This Earth Day, “Clean” Your Device Before You Recycle It

/in /by

One man’s trash is another man’s new identity?Yes, because that “junk mail” you toss in the garbage contains valuable data about yourself. A crook bent on identity theft can potentially have a field day with your discarded pre-approved credit card applications, bank statements, etc. Using a paper shredder before throwing out letters and documents such as these will help protect you and your family.

http://www.dreamstime.com/royalty-free-stock-image-keyboard-recycle-button-green-white-icon-image35645776You should take this same vigilant approach when recycling your devices, whether that be your computer,external hard drive, mobile phone or tablet. This ensures no matter where your recycled device ends up, you can feel secure knowing it contains zero data about  you—and a factory reset will not necessarily achieve this.

Here’s how to “clean” the data on your mobile device:

  1. Do a factory reset. Every mobile phone contains software to do this.
    1. To reset Android: Menu > Settings > Privacy > Factory Data Reset.
    2. To reset Blackberry: Options > Security Options > General Settings > Menu > Wipe Handheld.
    3. To reset iPhone: Settings > General > Reset > Reset All Settings.
    4. For other phones, you can find out how to reset by doing an online search using the appropriate keywords, including the model number.
  2. Get rid of data that is on external media, like SIM or SD cards. Your best bet is to cut them in half.
  3. You can use a mobile security product, like McAfee® Mobile Security, to wipe your mobile clean of all its apps and data.

How to “clean” the data on your computer:Before you get rid of your computer, you must make sure that it’s impossible to recover the data on the hard drive. Simply putting things in the trash can and deleting them is not enough. If someone is skilled enough, they can almost always retrieve data left over on a hard drive. It’s your choice on how tough you make it for your computer’s new owner to do that.So don’t rely on these tasks.

Use a utility designed for wiping or erasing. This tool will overwrite everything with binary 1’s and 0’s. In fact, these tools meet government security standards and will overwrite each sector in your hard drive multiple times.McAfee Shredder, in which is included with McAfee LiveSafe™ service, is one of these tools. It will permanently wipe everything off your PC to protect your privacy.

This Earth Day, join the movement and demonstrate support for environmental protection. Just make sure to protect yourself first!

Protecting Your Business’s Data From Organized Crime

/in /by

Organized crime rings are using brains, not brawn, to target small businesses and steal critical data. Protect your business by putting these 11 security measures into place.

1DOrganized crime has always been known to be all about muscle … but even the bad guys have evolved. Seems organized crime syndicates have discovered that more money can be made in less time with less hassle simply by employing brains over brawn.

As technology and technology skills have evolved, it’s become painfully easy to employ hackers to break into small businesses’ networks and seek out sensitive data and personal information.

Meet the members of your friendly neighborhood crime ring:

Programmers: skilled technicians who write and code viruses that target a business’s network PCs.

Carders: specialists in distributing and selling stolen card data and sometimes transferring data onto blank “white cards” then embossing them with foil in order to create exact clones.

Hackers: black-hat intruders who look for and exploit vulnerabilities in networks.

Social engineers: scammers who may work with psychologists who dream up the different scams and then con victims via phone, phishing or in person.

Rogue systems providers: unethical businesses that provide servers for criminals.

Money mules: often drug addicts or naïve Americans who buy items at retailers with stolen credit cards. Some mules ship products, and others launder money. Mules may be from a foreign crime syndicate’s nation and travel to the U.S. to gain employment within an organization and open bank accounts to store money until transfer.

Bosses: in charge of the entire operation. Bosses delegate, hire talent and make all the money.

Why Target Small Businesses?

Organized criminal hackers all over the world use sophisticated hacking tools to penetrate databases that house a small business’s client data. In general, they’re seeking:

  • Social Security numbers
  • Credit card numbers
  • Bank account information
  • Home and business addresses
  • Birth dates
  • Email addresses

Why do they do it? Simple—their primary motivation is to get paid. They accomplish this by opening new lines of credit or taking over existing accounts. Transactions include making charges to credit cards, initiating electronic fund transfers or using email addresses for large phishing or spear phishing campaigns.

How Hackers Hack

Hackers are the bad guys who use penetration-testing tools—both legal and illegal—that are available commercially or only available on the black market. Their tools come in different forms of hardware and software that seek out vulnerabilities within a small business’s network.

