk the envelope inside of the post office and hand it to an employee. Too much mail is stolen out of the blue USPS mailboxes and driveway mailboxes that we use for everything else to make them safe.
  • Send your return by certified mail so that you know it has arrived safely. This sends a message to each mail carrier that they had better provide extra protection to the document they are carrying.
  • Consider filing electronically so that you take mail out of the equation. Make sure that you have a well-protected computer (discussed above).

Shred and Store Safely. Any copies of tax documents that you no longer need can be shredded using a confetti shredder. Store all tax records, documents and related materials in a secure fire safe. I recommend spending the extra money to have your safe bolted into your home so that a thief can’t walk away with your entire identity portfolio. Make sure that your tax provider appropriately destroys and locks up any lingering pieces of your identity as well. Tax returns provide more of your private information in a single place than almost any other document in our lives. Don’t waste your tax refund recovering from this crime.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

IRS Overwhelmed by Tax Related Identity Theft

, ,

It’s nerve racking to realize that the IRS increasingly struggles to control taxpayer identity theft. Since 2008, the IRS has identified 470,000 incidents of identity theft affecting more than 390,000 taxpayers. “Victims of tax-related identity theft are the casualties of a system ill-equipped to deal with the growing proficiency and sophistication of today’s tax scam artists” said  Sen. Bill Nelson, who chairs the newly formed Subcommittee on Fiscal Responsibility and Economic Growth.

Identity theft harms innocent taxpayers through (1) employment and (2) refund fraud, according to the GAO. In refund fraud, an identity thief uses a taxpayer’s name and Social Security number to file for a tax refund, which the IRS discovers after the legitimate taxpayer files. In the meantime, the victim is out the money due her, causing Sharon Hawa of the Bronx, N.Y. to take on a second job. Ms. Hawa testified before the Subcommittee, describing how she had become an ID theft victim for the second time in three years (the first in 2009) after thieves twice filed tax returns in her name and received her tax refunds. Painstakingly proving her identity to the IRS, time after time over a 14-month period, was only a small part of the stress and utter frustration in the first fraud.  And  then, as if that trauma hadn’t sufficiently wreaked havoc in Ms. Hawa’s life, it happened a second time.

In employment fraud, an identity thief uses a taxpayer’s name and SSN to obtain a job. When the thief’s employer reports income to the IRS, the taxpayer appears to have unreported income on his or her return, leading to enforcement action. Think of your stress level when you open that envelope from the IRS demanding taxes for money you didn’t earn and don’t have!

The GAO states that the IRS’s ability to address identity theft issues is constrained by several factors, one being that privacy laws limit the sharing of ID theft information with other agencies. Another problem is the timing of fraud detection efforts; more than a year may have passed since the original fraud occurred.  The resources necessary to pursue the large volume of potential criminal refund and employment fraud cases are another constraint.

It’s imperative that we taxpayers take responsibility and implement the steps necessary to protect ourselves. There is very little that is more damaging and dangerous to your identity than losing your tax records. After all, tax records generally contain the most sensitive personally identifying information that you own, including Social Security Numbers (for you, your spouse and maybe even your kids), names, addresses, employers, net worth, etc. Because of this high concentration of sensitive data, tax time is like an all-you-can-eat buffet for identity thieves. Here are some of the dishes on which they greedily feed:

  • Tax documents exposed on your desk (home and work)
  • Private information that sits unprotected in your tax-preparer’s office
  • Improperly mailed, emailed and digitally transmitted or filed records
  • Photocopiers with hard drives that store a digital copy of your tax forms
  • Copies of sensitive documents that get thrown out without being shredded
  • Improperly stored and locked documents once your return is filed
  • Tax-time scams that take advantage of our propensity to do whatever the IRS says (even if it’s not really the IRS asking)
Your tax returns are the Holy Grail of identity theft because they contain virtually every piece of information a tax fraudster needs to BECOME you. But you don’t have to be a victim; you simply need to take responsibility for what is rightfully yours – your identity. Sileo.com has compiled a comprehensive list of tax time frauds, scams and prevention techniques.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Zappos Breach: 5 (Foot)Steps for the CEO, 6 for Victims

, ,

Let’s say you ordered winter boots for your spouse on Zappos.com (now part of Amazon), which has world-class customer service. You don’t really even shop the competition because someplace in your brain you already trust Zappos to deliver as they always have. Your unquestioned confidence in Zappos is worth a fortune.

And then hackers break in to a server in Kentucky this past weekend and steal private information on 24 million Zappos customers, including (if you are a customer) your name, email address, physical address, phone number, the last four digits of your credit card number and an encrypted version (thank goodness) of your password. Consequently, your junk email folder is overflowing (your email has been illicitly sold to marketing companies), you receive the doom-and-gloom breach notification from Zappos (just like I did), and suddenly, you don’t have quite the same confidence in this best-in-practice business any more. Your shaken confidence in Zappos costs them a fortune. For the foreseeable future, you will pause before using their website again.

