Healthcare Establishing Customer Security Programs

Consumers really get stiffed when there’s a data breach, having to change their passwords, replace credit cards, and other bothersome tasks, not to mention the grief over stolen personal information.

10DHealthcare organizations (a prime target of cyber criminals for several reasons) need to think beyond the approach of, “Here’s how we’re protecting your data,” and shift their way of thinking to, “We are dead serious about our customers’ security.”

This is how healthcare organizations can be truly proactive. While organizations can’t reveal too much information about their security plans (since this can make it easier for exploitation), they DO need to be generous with candid messages about how vital it is to protect consumer data.

Throwing around the same generic, recycled language about “Here’s what we’re doing to protect you” no longer cuts it and doesn’t build a lot of trust in the consumer. Instead, organizations should impress upon consumers their devotion to security in meaningful and understandable ways.

Consumer security should be free to the customer. This will delight consumers and help ease their anxieties over data safety, while setting the organization apart from its competitors. That’s how to put the brand’s reputation at the top and build customer loyalty.

Key Features of a solid customer security program

  • Information must be protected at the time of sign-up/data collection, and protected should data be lost.
  • Being accountable for a data recovery and restoration in the event of a breach; this will build customer loyalty.
  • Financial loss must be recovered.
  • Credit reports must be restored.

According to AllClear ID, here is how healthcare organizations can make an impression on their customers:

  • Implementation of the most current IT practices should be done because it is paramount to secure mobile devices, access points, databases, cloud services, etc., and to better keep tabs on systems for breaches.
  • The security of employees’ personal mobiles and the organization’s devices needs to be stronger.
  • Employee training must be improved, from the bottom up, to reduce mistakes.
  • HIPAA compliance needs to be reinforced.
  • An identity protection plan must be created so that potential customers will have confidence in enrolling and feel less anxious about the fallout of a security breach.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Going to Plan B for Survival

If your “Plan A” for survival sinks, do you have a Plan B backup?

1MForget rushing to the grocery store when disaster like a snowstorm strikes. Everyone else will have the same idea. Need I say more?

The supermarket and the convenience store are the first places a panicking town will flock to for food and water. While they’re duking it out there, you can obtain essential supplies at other places where the masses of people won’t even think to look.

Before some critical event hits, locate all the businesses and water sources within two miles of your home. When compiling this list, don’t assume that any particular business can’t possibly have something valuable. Once the list is complete, sift through it to determine if any have any valuable items. Take your time.

Businesses you might never think have water will have water, such as a dental clinic: bottled water. Same with beauty spas and health clubs. Many gyms also sell food. Don’t blow off the hobby shop: It might sell craft wood and twine. And don’t scratch off an office supply store: the big ones sell candy. Major bookstores sell bottled beverages, pastries and sandwiches.

Make sure you have a bicycle to get to these businesses in the event of a disaster, because a car won’t be practical during or after an event like a tornado, hurricane or flood. And don’t wait for the event to see if the bike works.

If you normally walk your dog or do fitness walks or runs, take different routes to get used to all the different routes throughout your town, in the event that a calamity obstructs your main route. You’ll then instantly know an alternate route to get to a business to obtain essential supplies.

Finally, keep physically fit. Pedaling a bike for a few miles with a duffel bag full of food and bottled water will be very taxing for an out-of-shape person.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Burglar seen on Video hovering over Baby

What was going through the head of a burglar as he was hovering over a baby after breaking into a house? Did he momentarily pause to take a breather and find a sense of peace and calm at the sight of an innocent baby? Or…was he contemplating harming the toddler or kidnapping?2B

One thing we know for sure: The 19-year-old actually hovered over the sleeping baby, as this was caught on tape. The man admitted to involvement in two other Houston burglaries, and in one of those he had stolen a gun.

The latest crime occurred on April 5 and the video went viral. The burglar’s name is Christopher Gomez; he confessed to being the star of the video.

His arrest record includes breaking into a car and marijuana possession.

Gomez committed the April 5 crime while the baby’s family was asleep. Nobody heard him enter (makes you wonder what kind of home security the homeowner had, but that’s a whole new article). A laptop computer and briefcase, property of the homeowner, were found later in a neighbor’s yard.

Gomez’s lawyer stated that he’s not sure that the man in the video is his client (even though Gomez confessed). Furthermore, the lawyer, Ralph Gonzalez, pointed out that even if his client is the intruder, he didn’t harm the baby or anyone else. Gonzales added that the video makes the crime seem worse than it actually was.

Gomez is in jail meanwhile, but if he gets out, he’s ordered to remain within a thousand feet of his home and wear an ankle monitor.