Vulnerabilities may be physical, as in facilities vulnerable to intrusion, or may be people who are vulnerable to social engineering. Virtual vulnerabilities exist in a business’s Internet connection (whether wired or wireless), an outdated browser or an outdated operating system—any of which may be vulnerable if they don’t have updated security patches. Vulnerabilities can also be exposed via social engineering: A criminal simply gets on the phone, sends an email or shows up in person and cons a target using any of a variety of methods.

Protecting Your Data

There are plenty of ways to get taken. But there are also plenty of ways not to. The fundamentals of protecting your business’s data include:

  • Maintaining updated operating systems, including critical security patches
  • Installing and running antivirus, antispyware and antiphising software and a firewall
  • Keeping browsers updated with the latest version
  • Updating all system software, including Java and Adobe
  • Locking down wireless Internet with encryption
  • Setting up administrative rights and restricting software, such as peer-to-peer file sharing, from being installed without rights
  • Utilizing filtering that controls who has access to what kind of data
  • Utilizing Internet filters to block access to restricted sites that may allow employees or hackers to upload data to Cloud-based storage
  • Possible disabling or removing USB ports to prevent the downloading of malicious data
  • Incorporating strict password policies
  • Encrypting files, folders and entire drives

These 11 steps are a good start. However, standard security measures are never enough. Depending on the size, scope, type of data requiring protection, compliance and regulatory environment, possible insider threats, and what “bring your own device” policies may be in place, risks and threats must be defined and prioritized. This often requires consulting a professional.

There are two considerations small businesses must take into account that go beyond a low-budget, “do it yourself” mentality:

1. Data loss prevention and risk assessment software. This type of software monitors an entire network’s activities and behaviors to seek out events that might lead to a breach and then stop them before data loss.

2. Penetration testers. These are white-hat hackers who use similar tools as black hats to seek out vulnerabilities and exploit those vulnerabilities as far as they’re allowed by the client. They might use automated tools to seek technology vulnerabilities, or employ virtual or physical social engineering. For instance, some penetration testers will test the physical security of a building during or after hours. Penetration testing involves real-world attacks that have been proven to work elsewhere, along with seeking out flaws in a business’s networks.

The worst thing any small business can do is nothing. Failure to test your networks and put layers of security in place will inevitably result in a breach. Forewarned is forearmed.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

What is Cookiejacking?

/in /by

“Cookiejacking” may sound like someone taking a bite out of that delicious chocolate chip cookie you were planning to have after lunch, but it is actually an online security risk that could lead to your personal information falling into the hands of a cybercriminal.

2DBut to understand this risk, you first need to know about Internet cookies. An Internet cookie is a small text file that gets stored on your computer or mobile hard disk from a website that you have previously visited, so the next time you’re on that site, it alerts the site that you’re back.

The cookie holds information such as an identifier the site assigns to you, and any preferences or personal information you may have shared with that website, such as your name and email address. Cookies are the reason why you may see a message that says “Welcome back, John” when you revisit a website.

Now that you know what an Internet cookie is, you can better understand cookiejacking. This is when your device’s cookies are stolen, potentially giving thieves access to the information they hold.

This can be problematic when the cookies stored on your computer contain sensitive and personal data, such as your bank login information and social media account passwords. A cybercriminal could use the stolen information to access your accounts or impersonate you.

Of course, clicking on links in malicious emails or on risky websites increases the odds that you could fall victim to cookiejacking, so the more dangerous clicking you do, the more at risk you are.

How do you avoid cookiejacking?

Here are a few simple tips to help you avoid falling victim to this security concern:

  • Be careful where you click—Especially when playing games on social networks since this could be a trap set by a cookiejacker; all of your clicking will enable the thief to steal your cookies. Also be wary of links in emails, text messages and instant messages, especially if they’re from people you don’t know personally.
  • Use a safe search tool—Utilize a free browser plug-in, like McAfee® SiteAdvisor® that warns you if you are going to a risky site. For Android users, this feature is available as part of the free McAfee Mobile Security.
  • Consider using private browsing mode—The private browsing mode prevents access to cookie files already saved on your device, but more importantly, it stores cookies for the active session in memory. This means that a page crafted for cookiejacking cannot access older cookies nor active ones, because there is no path to them.
  • Install comprehensive security on all your devices—Make sure you protect all your devices with security like McAfee LiveSafe™ service that includes anti-malware, anti-spam, anti-phishing and a firewall so that you are less likely to be a click-jacking victim.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

6 ways College Grads can Protect Online Reputations

/in /by

Here’s what you, the new college grad, can do to clean up and protect your reputation in the online world.