“We’ve spent over 12 years building our reputation, brand, and trust with our customers,” Zappos CEO Tony Hsieh said in a note to employees Sunday. “It’s painful to see us take so many steps back due to a single incident.”

In a smart move, Zappos reset the passwords for all affected accounts and notified victims on how to create a new one. But their efforts to recover customer trust are just beginning. Here are 5 Core Concepts of Trust that Zappos leadership should weave into their breach recovery process:

  1. Ownership. Leadership at the company should take complete responsibility for the loss of data and not make excuses as to how it was someone else’s fault (remember the BP oil spill finger pointing?). The last thing victims need is to become more victimized by a corporate spin cycle that further erodes trust. Authentically respecting their customer base (which they do), even when it costs a few extra dollars to maintain, is a sound investment strategy.
  2. Transparency.  Zappos customers have the right to know exactly what was stolen and how it might be used. They deserve to know what the company knows and what law enforcement knows. Sharing their failure (as opposed to covering it up in any way, which they don’t seem to be doing) is a painful process with high short-term costs, but it is the first step in taking responsibility.
  3. Expectation.  Zappos needs to set customer and marketplace expectations early and often about how they will make it better. Forcing users to change passwords does little to ease fears that it will happen again. What tangible steps will they take to repay customers for the trouble they have caused and what measures will they implement to better protect users in the future?
  4. Delivery. Zappos must deliver on the expectations they set with the victims, with the media and with the marketplace. False promises (pretending to implement better security but underfunding the budget) are cheap Band-Aids but only further infect the inflicted wounds when nothing actually changes. To regain trust, Zappos must set impressive expectations and deliver on them flawlessly
  5. Competence. Zappos is not in the business of recovering from identity theft or data breach. They need to aid their legal department by bringing in breach mitigation and recovery experts. Saving a few dollars up front keeping the efforts in house will raise downstream recovery by multiples.

In the meantime, if you are a victim of the Zappos’ breach, begin with these steps:

  • Immediately change your password according to Zappos emailed instructions.
  • Use an alpha-numeric-upper-lower-case password that has nothing to do with your personal life and can’t be found in a social networking profile or dictionary
  • If you use the same password on other sites (webmail, financial), change those as well
  • Implement identity theft monitoring services.
  • Monitor your credit profile for suspicious activity at AnnualCreditReport.com
  • Don’t click the links in that email. Zappos is sending every one of its affected customers a warning e-mail. However, more often than not such “official” e-mails are from hackers (for example, “We’ve had a security problem. Please change your password.”). These fraudulent e-mails can be virtually indistinguishable from legitimate communications, including identical graphics, logos, and authentic looking return e-mail addresses. Instead of clicking, type the URL (in this case Zappos.com) directly into your address bar. If there’s an important notice on your account, you’ll find it there.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

 

Using an iPad to Your Competitive (and Secure) Advantage

If you received an iPad for the holidays (or already have one), you own the most powerful productivity tool invented in the last 20 years – it’s like command central for your life and work. I use the iPad as a step-by-step, centralized way to keep tabs on everything related to my business. Over a cup of coffee, I consume highly-relevant information (no Angry Birds at this point in the day) in a low-stress way simply by clicking through my iPad apps in a consciously prioritized order. I’m not actually taking action on anything at this point, just getting an overview of the appointments, current events, and communications that will make me more effective. That way, when I get down to work,  I know exactly what should get my attention. The routine is always the same, so I never have to remember what I need to do except to open my iPad before I officially start the day. The process takes me about 20 minutes, and by the time I get to work, my brain has sorted most of the information and knows where to start. Here’s how I consciously prioritize my apps (see screen shot):

