Privacy is more than locking your Doors

/in /by

There are 10 distinct meanings of privacy.

2PProtecting Reputation

You’ve heard of money management, right? Well, there’s also reputation management. There’s a difference between having facts about a person and then making judgments based on those facts. Often, judgments are skewered, and the result is a soured reputation.

Showing Respect

We must respect one’s desire to keep personal data about themselves personal. That’s why it’s called personal data. It’s not so much that revealing one’s private information would do little, if any, harm. It’s the principle of respect that’s the bigger picture.

Trust

Trust is vital in any kind of relationship, from personal to commercial to professional. When trust is broken in one relationship, this could cause a domino effect into other kinds of relationships.

Social Boundaries

We all need a sanctuary from people’s interest in us. When boundaries are crossed, relationships can be tarnished. Nobody really wants everyone to know everything about them, or vice versa.

Freedom to speak freely

We’re all free to think whatever we want without fear of repercussion, but turning those thoughts into speech is what can create problems—both real and perceived.

The Second Chance

Thank goodness that once we get our foot stuck in the railroad track, we can yank it out and start over. Having privacy promotes the second chance, the ability to make changes.

Control

You’ll be hard-pressed to come up with a transaction you can complete in public or online without forking over your personal data. Minus cold cash transactions, just about every move we make requires some revealing of personal information. And the more that your data is out there, the more likely someone can use it to control you.

Freedom of Political Association

Due to privacy, we can associate with political activities, and nobody ever has to know whom we voted for for a political office.

What others think of You is none of your Business

Privacy means never feeling you must explain or validate yourself to those near or far.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Ransomware demands Dollars for Data

/in /by

“Ransomware” is what holds data hostage by invading one’s computer when the user clicks on a malicious link in an e-mail or downloads an infected attachment. Visiting a fraudulent web site can also trigger an attack.

CRYRansomware then goes to work at putting your files on lockdown so you can’t access them—but the hacker sure can. The crook will then have full access to your computer and all of your private information stored in it.

Ransomware in some cases masquerades as “Anti-Adware” or “Browser Security” claiming that the security product license has expired. Ransomware on Windows shows as a full-screen “error alert” like message. Though ransomware is uncommon, it’s a rising star in the world of malware.

How can you protect your computer from an infection?

  • Ensure your computer is running the most up-to-date version of your chosen operating system.
  • Use updated antivirus software.
  • Never click links in e-mails. Always go to the source or use your password manager.
  • Never go to unfamiliar web sites, as they can initiate the virus cascade.

Keep in mind that although malware and ransomware usually affect PCs running on Windows, malware can be created for any operating system and for mobiles. In fact, Android malware has been picking up steam. But Mac users should not breathe easy; they too, should be on the alert, says the McAfee Threat Report.

The best way to implement protection of your computer and devices is to install a comprehensive measure of security—in addition to sticking to that never-repeated-too-often rule of never click a link in an e-mail.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Six Steps for Keeping Your Mobile Secure

/in /by

Mobile phones are a world away in terms of capabilities to what they were 10 years ago. Research from Doilette has found that 72% of people in the UK now own a smartphone device.

Considering all the personal information evidently available on your phone, it’s probably about time that you properly protected it. Read more HERE

Credit Card Theft increasing for Banks and Retailers

/in /by

2013 was the year of 740 million records involving data breaches. And that number may be erring quite on the conservative side, according to the Online Trust Alliance. The records come from a list on the Privacy Rights Clearinghouse Chronology Data Base.

2CThe list is that of publically disclosed breaches, including the alleged 110 million that struck the big retailer December 13. Many of the listed breaches are of a non-descript number.

The more electronically connected everything becomes, the greater the potential for data breaches—it’s almost as though all this advancement in online data storage and transmission is setting us backwards.

Cybercriminals are good at keeping pace with the progression of online security tactics, matching every leap and bound. This is why organizations must put security and data protection at the top of their priorities and be ready to handle a major breach.

Unfortunately, no one-size-fits-all defense against cyber-fraudsters exists. Nevertheless, there do exist best practices that can optimize a company’s protection against cybercrime.

Let’s take a look at some highlights of the data breaches of 2013.