14DThese days, it’s crucial for college grads seeking jobs to have an online reputation that’s as clean as a whistle. I’m an online-security and ID theft expert, so trust me when I say that yes, employers DO take into account what you did at that party during your sophomore year.

How College Grads Can Clean up Their Online Reputation

A prospective employer will likely Google your name, then read the sites it’s on. And don’t assume that you’re protected by a “Joe Smith” kind of name. An astute employer will find the right Joe Smith.

One of the first things a new college grad should do, to prepare for a job interview, is to prepare for what the person hiring is likely to do (either before or after the interview): look you up online.

Find out what people are saying about you in cyberspace. Use a tool like Google Alerts, Tops, Social Mention and Sysmosys, among others. Monitor these on a daily basis.

If your own search turns up nothing bad about you on Facebook, Twitter, YouTube, LinkedIn and other biggies, this doesn’t mean nothing bad exists. Go deeper into the search results. Type in your middle name or just initial, or some associative fact like hometown name, to see if that alters results.

Cleaning up your online reputation, then, begins with seeing if it needs to be cleaned up in the first place. This is more important for a college grad than, say, getting that perfect manicure for job interviews or that perfect hair tinting job.

The prospective employer these days may be more interested in what your name pulls up in search engines than how perfectly coordinated your shoes are with your power suit.

Being digitally proactive keeps your online presence clean.

  1. Digital security is a must. We’ve all read about politicians, celebrities, news organizations and major corporations who’ve been hacked and negative stuff was posted from their accounts. Even when you regain control of your hacked account those unwanted posts can leave searchable breadcrumbs.  Make sure your devices are protected with antivirus, antispyware, antiphishing and a firewall. Secure free Wifi connections with Hotspot Shield VPN.
  2. New college grads should invest time picking apart their Facebook page and any other kind of social media where they have the ability to change what’s on it. Delete anything relating to drinking, sex, drugs, being tired all the time, political and religious views, use of offensive words, anything that fails to benefit your reputation online.
  3. Even a comment like “Old people are bad drivers” can kill your chances of landing a job. Think before you post.
  4. Unfortunately, if someone has posted something negative about you on their blog, there’s nothing you can do unless you want to pay something like $2,000 to hire a company to knock negative Google results deep into the search pages (a prospective employer probably will not go past a few pages deep once they locate information about you). But paying someone is a viable option you should consider.
  5. A college grad can protect their online reputation by never using their name when signing up for a forum board where they may make posts that, to a prospective employer, make the job seeker look bad. If you want to post on the comments page for Fox Sports, for instance, don’t use your real name.
  6. Don’t even use your real name for signing onto support sites for medical conditions, for that matter. You just never know what may rub a prospective employer the wrong way.

The college grad’s reputation needs to appear as perfect and “pure” as possible in the online world.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Heartbleed: Free Tool To Check if That Site is Safe

/in /by

I’m sure you’ve heard the news about Heartbleed by now (unless you’re in vacation wonderland and have taken a tech break). This is a serious vulnerability in the core of the Internet and is something we all should be concerned about.

heartbleedHeartbleed is a kink in encryption software, discovered by security researchers. It is a vulnerability in OpenSSL and could affect nearly two-thirds of websites online. If exploited, it can leak out your passwords and login names, thus putting your personal information at risk.

That’s why McAfee, part of Intel Security, is responding to the dangerous Heartbleed vulnerability by releasing a free tool to help consumers determine if a website they visit is safe or not. You can access the tool, here: http://tif.mcafee.com/heartbleedtest

McAfee’s Heartbleed Checker tool works by entering any website name to find out if the website is currently vulnerable to Heartbleed.

Steps to protect yourself:

  • Go to McAfee’s Heartbleed Checker tool http://tif.mcafee.com/heartbleedtest and enter any website URL to check if it’s vulnerable.
  • If the site is deemed safe your next step would be to change your password for that site. Remember, changing your password before a site is patched will not protect you and your information.
  • If the site is vulnerable, then your best bet is to monitor the activity on that account frequently looking for unauthorized activity.

Once a site has been patched so it’s no longer vulnerable to the Heartbleed bug, you should change your password. Here’s some tips to remember:

  • Use strong passwords that include a combination of letters, numbers and symbols and are longer than 8 characters in length – heck the longer the better. Below is a good animation on how to create a strong password.
  • Use a password manager, like McAfee SafeKey which is included with McAfee LiveSafe™ service that will help you create strong password and remember them for you.
  • Use two-factor authentication for increased security. You get a one-time code every time someone tries to log into the account, such as those for banks, social networks and email.