Interestingly, as bailiffs escorted Gomez from the courtroom, he mouthed “Hi Mom,” to his family members. It’s safe to assume that his mother then thought, “Where did I go wrong?”

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Make Information Security a Priority

Just about everyone has private information that should be protected. Let’s begin with something you’ve surely heard of: antivirus protection.

3DBut this isn’t enough to guard your personal data. A free antivirus service may not even update automatically, and this is very important to keep up with rapidly evolving technology. Your protection is worth the fee for Antivirus, a firewall, antiphishing software and antispyware.

When’s the last time you updated your browser? Hackers love old, outdated browsers. After you finish this article, update your browser and set your computer to automatically download any future update.

The same goes with your operating system. Update!

Don’t miss out on encryption, which scrambles data so that prying eyes can’t make sense of it. Your computer might already have the feature of encrypting folders, files or the whole disk. If not, you can get a third-party encryption program for free.

If your computer were to crash right this instant, how much data would you lose? You shouldn’t lose much if every day you back your data up on an external drive. Another option is a cloud-based storage system, which is encrypted. The fee for that may be $100 annually or less.

We all know that 123qwe is such an easy password to remember, especially if it’s for all gazillion of your accounts. You know whom else finds this very convenient? Hackers!

If it’s easy for you, it’s easy for them! Every account should have a unique password, and if this is too dizzying, then use a password manager. And choose long passwords that include various characters and exclude words that can be found in a dictionary or successive numbers/letters on a keyboard.

That wireless connection of yours is great—for your neighbor if he decides to get a free ride, or even hack into your data. A WPA2 encryption built into the router will protect you. With public WiFi, use a virtual private network like Hotspot Shield.

Your smartphone also needs protection with all the tools mentioned above, and that includes a VPN.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Healthcare Providers: Customer Security is Good Marketing

Consumers are on red alert about sharing personal data with businesses, thanks to the widespread publicity of major data breaches. As a result, many consumers feel trapped when they know they must reveal personal information just to get basic quotes for healthcare services.

2PTo get a quote, the potential customer must fork over a Social Security number and birthdate—enough information for a thief to use to commit fraud and identity theft.

Consumers feel as if there’s no escape: Data can be stolen at any point: over the landline phone or smartphone, on “trusted” websites, in servers … thieves are just waiting to pounce. So even though a potential (or current) customer has faith in an organization, the customer may be afraid of the pathways they must use to interact with the organization.

Stolen healthcare information is a goldmine for cyber criminals. It’s big business. This means that protecting it is big business.

A way for healthcare organizations to set themselves apart from their competition is to put a big premium on caring about the customer’s data security. You can’t be nonchalant. You must create a striking impression of sincere concern.

Consumers need a lot more than just hearing how well you’ll reduce employee negligence, enforce HIPAA compliance and create methods of foiling cyber attacks.

Of course, consumers need assurance you’re doing the aforementioned tasks, but consumers also want to know what the healthcare organization will do in the event of a breach.

AllClear ID outlines the key strategies that will make a big impression on current and potential enrollees in a healthcare plan:

  1. The most state-of-the-art IT practices must be brought on board so that all facets are secured, such as cloud services, computers and smartphones.
  2. All levels of personnel must receive training to minimize errors and be able to comfortably discuss data security with customers
  3. A stronger security system must be set in place for the business’s computers and the employees’ personal devices.
  4. Adherence to HIPAA policies must be improved.
  5. Potential customers must be made aware that the company offers an identity protection plan—as this will ease apprehension in the potential consumer.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Facebook Security for Parents and Teens

Facebook offers a hefty amount of security measures that parents and teens should know.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813The Login

  • Social authentication. A hacker will have a harder time hacking into your Facebook account if he or she must identify your friends via photos. This verification process is social authentication, and it’s easier to use than having to remember another password.
  • ID verification. A new user must create a security question with an answer. An extra layer of security is achieved when the user adds their smartphone number so they can receive a text message with a code.
  • One-time password. You can get a one-time password; just send a text to 22605.
  • Login approval. Suppose someone logs into your account with an unfamiliar device. A code will be sent to your mobile. The user will need to verify the login next time they try to log in.
  • Session classifier. Every login is verified using details like your device and location.

Online

  • Application classifier. This checks out application activity to see if it’s suspicious.
  • User action classifier. This detects when a user’s behavior is suspicious.
  • Link scanner. Every day, Facebook scans over a trillion links. Every link is compared against not only Facebook’s, but also other Internet security companies’ databases of known malicious or spammy links.
  • Photo DNA. About 300 million photos are uploaded every day to Facebook, and Facebook compares these to its blacklist database of images from international, federal and state law enforcement agencies.

