Meeting a Stranger: Safety Tips for Online and In-Person

/in /by

A simple yet comprehensive guide to staying safe when meeting a stranger in person or dealing with one online.

1SDI have been involved in the security industry for years, and one of the most common questions I get is how to be safe when meeting a stranger online or in person.

Safety Tips for Online Stranger Encounters

  • When online, give out as little info as possible.
  • If possible, meet people on sites that scrutinize their users, though even an extensive profile can be convincingly faked. Do your homework on these sites.
  • Don’t rely only on profiles. Seek out their name online to see what comes up.
  • Use a disposable e-mail address (or phone number) service or app.
  • Speak on the phone first; it’s harder for a man to pretend he’s a woman this way.

In-Person Safety Tips with Strangers

  • Use your smartphone to share where you’ll be with family and friends. There are apps that will let trusted people view where you’re at.
  • Choose more than one meeting place (well-lit, very public). This is because you may want to go to a second location if it’s a date, or if it’s a buy-sell, the other person may get lost.
  • For a buy-sell, bring someone with you.
  • For dating or business, bring minimal cash, only the amount you expect to pay for an item. Keep extra cash (for haggling) separate and unseen by the stranger.
  • If the stranger must come to your home to view an item you’re selling, leave your front door open. Try to have someone with you.
  • Do a background check on anyone whose house you’re going to (such as to clean or babysit).

Safe Strategies with Strangers

  • Never get into a car with a stranger.
  • Arrange a nearby meeting place for you and trusted friends, after your blind date or business meeting. If it’s a blind date, your friends could be across the street having dinner; only one text message away.
  • Stick to your meeting place plans; don’t veer off-course.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Health Care Information Breaches rise

/in /by

Medical errors can also mean medical identity theft—accounting for 43 percent of all 2013 identity theft in the U.S., says the Identity Theft Resource Center. Medical identity theft kicks other forms of ID theft to the curb: banking, finance, government, military and education.

2DFraudsters invade health data to illegally obtain prescription drugs, services or devices and to get insurance reimbursements.

Making the situation stiffer is the Affordable Care Act, as the implementation of federal and state health insurance exchanges involved malfunctioning online marketplaces. Plus, the Act promotes digitizing medical records, and you know what that means.

What about an honor system?

HIPAA—Health Insurance Portability and Accountability Act (now you know why it’s not “HIPPA”)—and the HITECH Act define what health care providers must do to protect patient privacy. Violations of these acts can net stiff fines including up to 10 years’ prison time.

However, HIPAA has exceptions, such as “public health activities” and “health oversight activities” in which confidential information is shared.  People who know that HIPAA isn’t airtight can be turned off from revealing they have an STD or a psychiatric disorder to their doctor unless absolutely necessary.

Patients must be notified by their health plan, medical institution or medical provider when it’s been determined that their health information has been breached, says HITECH law. The Department of Human Health must also be notified. The Department will reveal breaches that involve at least 500 patients.

The discovery, though, doesn’t solve the problem that has already occurred: the fallout from the leak. It’s fairly straightforward to have the right information put back in a patient’s files, but another story to get the fraudulent information taken out, due to fear of medical liability.

Take action:

The time is now to bring attention to how a business is protecting their clients’ data. The public wants to know their information is safe and the companies they hand it over to are doing everything possible to protect it.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Prowler Alert issued

/in /by

Two men, impersonating San Jose police officers, waltzed through the unlocked door of a woman’s home and told her they were there to check on her welfare. This happened in the early evening, and the men were described as being Hispanic and 5-7 and 155 pounds. They presented the woman with identification but she smelled a fish.

2BWhile the men were there, she called the Petaluma police dispatch center. One of the men was brazen enough to tell the dispatcher he was checking on the 66-year-old woman’s well-being, then hung up. The men then left the property.

The San Jose police said they had no officers in the Petaluma area, and are urging residents to keep their doors locked—no excuses—at all times. They should also request a photo ID of anyone claiming to be a police officer who’s in plain clothes.