Heartbleed aside, passwords are more vulnerable than ever, and just in general, should be changed every 90 days for important accounts. And remember, if your information was exposed, this is a good time to watch out for phishing scams.

A phishing scam is a ploy that tricks you into entering sensitive data, like usernames, passwords and bank account information, by emulating a familiar website.  And if your information is compromised, even if it’s just your email address, scammers could use this to try and get your other sensitive information.

Remember, in this day and age, we all need to be vigilant about protecting ourselves online.

Stay safe!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247

15 tips to Spring Clean Your Digital Security

/in /by

As a security analyst for both off-line and online activity, which is personal protection and information security, I’m constantly analyzing my own security situation. This means paying attention to my surroundings, systems in place, the security of my hardware, software and data. One way to get a closer look at all of this and to get refocused, is to remove the clutter, upgrade technologies, and do a Spring Clean. I heavily recommend that you perform the following 15 tasks for tightening up your digital security affecting your overall security position.

7WClean up and secure your digital life:

1. Do away with useless files. Go through all folders, including the recycle bin, and discard files that you no longer use.

2. Organize media. Put music, photos, etc., in appropriately labeled folders. Maybe create a master folder for different kinds of related media.

3. Consolidate desktop icons. Perhaps you can put a few icons into another one if the topic is related: Put the “Muffin” and “Rover” files in one file labeled “Pets.” A desktop cluttered with icons will slow boot-up time. Consider “removing” an icon you hardly use; this won’t delete the program, but will get rid of the shortcut.

4. Uninstall programs you’ll never use. This will speed things up and reduce potential malware targeted software.

5. Review passwords. Update as necessary, making them unique, never the same, and use different characters upper/lower case and numbers. Install a “password manager”. Google it.

6. Make backups of important data on a flash drive or use online storage. Ideally, make a backup of your prized data that exists outside your house. I backup on 3 local drives and in the cloud in two places.

7. Consider reinstalling your operating system. This means gathering all your software and backing up all your data. Do a search on your devices OS and seek out “How to reinstall operating system Windows/Mac (your version)”

8. Mop up your system’s registry. This will clean out temporary files you do not need that have been picked up by your system over time. An accumulation of these files will slow your computer and make it prone to malware infections. CCleaner is a free tool that will do this job.

9. Update Internet security software. Use antivirus, antispyware, antiphishing and a firewall. Get a VPN for when using free wireless internet. Hotspot Shield is perfect. Google it.

10. Defragment your hard drive. For Windows 8 go to Files, then “defrag.” For older systems go to Program Files, Accessories, then System Tools. For the iOS, run its built-in Disk Utility app.

11. Install program updates. Updates include critical security parches: very important. For Windows go to Go to Start, Control Panel, All Programs and Windows Update. Click on “Check for updates” to see if you are up to date. For the iOS, go to the app store, then Updates.

12. Do not forget your mobile device. Update your smartphone, including weeding out unneeded apps. Update your mobile OS to the latest version. Several companies offer security apps that will scan a mobile’s apps. Some apps have features like a remote lock/locate/wipe that will prevent a thief from using your device should you lose it.

13. Social setting cleanup. Have you locked down how your private information on Facebook can be shared? If not, go to Privacy Settings, then Apps, then click “edit” which is next to “Apps others use.” Delete all your “friends” who really aren’t your friends.

14. Home security system. Upgrade this if it is old technology. New wireless home alarms connect to your network and include home automation features too. This includes surveillance cameras, motion detectors, glass break sensors and controlling lights and temperature. Opt for remote monitoring from any device using apps on mobiles and tablets.

15. Declutter your e-mail files. These can get very messy over time. First start with your in-box. What’s been sitting there for ages that you’ll never open? Delete it. Next go to the sent/trash folders and weed out no-longer-needed emails. Also scour through any other e-mail folders. Delete folders you no longer need, and/or trim down ones you still use but contain messages that are now meaningless.

Follow these 15 tips to spring clean your digital security. A freshly cleaned-out digital life will give you peace of mind and enhance your personal security. Taking the time to clean up your digital life will be well-worth it, so do not put it off any longer!

Robert Siciliano is a personal security expert to SecurityOptions.com discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Online Tax Time Scams: How to Avoid

/in /by

Filing your taxes online is convenient but also comes with some potential security problems. My job as an expert in all things online-security is to spell out what these online tax scam risks are and how to avoid them. As you get ready to file your taxes this year, here are some things you should know about.