The Logout

  • Hacking suspicion. If you suspect something fishy, you can manually shut Facebook down and reset your password.
  • Login alert. You can approve the device you use to log in, though you can get a security notification if you log in from an unapproved device.
  • Guardian angel. If you can’t gain access to your account, your friends can receive a code. Then pre-select these individuals from the account settings page.
  • Roadblock. Your profile will be locked by Facebook and scanned with security software, should your account be infiltrated with malware. A cleaned-up account will be certified by Facebook.
  • Remote logout is available.

Considerations for Teens

The age setting. Many kids lie about their age on social media. Have your child sign into Facebook and go to the profile “About” page to make sure their birthdate is correct.

Liking ads. Warn you kids about what can happen if they “like” an ad. Liking an ad will likely result in receiving updates from the ad page, and the user’s name could become associated with future renditions of the ad. Is this what your teen wants? Ask your teen how important it is for them to “like” an ad just because the ad has this feature.

Unliking. Once you “like” something, doesn’t mean you can’t unlike it. To find out what your teen has liked, visit the profile page and click “More,” “Likes,” then “Other Likes.” Hover at the upper-right corner; a pop-up box will result with a choice to unlike. Learn of your teen’s apps by going to Facebook’s main page to click on “Apps,” located on the news feed’s left side. Here you can disconnect applications.

Flag ads. Think an ad is inappropriate? Flag it by clicking the small “X” or down-arrow located at the top right of the unappealing ad. Click “I don’t want to see this,” then “It’s offensive or inappropriate,” and then click the reason.

Free games may mean free unwanted software. Warn your teens that downloading a free game can also download a lot of undesirable clutter.

Although Facebook now uses SSL encryption with login and user sessions, it’s still a good idea to use an additional layer of protection on wireless sessions. Hotspot Shield encrypts your entire web surfing on any site, no matter its security settings.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Malware Can Hide in the Most Obvious Places

You never know when malware will bite. Even browsing an online restaurant menu can download malicious code, put there by hackers.

6DMuch has been said that Target’s hackers accessed the giant’s records via its heating and cooling system. They’ve even infiltrated thermostats and printers among the “Internet of Things”.

It doesn’t help that swarms of third parties are routinely given access to corporate systems. A company relies upon software to control all sorts of things like A/C, heating, billing, graphics, health insurance providers, to name a few.

If just one of these systems can be busted into, the hacker can crack ‘em all. The extent of these leaky third parties is difficult to pinpoint, namely because of the confidential nature of the breach resolution process.

A New York Times online report points out that one security expert says that third party leaks may account for 70 percent of data breaches, and from the least suspected vendors, at that.

When the corporation’s software remotely connects to all those other things like the A/C, vending machines, etc., this is practically an invitation to hackers. Hackers love this “watering hole” type crime , especially when corporations use older systems like Windows XP.

Plus, many of the additional technological systems (such as video conference equipment) often come with switched-off security settings. Once a hacker gets in, they own the castle.

The New York Times online report adds that nobody thinks to look in these places. Who’d ever think a thermostat could be a portal to cyber crime?

Security researchers were even able to breach circuit breakers of the heating and cooling supplier for a sports arena—for the Sochi Olympics.

One way to strengthen security seems too simple: Keep the networks for vending machines, heating and cooling, printers, etc., separate from the networks leading to H.R. data, credit card information and other critical information. Access to sensitive data should require super strong passwords and be set up with a set of security protocols that can detect suspicious activity.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

How Law Enforcement Detects Breaches Before Victims

Law enforcement agencies detect data breaches before businesses do because the former seeks evidence of the cyber crime, reports a networkworld.com article.

1GUnlike law enforcement agencies, businesses don’t go undercover in hacker forums. Nor do they get court permission to bust into enclaves of cyber thieves. Businesses don’t have moles. It continues: Law enforcement agencies interview imprisoned cyber crooks. The FBI does a lot of undercover work.

Law enforcement may then approach a company and say, “You’re being victimized; we have the evidence.” But often, the company may be skeptical of such a claim. Admittance means facing government response and upset customers

The law is always buffing up on its skills at fighting cybercrime to keep up with its evolution, such as a drastic decrease in solitary criminals and an increase in complex crime rings. These rings have all sorts of technical tricks up their sleeves, including hosting their own servers and changing up their communication methods to vex law enforcement. It doesn’t help that some foreign countries don’t place an emphasis on fighting cybercrime.