  1. Calendar (iCal). I look at my calendar first to remind myself of appointments taking place that day.
  2. Project Planner (OmniFocus). I use OmniFocus to organize larger projects. It is a great way to do a brain dump of all of the little tasks that clutter my creative thinking. These project lists are shared with my team and give us a centralized way to track and prioritize our business.
  3. Event Management (eSpeakers and SalesForce). Because I speak professionally as my main source of revenue, I utilize an industry specific app called eSpeakers that tracks every aspect of my speaking engagements. In 30 seconds, I have a quick view of what speeches are on the horizon and what tasks need to be completed. Since this is a revenue center of my business, I want to keep very close tabs on what is taking place. SalesForce is for leads, accounts and contact management.
  4.  News (local paper, USA Today, Zite, Instapaper, NPR). Once I have a view of the day ahead, I skim the news (general and industry specific) to determine if there are any stories I need to pay closer attention to. This isn’t a complete reading, just to put it on my radar.
  5. Note Taking (Evernote). I use Evernote as a clearing house for all of the notes I take, whether it’s an article, random thoughts, etc. By keeping my note taking app close to the news apps, I record anything highly relevant.
  6. Social Networking (HootSuite). I use HootSuite to monitor my Facebook Fan Page, Twitter Feed and LinkedIn Profile. I might quickly post an interesting piece of current news in my field or an upcoming event or media appearance. I do NO personal updates at this point in the day. Business only.
  7. Email. Email always seems like the most important task, but I find it to be distracting. I leave it until last and simply read through all emails and flag them for later work. If they require more than a three word answer, I don’t use my iPad to communicate. I do this once I am sitting at my computer; in the meantime, my subconscious has generally come up with the necessary responses.
You get the point. When you have covered the critical items, close the iPad and go make breakfast. Let your brain mull it over and process what’s important and what’s a waste of time. Don’t continue to consume more information, spend the rest of your day acting on what you’ve already reviewed. This will keep you from information overload.
If you apply this method, your iPad desktop will look completely different, customized to your needs, industry and interests. The power here is in the cutomization of what makes you effective and efficient and the ritualization of the process. Instead of remembering 20 things, you remember one – open your iPad before your work day begins. Twenty minutes well spent can give you a sizable competitive advantage. Try it for a week and see what you think. If you have other ways that you leverage your iPad for work, share them in the comments below. And don’t forget to keep all of this mission-critical data out of the hands of identity thieves and competitors by following these 7 Simple Security Steps:

7 Simple Security Settings for Your iPad

  1. Turn On Passcode Lock. Your iPad is just as powerful as your laptop or desktop, protect it like one. Your iPad is only encrypted when you enable the passcode feature. (Settings/General)
  2. Turn Simple Passcode to Off. Why use only an easy to crack 4-digit passcode when you can implement a full-fledged alphanumeric password? If you can tap out short emails, why not spend 5 seconds on a proper password.
  3. Require Passcode Immediately. It is slightly inconvenient and considerably more secure to have your iPad automatically lock up into passcode mode anytime you leave it alone for a few minutes.
  4. Set Auto Lock to 2 Minutes. Why give the table thief at your favorite café more time to modify your settings to his advantage (to keep it from locking) as he walks out the door with your bank logins, emails and kid pictures.
  5. Turn Erase Data after 10 Tries to On. Even the most sophisticated passcode-cracking software can’t get it done in 10 tries or less. This setting wipes out your data after too many failed attempts. Just make sure your kids don’t accidentally wipe out your iPad (forcing you to restore from your latest iTunes backup).
  6. Use a Password Manager. Your passwords are only as affective as your ability to use them wisely (they need to be long and different for every site). Keeping your passwords in an unencrypted keychain or document is a recipe for complete financial disaster. Download a reputable password-protection app to manage and protect any sensitive passwords, credit card numbers, software licenses, etc. Not only is it safe, it’s incredibly convenient and efficient.
  7. Avoid Untrustworthy Apps. Not all applications are friendly. Despite Apple’s well-designed vetting process, there are still malicious apps that slip through the cracks to siphon data out of your device. If the app hasn’t been around for a while and if you haven’t read about it in a reputable journal (Macworld, Wall Street Journal, New York Times, etc.), don’t load it onto your system. 

It will only take a minute to implement these steps and will encourage thieves to move on to the next victim.

John Sileo is an award-winning author and speaks worldwide on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply results and increase performance. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Contact him on 800.258.8076 or learn more at ThinkLikeASpy.com.

Business Killers: Identity Theft and Data Breach Protection FREE WEBINAR

, , , ,

Business Killers: Identity Theft and Data Breach Protection Webinar on November 10

 

On November 10, I will host an interactive webinar sponsored by Deluxe that will explore how small businesses can protect themselves from identity theft. As someone who lost more than $300,000 and my small business to identity theft, this is a topic I care about deeply. In addition to delivering keynote speeches at conferences, I also provide consulting and guidance to organizations like the Federal Trade Commission, Pfizer and the Department of Defense on how to best protect the sensitive data inside of their organizations.

Register now for tomorrow’s webinar.

During this multi-part webinar, I will provide simple, actionable tools and advice to help small businesses protect their data and retain information privacy. I’ll also explain how the information economy has shifted the competitive landscape and increased our data exposure. Attendees will learn the following:

  • The new reality: information does not equal power
  • How to think like a spy and apply critical thinking to the power equation
  • Manipulation triggers thieves use against your employees and defense techniques
  • Interrogation tools to uncover fraud before it erodes your profits and net worth
  • Fraud hotspot best practices
  • Trends in data theft
  • Holiday identity theft prevention tips

Sign up now and make sure that your business doesn’t experience the losses that mine did.

John Sileo, the award-winning author of Privacy Means Profit, is a keynote speaker on identity theft, data security, social media exposureand weapons of influence. His clients include the Department of Defense, Pfizer, Homeland Security, Blue Cross, the FDIC and hundreds of corporations, organizations and associations of all sizes. Learn more at www.ThinkLikeASpy.com.