9DThere were billions of fraudulent refunds that the IRS discovered for just 2012. Both consumers and business owners (small to medium) are being targeted by hackers during tax time. Following are tax time scams that are related to online filing:

  • Phishing: If you get an unsolicited email that seems to be from the IRS or similar, requesting personal information (especially bank account information, passwords or PINs) or claiming you’re being audited, it’s time to smell a big rotting phish. The IRS will never contact you via email, text message or social media. Make sure you don’t click on any links or open or download any attachments if you even suspect that the message is fake. Report any time of phishing to phishing@irs.gov.
  • The fake IRS agent: Crooks will pose as IRS agents and contact you by email or phone. They’ll already have a few details about you, probably lifted off your Facebook page, using this information to convince you they’re the real deal. If you sense a scam, go to IRS.gov/phishing.
  • The rogue tax preparer: It’s best to use a reputable tax return service, rather than an independent-type preparer. After all, some of these preparers have been known to charge extra high fees for getting you a bigger return, or steal some of your refund.

Additional Tips for Online Tax Time Scam Protection

  • Protect your data. From the moment they arrive in your mailbox, your personal information (financial institution numbers, investment records, Social Security numbers, etc.) must be secured. Don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact and are sure of the recipient.
  • Chuck the papers. Opt for electronic statements to be received via email to eliminate paper statements coming into your mail box where thieves could get at them.
  • Check and monitor your statements. To ensure that you’re not a victim, the best thing to do is to monitor you monthly bank statements and do a credit report at least once a year.
  • Use a clean machine. Make sure that the computer you use is not infected or compromised. The operating system and browser should be updated. It should have comprehensive, up to date security software, like McAfee LiveSafe™ service, which protects all your devices, you data and your identity.

If you’re vigilant and follow these guidelines and you won’t have to deal with online (or offline) tax time scams. You can also watch this video from the IRS.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)

Cyber Insurance vs. General Liability

/in /by

One of the biggest data breaches of all time involved that of Sony Corp. The hackers stole confidential information from tens of millions of Sony PlayStation Network users. Despite this humongous breach, something surprising happened: New York Supreme Court Jeffrey Oing ruled that Mitsui Sumitomo Insurance Co. and Zurich American Insurance Co. owed NO defense coverage to Sony Corp. or Sony Computer Entertainment America LLC.

4HAnd why? Oing said that the coverage can’t be triggered through a third-party action: that by the hackers.

It seems, then, in order to get coverage, Sony itself would have to do the hacking. “They’re being held liable even though the wrongdoing was done by a third party,” explains Robin Cohen to Law360. Cohen heads a law firm that handles insurance recovery.

To determine coverage obligations, Zurich filed a lawsuit against Sony, which had to shut down its PlayStation Network for a month.

Oing’s ruling will likely motivate companies to obtain policies that specifically insure against data breach claims. However, many companies believe that such specific insurance is already built into their current general liability policy.

Insurers all across the nation are wanting to put language in their policies that exclude coverage of losses stemming from data breaches, which include loss of credit card information. However, courts have the final say-so in just how far these exclusions can go.

Companies need to seriously consider cyber insurance policies that specialize in coverage of data breach losses.

K&L Gates LLP partner Roberta Anderson told Law360, “Irrespective of whether the Sony trial court’s view is widely adopted, it’s ill-advised for policyholders to rely on general liability policies for data breaches.”

It’s expected that Sony, which has strong arguments for their appeal according to policyholder attorneys, will challenge Oing’s decision.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Beware of the One Ring Scam

/in /by

“The Ring” means more than just a dead girl crawling out of a well; it can also mean the one ring that you get on your cell phone that’s designed to get you to call back to find out who the caller was—only you’ll end up getting a charge on your next bill instead.

9DThe official name of this scam is the “one ring,” and here is how it works:

Your cell phone rings once. You may not get to the device in time to answer, and you don’t recognize the number and are curious, so you call back. You’re then connected to some chat line or international adult entertainment service.

If you answer the device while it’s still in ring mode, the “caller” will hang up, but you can still get charged simply for answering, even if you don’t call back. ($19.95 fee for an international call, and/or a $9 per minute charge).

The scam works via a computer that randomly sends out thousands of calls to cell phone numbers. And your number may be that lucky number. The Better Business Bureau warns that if your mobile rings once, don’t call back.