  • Though that conservative 740 million records was disclosed, 89 percent of the breaches and loss of data incidents could have been thwarted.
  • 76 percent of breaches were due to stolen or weak account credentials.
  • In 2013 alone, 40 percent of the top breaches were recorded.
  • Insider mistakes or threats accounted for 31 percent of insiders.
  • Social engineering was responsible for 29 percent of breaches.
  • Physical loss such as forgetting where one placed a device, flash drive, etc., was responsible for 21 percent of the data loss incidents.

The 2014 Data Protection & Breach Readiness Guide can help service providers and app developers for businesses grasp the issues, factors and solutions that will fire up data protection tactics and bring about a development of strategies for managing a data breach incident.

Smart businesses think proactively:

Smart businesses are investing in their client’s security. Consumers want to know they are being protected before, during and after a transaction.

ID Theft, Medicare Fraud Prevention in People Over 45

/in /by

My job as a security analyst is to educate people on the prevalence of ID theft, and this especially includes those over 45, and I also must point out that scams involving Medicare are on the rise.

3DAccording to Reuters, Identity theft led the list of top consumer complaints once again in 2013, with U.S. consumers reporting that they lost over $1.6 billion to various types of fraud. Of the 2 million consumer complaints that the commission received last year, 290,056, or about 14 percent, were related to identity theft, the FTC said.

People over 45 attract identity thieves because often the 45-plus crowd is more trusting, and have more wealth and disposable income built up. They’re not too eager to report identity theft for fear their families will think they’ve lost control. Crooks know all this. Learn how people over 45 can protect against identity theft and Medicare scams.

Identity Theft Prevention for the 45-Plus Crowd

  • Know that those closest to you (family members, caregivers) can be a thief waiting for a prime opportunity. Be leery of anyone asking for even a small loan or giving a sob story.
  • ID information and other personal data and documents should be locked up in a safe.
  • Get a PO box for your mail—to receive and to take outgoing to.
  • Shred personal documents you no longer need.
  • Thieves like to rummage through trash for discarded direct mail and credit card offers. Call the FTC OPTOUT at 1-888-567-8688 to stop these offerings.
  • Memorize your SSN so you don’t have to bring it in public.
  • Thin out your wallet.
  • Cancel unused cards.
  • Never have any personal information printed on your checks except your PO box address. Have only your first and middle initial with your last name printed on checks.
  • Have your bank issue an ATM-only card rather than an ATM debit card.
  • Don’t wait till you’re a victim of crime to have a handy list of all your financially related contact information already composed.
  • Update your devices operating systems
  • Update your devices antivirus, antispyware, antiphishing and firewall.
  • Lock up your devices with a password.
  • Use string passwords including upper/lower case and numbers.
  • Use a passwords manager. Never use the same passwords twice.

Credit Card Scams

  • Don’t be phishing bait. An e-mail comes to you claiming you must make a payment and includes a link where to do this. These scam e-mails make gullible people think they’re from banks, retailers, even what seems like the IRS. The link to a phony website entices victims into typing in their bank account or credit card numbers: a done deal for the thieves.
  • Review bank and credit card statements promptly. Reporting something suspicious within two days means minimal liability with bank accounts. Wait too long and you may never recover your loss.
  • Never lose sight of your debit card. Always watch clerks swipe it. Don’t hand it to anyone else at the store.
  • Consider ditching the debit/credit card. Use an ATM card and a separate credit card rather than the combo.
  • Never give your card to anyone. This means a caregiver, nanny, dog sitter, relative—you never know what they may do.
  • Never give your card or account information to someone who phones you.
  • See more “credit card security tips HERE

Social Media Scams

  • Friend only those who you actually know, like and trust.
  • Remember the Internet is forever—Even if you have the highest privacy settings, it’s good practice to consider anything you do on the Internet as public knowledge, so be careful what you share online or via your mobile device.
  • Don’t reveal personal information—Seriously consider why it’s needed before you post your address, phone number, Social Security number, or other personal information online.
  • Put a PIN on it—Make sure you have your smartphone and tablet set to auto-lock after a certain time of unused and make sure it requires a PIN or passcode to unlock it. This is especially helpful to protect any information you do not want seen should your device be lost or stolen.
  • Manage your privacy settings—At most, only friends you know in real life should be able to see details of your profile.
  • Change your passwords frequently—In addition to choosing passwords that are difficult to guess (try to make them at least eight characters long and a combination of letters, numbers, and symbols), remember to regularly change your passwords.