Simple Home Security Guidelines

  • If a stranger is at your door, never speak to that person through an open door or screen door. Talk to them through a locked door.
  • Never allow children to answer the door.
  • Not all home invaders ring the doorbell or knock. Some barge in unexpectedly, so always have the alarm system on, even if it means having to always remember to turn it off when you step out.
  • And of course, get the home alarm system.
  • Have a 24-hour video surveillance system installed. The site of a camera usually scares off a would-be intruder. Cameras should point to all your doors and other access points.
  • Consider getting a German shepherd or other large breed that has a natural guarding instinct and innate territoriality. You may fret at the thought of having to take a dog for walks every day, cleaning up after it, feeding it, etc., but that will be more exercise for you (who doesn’t need more exercise?), a great companion that offers unconditional love, and a superb deterrent to a home invasion or burglary attempt.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Kidnapping’s 3 Stages: Lure, Induction, Captivity

/in /by

As a security and safety expert, I often lecture about all the facets of a kidnapping. There are three basic stages or phases of the kidnapping experience.

 http://www.dreamstime.com/royalty-free-stock-image-police-line-image27267376The Lure

Kidnappers premeditate and precalculate every move. Months of planning could go into an abduction that takes only seconds. The circumstances have to be perfect, like a solitary female at night in a barren area. The kidnapper has honed his charm skills and knows who will fall for his sob story to gain his trust.

On the other hand, some kidnappers don’t use charm or a ploy; they pounce out of the blue and take the victim by force.

Induction

At this point in a kidnapping, the charm or force is dropped because the victim is in the kidnapper’s domain. The victim is made to feel powerless.

But don’t forget that the kidnapper knows ahead of time who’s most likely to psychologically succumb to a feeling of hopelessness. Kidnappers often have excellent radar for feeling out perfect victims. Even then, the kidnapper will often torture the victim to further fragment them, including using elaborate restraints. The victim learns to be helpless.

Captivity

The de-powered victim may still try to escape, but feebly: a tap on a window rather than hurling a chair at it. The fear of punishment for a more aggressive escape attempt becomes greater than the will to escape. The victim’s mind morphs to adapt to the harrowing situation, sometimes to the extent of sympathizing with the kidnapper (Stockholm syndrome).

The victim may have many chances to escape, but fail to even flinch when the opportunity arises, such as the case of Shawn Hornbeck, who, during “captivity” for several years by the man who repeatedly raped him, was permitted to ride a bike throughout the neighborhood. We hear about extraordinary cases such as these, but cases in which the victim escapes (sometimes using aggression) after only two hours of captivity don’t get as much attention.

The three phases of a kidnapping do have subphases, but those presented above are the main elements.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Data Breach Notification Bill goes to the House

/in /by

H.B. 224, a newly introduced data breach notification bill for New Mexico, would mandate that organizations notify breached individuals within 10 days of breach discovery (unencrypted credit card data); and within 10 business days notifying the state attorney general if more than 50 NM residents are affected.

4DThe bill allows for a shorter notification deadline and for card carriers to sue for recovery costs linked to the breach; and customers can sue for statutory damages.

Companies operating in NM will also have additional data security and data disposal requirements, due to the bill. Enacting H.B. 224 would make New Mexico join 46 states who have data breach alert laws.

Payment Card Breach

  • Within two business days: Time allowed for card issuers facing a breach to notify all the merchants “to which the credit card number or debit card number was transmitted,” according to H.B. 224.
  • H.B. 224 would also set a risk of harm threshold regarding when an alert is required for card breaches.
  • If the magnetic strip data or other information is revealed, yielding harm or risk of harm to the cardholder and compromise of access device data, the bill would require notification. The card issuer would not need to give approval or direction.
  • Card issuers can sue for recovery of administrative costs if a card reader is breached or if there’s a problem with strip data.

Data Security and Disposal

  • The bill would make companies “implement and maintain reasonable” security measures to ensure protection of personal identifying information from illegitimate access or other fraudulent action.
  • Businesses would also have to include these data security standards in contracts involving “non-affiliated third parties” that they share personal information with.
  • Personal data, however which way it’s contained, be disposed of such that personal identifying information would be impossible to read or decipher.

Enforcement

  • The bill would authorize the state attorney general to seek injunctive relief and recovery of damages via court.
  • Failure of a company to notify of the breach could result in harsh fines, if the bill is enacted.
  • Customers could sue for damages of $100 to $300, depending on circumstances.

Being accountable:

It may be just a matter of time before the Federal government steps in and decides PCI Standards might not fix client data protection problems. Businesses who see the writing on the wall are being proactive and making smarter investments in their customers security.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

7 Social Media Security Tips To Protect Your Business

/in /by

Your employee’s online life could open your business to some serious dangers.

1SMany small businesses recognize the benefits of having a social media presence for customer service and long-term marketing purposes. However, many are slow to recognize social media’s security issues and how employees’ own social presence can add to the company’s security issues.