Apparently, this scam, committed by crooks called crammers, originates from the Caribbean Islands. If you think you’ve been crammed, contact the BBB as well as your mobile carrier. Review your bill closely for any unauthorized charges.

What if you want to answer your phone the moment it rings? If you see the following area codes from the incoming call, do not answer (remember, simply answering the call can net you a charge): Jamaica (876), Dominican Republic (809), British Virgin Islands (284), Antigua (268) and Grenada (473).

There have been thousands of reviewed complaints about this crime, according to the Federal Trade Commission and the Federal Communications Commission. And the crime of cramming is expected to get bigger.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Workplace Violence: 12 Signs Of A Dangerous Person

/in /by

Workplace violence is something everyone needs to be educated about. Know the warning signs to protect yourself and your employees.

7HThe Navy Yard shootings were a harsh reminder that, while studies show violence is down overall, workplace violence is a problem that doesn’t seem to be going away.

I appeared on CNBC to discuss the shootings, and addressed what can be done to prevent this from happening in the future. Everyone seems to be looking for a silver bullet to solve these problems, and many think technology will solve the problem. Interestingly, the anchor pointed out that if the NSA monitors people’s chatter online and in the social media sphere, then surely it should be able to step in and thwart a crime.

If it were that easy, there’d be no crime. (And the NSA might only look at less than 1 percent of the data it has access to.)

What can be done to prevent this from happening in the future? Those who study workplace violence know that there is a psychological profile of someone who is likely to commit an act of violence. Every business owner should know and understand the signs. A combination of a few (or more) of the following behaviors should be reason for concern.

  • Difficulty getting along with others: They are unreasonable and often make inappropriate remarks about others. They are never content with the status quo and are always upset by everyone and everything.
  • Controlling behaviors: In their minds, they are superior and everyone else is beneath them. They always force their opinion on others. They are control freaks and can’t deal with change.
  • Clinical paranoia: They may not yet be diagnosed, but they think others—including their friends, family, fellow employees and the government—are out to get them. They are conspiracy theorists.
  • Power obsession: They own firearms, are members of paramilitary groups, and subscribe to numerous military, law enforcement or underground military group chat communities or newsletters.
  • Victim attitudes: They never take responsibility for their behaviors, faults, mistakes or actions. They always blame others; it’s always someone else’s fault. They may have had trouble with the law, even just a minor incident, but it wasn’t their fault.
  • Litigious nature: Taking legal action against neighbors and employers and constantly filing grievances is their way of virtually controlling others. Everything is blown out of proportion.
  • Constant anger: Hate and anger are how they get through the day. Coworkers, family, friends and the government are all the reasons why they are mad, mad, mad.
  • Violent opinions: They see acts of violence in the media, such as shootings, mass murders, racial incidences, domestic violence and executions as reasons to celebrate. They say victims “got what they deserved.”
  • Vindictive references: They say things like, “He will get his someday,” or “What comes around goes around,” or “One of these days I’ll have my say.”
  • Odd behaviors: They might be good at their jobs but lack social skills. Their presence makes others feel uncomfortable. They have an edge to them that makes others not to want to be around them.
  • Unhealthy habits: Sleep disorders, always being tired, dramatic weight loss or gain, or numerous health-related problems issues plague them. They are often addicted to drugs, alcohol or numerous other substances or experiences.
  • Recent layoff: A combination of any of these traits that leads to job loss can set an ex-employee off. As a society, we introduce ourselves by our job description: “Hi, I’m Robert Siciliano, and I’m a personal security and identity theft expert.” But really, I’m also a dad, son, husband, etc.—and if any of these things are taken away, resulting in significant emotional despair, it can sometimes push people over the edge.

Knowing the warning signs is a good start to preventing the unimaginable from happening at your workplace, but you’ll also need to stay vigilant and educated. Preventing active shooters involves multiple layers of security. Make sure all your managers and employees know the warning signs. Workplace violence isn’t a technology problem that can be cured with a fence or a security camera. It’s a serious people problem that can only be fixed with intervention.

On CNBC, when I gave an example of a worker who demonstrated all these behaviors and the necessity of the fellow employees or even a family member to drop a dime, the anchor said, “Yes, but there’s always been a cultural resistance for fear of implicating the wrong person.” My response: “So what!?” My view is that it’s better to be safe than sorry. Take precautions to protect yourself, your employees and your business, and if something doesn’t feel right, speak up. It could save lives.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.