Medicare Card Scams

  • The weak link in Medicare is that the SSN can be used as the identifying information on the insurance cards.
  • After the first visit to a doctor, copy your Medicare card, ink out every thing but the last four numbers of the SSN, then use the copy for subsequent visits.
  • A Medicare representative will never call you to verify information so that medical bills can be paid. A call like this is a scam.
  • If somebody other than your physician asks for Medicare information, call 1-800-MEDICARE to report this. Only when you’re in your doctor’s office should your doctor request such information. If in doubt, never give your Medicare number out.

If You Are a Victim

What should people over age 45 do if they suspect identity theft?

  • Call one of these three credit reporting agencies to put a fraud alert out on your credit report:
  • Experian: 888-397-3742; Equifax: 800-525-6285; TransUnion: 800-680-7289
  • Contact only one company because they’re legally required to contact the other two.
  • Contact local law enforcement, banks and credit card companies if you suspect ID theft.
  • Call the FTC ID theft hotline: 877-438-4338; or online at www.consumer.gov/idtheft

Identity theft protection:

  • Does Identity Theft Protection Really Work? YES.
  • How effective are their scanning/monitoring methods? It all depends on the service. Check out BestIDTheftCompanys.com ratings.
  • Can they truly protect consumers? The answers may vary. Identity theft protection is designed to protect you from new lines of credit being opened in your name—and along with the recovery/restoration component; it’s designed to clean up the mess.

Read our blog post on “Identity theft protection HERE

Can Home Invasion of Elderly Cause Heart Attack?

/in /by

I’m a home security expert and have given many speeches on how to protect your home from an invasion, but one of the topics that doesn’t seem to get much attention is the possibility of a heart attack being triggered in an elderly homeowner by the stress of an intrusion.

2BHere are two alarming cases of heart attack in the elderly apparently caused by the stress of a home invasion.

Mildred Pollock, age 89, suffered fatal heart failure a week after two men robbed her inside her house, as reported by WALB News 10 of Mitchell County, GA.

Here’s how it all went down: Two men posed as salesmen and showed up at the elderly victim’s door at about 4:30 pm. The men ended up inside her house. (The report doesn’t say if she invited them in; if they invited themselves in and she accepted; or if they forced their way in.)

But for sure, they removed the elderly woman’s alert pendant and held her to a chair, taking her phones away. The men wanted money, found none, and then left.

Pollock called for help with a backup alert button, was taken to the hospital, and succumbed to heart failure a week later. The home invaders face felony murder charges, even though an autopsy showed clogged arteries in her heart.

However, leehighvalleylive.com reports the case of another elderly victim, age 76, who suffered a mild heart attack the night of a home invasion, after which her health rapidly declined and she died several weeks later.

The forensic examiner attributes the heart attack to the stress of the home invasion/robbery, even though the victim had a pre-existing heart condition.

Tips for Preventing a Home Invasion

  • Always speak to strangers through a locked door, never a screen door, let alone open door.
  • Forbid children to respond to knocks and doorbells.
  • Keep a burglar alarm on at all times, but you must remember to deactivate it every time you open a door or window.
  • Install a video surveillance system: a marvelous deterrent to home invasion.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Top Security Techniques That Work For The Masters

/in /by

Banks know security just about better than anyone. Find out what they can teach you about safeguarding your small business.

8DSecurity is a journey, not a destination. This is a security industry axiom that means we can strive for security, and by making this effort, we can put ourselves on a path to security. But while we may achieve a relative degree of security, our businesses will never be 100 percent secure—the destination we all strive for. Even Fort Knox, the White House and the New York Stock Exchange are vulnerable.

But that doesn’t mean we shouldn’t strive to reach our destination. In order to protect our businesses, we can apply strategies that significantly reduce our risk level. One of the best security techniques is layering. Layers of security make a criminal’s job more difficult, as they are forced to address all the vulnerabilities in our business.

Helen Keller once said, “Security is an illusion; life is either a daring adventure or nothing at all.” Her quote has significance, although it’s not entirely accurate. That’s because security is part illusion and part theater. The illusion, like a magic act, seems believable in many cases.