The evidence that the law presents to the business when that time comes is rock solid, though again, the company may lack aggression in its immediate response. The company’s legal counsel is commonly the first person to get the forensics report. Upper management usually gets involved before the IT department does. This is all part of keeping legal control over potentially harmful situation.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Medical Identity Theft Can be Deadly

If you feel like you are starting to get the flu, going to the doctor’s office can get you some medicine and get you on the road to recovery. But, there’s no pill or surgery that can protect you from medical identity theft—which can kill you. Literally. The thief who steals your identity doesn’t mean to kill you; he just wants to obtain free medical care on your dime.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813If a thief has access to your personal information, he can pose as you and see doctors and have procedures done—for free or for a nominal copay. The crook uses fake IDs and phony insurance cards to pull off this scam.

The problem really starts kicking in when the imposter’s medical situation gets tacked onto your medical record—since they are posing as you. This can result in a number of harmful outcomes for you. Not only can it potentially cause misdiagnoses, you could be issued a prescription to a drug that you have a fatal reaction to.

Just think about it for a moment: Someone else’s medical condition getting integrated with yours. This can cause a lot of problems. You could be denied medical coverage or lose your current coverage because of false information in your medical records. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) protects your right of access to your medical records. If someone else is pretending to be you and accessing your records, you might not be able to access your own records. That’s a scary thought.

But even you are lucky enough not to suffer any negative consequences to your health as a result of the medical identity theft, cleaning up the mess can be enough to give anyone a heart attack.

So how can you prevent becoming a victim of medical identity theft?

  • Protect your mail: Install a locking mailbox so no one can access your mail.
  • Keep medical documents secure: Keep all of your hard copy medical documents in a file that locks. If it’s in cyberspace, make sure the files are encrypted and not in folder on your desktop that says “Medical.”
  • Shred all medical documents: Make sure to properly dispose of your medical documents so you don’t become a victim to dumpster-diving thieves. This includes digital files as well.McAfee LiveSafe (put tm in here and links this) service comes with a digital shredder that uses higher than government standard file shredding—don’t rely on simply putting something in the “trash bin” on your computer and then emptying it.
  • Leave medical cards at home: Only take them when you are visiting the doctor. If you’re worried you might need them in the event you have an accident and need immediate medical treatment, memorize your health ID number. If you’re unconscious upon arriving at an ER, you’ll get treated anyways—it’s the law. Simply provide your medical card after the fact. Don’t carry identity cards either: Identification cards or Social Security number cards should also be left at home in a safe place. Since many medical systems use these numbers as your identifier on the policy, you don’t want them falling into the wrong hands. And with access to these cards, a thief could easily create the fake credentials needed to commit medical identity theft.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Most Toxic Superhero 2014

It’s a bird! It’s a plane! It’s Superman! Yes, this superhero might be the epitome of courage, justice, and strength, but he might also be the biggest threat to you online.

We’ve entered a new age of superheroes. No longer are they just pictures in a comic book. They are now accessible on computers, game console devices, and mobile devices. Superheroes like Captain America, Thor, and Spiderman star on the silver screen. The Green Arrow and The Flash have their own television shows. Videos like Batkid and the Spiderman dad went viral on YouTube (and consequently, melted our hearts).

This is great news to comic publishers like Marvel and DC Comics. Unfortunately, it’s also good news to hackers and scammers too. Cybercriminals know that search engines (like Google, Yahoo! and Bing) can also be used for criminal means. Therefore, they use popular search terms to draw victims in like celebrity gossip, holidays, viral hits, and…you guessed it…superheroes.

McAfee just released a study on the Most Toxic Superheroes that analyzed what superhero search led to the most risky websites using McAfee® SiteAdvisor® site ratings. And the Man of Steel topped the list. The study determined that searching “Superman,” “Superman and free torrent download,” “Superman and watch,” “Superman and free app,” and “Superman and online,” yields a 16.5% chance of landing on a website that has tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.

This year the Most Toxic Superheroes are:

superhero

Here are some things you can do to protect yourself:

  • Be suspicious: If a search turns up a link to free content or too-good-to-be-true offers, be wary
  • Double-check the web address: Look for misspellings or other clues that the site you are going to may not be safe (for more on this, read my blog on typosquatting)
  • Search safely: Use a web safety advisor, such as McAfee SiteAdvisor that displays a red, yellow, or green ratings in search results, alerting you to potential risky sites before you click on them
  • Protect yourself: Use comprehensive security software on all your devices, like McAfee LiveSafe™ service, to protect yourself against the latest threats

Want to know more? Join the discussion on Twitter using hashtag #toxicsuperhero.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.