Security theater, on the other hand, refers to security intended to provide a sense of security while not entirely improving it. The theater gives the illusion of impact. Both play a role in deterring criminals, but neither can provide 100 percent security, as complete security is unattainable. Hence, security is a journey, not a destination.

Banks know security, both the illusion and the theater. They have to, because robbers target these buildings daily. Because banks want to promote a friendly and inviting environment, consumers are mostly oblivious to the various layers of security that financial institutions utilize to protect their bank accounts. And that’s not a bad model to follow.

What Banks Know About Security

Banks have multiple layers of security. The perimeter of most banks are often designed to include large windows, so passersby and law enforcement can easily see any problems occurring inside. The bank’s doors also have locks. There is, of course, an alarm system, which includes panic buttons, glass-break detectors and motion sensors. These are all layers, as are the security cameras, bulletproof glass and armed guards. Ideally, the tellers and members of management should have robbery-response training. Many banks also use dye packs or GPS devices to track stolen cash.

All banks have safes, because banks know that a well-constructed safe is the ultimate layer of security. A safe not only makes it extremely difficult for a bank robber to steal the bank’s money, but it also protects the cash in the event of a fire.

And then there are the multiple layers of computer security. The basics include antivirus, antispyware, antiphishing and firewalls. However, there are numerous additional layers of protection that monitor who is accessing data and why, and numerous detectors that look for red flags which indicate possible identity theft.

Banks also recognize that a simple username/password is insufficient, so they require their clients to adopt multifactor authentication. Multifactor authentication is generally something the user knows, such as a password or answers to knowledge-based questions, plus something the user has, such as a smart card, token or additional SMS password, and/or something the user is, such as identification through a biometric fingerprint, facial recognition, hand geometry or iris scan. In its simplest forms, multifactor authentication occurs when a website asks for a four-digit security code from a credit card or installs a cookie on your machine, or when a bank requires a client to add a second password to his or her account. Some institutions also offer or require a key fob that provides a changeable second password (a one-time password) to access accounts, or it might require a reply to a text message in order to approve a transaction.

Every layer of protection the bank adds is designed to make it harder for a criminal to get paid.

Consider a layered approach for your small-business security plan. Think about the current layers of business protection you have in place, and then consider how many more layers you might want to install to ensure a seamless customer experience and a security-minded culture.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Businesses fail in Customer Privacy

/in /by

The U.S. Consumer Confidence Index, released by TRUSTe®, shows an alarming trend: A high percentage of U.S. people over age 18 are unnerved about their online privacy, and this trend is worsening.

2PThis survey was conducted online among 2,019 U.S. adults and reveals that 92 percent of the participants are on edge, at least some of the time, concerning online privacy. Nearly three-quarters of Internet users in the U.S. are worried about privacy more so than a year ago. And more users worry about business data collection versus government surveillance programs.

Many businesses are not taking measures to mitigate this concern among users. This can backfire on businesses, e.g., more people not willing to download apps or click on ads. Protecting consumers is crucial to a company’s success—not just with customers but with competitors; companies should not cut corners here.

What are the top reasons for privacy concerns? The top two responses: 1) Businesses sharing personal data, and 2) Businesses tracking online behavior.

More specific findings:

  • 58 percent of respondents were worried about businesses giving out their personal information with other businesses
  • 47 percent worried about businesses tracking their online actions
  • Only 38 percent named media attention to government surveillance programs as a cause for concern.

What are consumers doing about all this?

  • 83 percent are leery of ad clicking.
  • 80 percent won’t use smartphone apps that apparently don’t protect privacy.
  • 74 percent aren’t comfortable enabling location tracking on their smartphone.

Other findings of the TRUSTe survey:

  • User concerns over online privacy are climbing: 92 percent of users worry about privacy.
  • Trust with businesses is declining, coming in at 55 percent currently.
  • 89 percent of consumers will refrain from conducting business with a company they don’t feel is protecting their online privacy.

The public wants more:

The tides of privacy are turning and the public is waking up. Businesses who fail to take action will surely be met with customer defection.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

7 Ways to Tell If It’s a Fake

/in /by

Unfortunately in today’s world, scammers are coming at us from all angles to try and trick us to get us to part with our hard earned money. We all need to be vigilant in protecting ourselves online. If you aren’t paying attention—even if you know what to look for—they can get you.

9DThere are numerous ways to detect fake sites or emails, phishing, etc. Here are 10 you should know about:

  1. Incorrect URL. Hackers use fake sites to steal your information. Watch to make sure the URL is actually the one you want to be going to— if you notice the URL is different, that’s a good indication that the site is fake and you should NOT enter your information. There’s a number of ways you can protect yourself from this:
    1. If you’re on a computer, hover your mouse over the link to see a preview of the link URL in the status bar. Then check to see if the link site matches the site that it should be from. So for example if your email comes from North Bank or you type in North Bank into the Google search bar and the link is not going to www.northbank.com but something like www.banking-north.com you should not click.
    2. If you’re on a mobile device, use a link preview to see the actual URL before you click.
    3. You can also use McAfee® SiteAdvisor® on both your computer and mobile device to make sure the links you are going to are not bad links.
  2. Nosy Requests. Your bank won’t ask via email for your PINs or card information. Be suspicious of sites (or emails) requesting your Social Security number, identification number or other sensitive information.
  3. Sender’s Email Address. You can also check who sent the email by looking at the send address. It may say it’s from North Bank, but the email may be something strange like northbank@hotmail.com. The sender’s email should not be using a public Internet account like Hotmail, Gmail, Yahoo!, etc.
  4. Your Name. A legitimate email from your bank or business will address you by name rather than as “Valued Customer” (or something similar).
  5. Typos. Misspellings or grammatical errors are another sure sign that the message or site is fake.
  6. Fake Password. If you’re at a fake site and type in a phony password, a fake site is likely to accept it.
  7. Low Resolution Images. A tip-off to a false site is poor image quality of the company’s logo or other graphics.

Additionally…Hit delete. How about just hitting the delete button whenever an email comes to you from an unfamiliar sender? After all, if any legitimate entity needs to contact you about something urgent or crucial, they would have your phone number, right? They know your name, too. Remember, “just say no” to opening unfamiliar or suspicious looking emails.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

WiFi Security Truths and Falsehoods

/in /by

Security truths evolve—meaning, they change, and you must keep up with this, particularly with wireless security. Advice for wireless security can quickly become outdated. There are actually three big wireless security myths swirling around.

3W#1. Limit the IP address pool to restrict number of devices that can connect.

Even if your cable company tech recommends this, it’s no good. The unfounded idea is that when the range of allowable IP addresses is limited, this makes it hard for hackers to connect. However, the size of the pool doesn’t matter because hackers can just determine which IP addresses are open and use those.

#2. Hide your network’s SSID to conceal it from hackers.

Nope, this won’t work either. Wireless routers broadcast their service set identifiers (SSIDs); your device shows these so you can see which Wi-Fi options are in range. The idea is to hide your network’s SSID to prevent hackers passing by from using them.

However, most devices today see networks even if the SSID is concealed. An apparently unavailable SSID won’t stop a hacker. If you think there’s no harm in blocking the SSID nevertheless, think again: Hiding it may make your network more appealing to the criminal, kind of like hiding the cookie jar—something must be pretty rewarding in there.

#3. Enable MAC address filtering to select who can connect.

Sounds like a plan, but it isn’t: Using router settings to enter the MAC (media access control) address of every device that connects to your network; entering the MAC address will permit only users with these addresses to gain access to your router, thereby keeping hackers off-limits.

But forget this hassle because all a hacker need do is analyze a network, identify allowable MAC addresses, and he’s in.

Security that actually works

  • Go for encryption—and the best, at that—for your router. The best currently is WPA2. Coupled with a strong password, this is a winning security plan. A strong password has at least 12 characters combining letters (upper and lower case), numbers and symbols. Get new hardware if your router doesn’t support WPA2.
  • VPN—a virtual private network such as Hotspot Shield VPN provides private communication over a public network. Transmissions of sensitive data will be private, such as between you (at home) and your employer.
  • VPN again, but this time, one you can use for when you’re using your device in unprotected public realms such as an airport or coffee shop. Using your device in public makes your data vulnerable to hijacking. This type of VPN protects you from hackers and other voyeurs from peeping in on your web surfing activities, credit card information, messages, etc.

Protect all your web surfing activities with a VPN, which secures your connection not only at home but in public (wired and wireless). Your identity is protected with a free proxy by providing HTTPS to secure all of your online transactions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.