Some companies restrict internal access. Others may prevent employees from having any corporate association outside of work on their own social platforms. This is due to the fact that whatever an employee says outside of work publicly can have a significant impact on the organization.

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer.

Last year I presented a robbery response program to a credit union. My presentation came after a mock robbery was staged, using real cops acting as masked robbers with guns. The robbers came in, guns blazing and screaming profanities, and, quite frankly, were very disturbing in their delivery. Some tellers cried, others cowered. Pregnant women were not allowed to participate and for good reason: Cops make great robbers!

At the end of the robbery, we all circled and discussed what happened. The teller who received the robbery note read it aloud, stating: “Your husband works at the Main Street Garage. We intercepted him when he was opening this morning. He is in a trunk at an undisclosed location. If you hit the silent alarm and the police come, we will kill him.”

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer. Once done, they looked up her spouse’s place of employment. They were able to learn what time he opened and closed the shop. Scary.

Follow these social media security tips for small business to prevent security issues just as scary:

Institute a policy. Social media policies must be in place to regulate employee access and establish guidelines for appropriate behavior. Policies must specifically state what can and cannot be said, referring to slang, abusive language, etc. Employers should train their employees on proper use, as well. At this point, many of the mistakes have already been made; a quick search for “social media policy” will return lots of great ideas.

Consider a no-employment disclosure. Request employees leave their employment status blank when setting up a social site profile. Employees represent their employer 24/7/365, so what an employee says on or off the job and online directly reflects on his or her employer and, as stated in my credit union story, can be used against the organization.

Limit access to social networks. There are numerous social networks serving different uses, from wine and recreation to music to movies, used for everything from friending to finding a job. Some are more or less appropriate, and others are less than secure. Employee association with a social network that is considered off-color in any way will come back and haunt the company.

Train IT personnel. Policies and procedures begin from the top down. Managers and IT personnel responsible for managing technology need to be fully up to speed with social media security risks and set leadership examples.

Maintain ongoing monitoring and security. Once a policy is in place, it needs to be updated and enforced, and employees’ online lives must constantly be scrutinized. Invest in consulting, hardware, software and anti-virus protection, and update critical security patches for your operating system to make sure your business network is up to date.

Lock down social settings. Require employees to learn about and incorporate maximum privacy settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

Don’t completely eliminate social media. Eliminating access to social media opens an organization up to other business security issues. Employees who want access will get it—and when this happens, they sometimes go around firewalls, making the network vulnerable.

How do you ensure social media security in your business? Share your experiences in the comments.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Be your Family’s Chief Security Officer

/in /by

Schlage is all about safety and security. But you need not be in the profession of security analyst to be vigilant about your home and family’s security. And when it comes to security, this doesn’t just mean protection from home invasions and burglaries, but anything and everything, such as online security and guarding against viruses, hackers and other fraudulent invasive cyber crimes that can really mess things up for you or a family member.

1HBe your family and home’s Chief Security Officer, even if your job outside the home is unrelated to security measures. Make sure everything is safe and sound inside your home. This includes child-proofing the house; senior-proofing if there are elderly occupants; and just in general, making the environment safe—e.g., cleaning up spills on the floor to prevent a disastrous fall.

I won’t lie: This kind of vigilance requires a lot of thought to get it rolling. It’s not second nature to many people, but they can work on that element and improve over time so that it’s automatic to put the alarm system on when going to bed.

You must be fierce so that fires don’t start in your home, and so that you don’t end up in the news as a victim of a crime.

Sometimes, a person’s greatest enemy is themselves. So you have all the windows penetration-proofed, triple bolts on all the doors, maybe a protection dog and an extensive video surveillance system…but one second…you get lazy and don’t lock your doors and after you leave and you took the dog with you, then some bad guy chooses your home simply because he saw you leave. Locking your doors, that little extra effort might have saved all kinds of heartache.

So it takes a little extra time to create a safety system, and then stick with it, to prevent bad things from happening. If you can’t make time for safety and security, you’ll have to make time for catastrophe. When you make security a habit, it really doesn’t require that much effort after a while. Lead your family and home as its Chief Security Officer.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Privacy is more than locking your Doors

/in /by

There are 10 distinct meanings of privacy.

2PProtecting Reputation

You’ve heard of money management, right? Well, there’s also reputation management. There’s a difference between having facts about a person and then making judgments based on those facts. Often, judgments are skewered, and the result is a soured reputation.

Showing Respect

We must respect one’s desire to keep personal data about themselves personal. That’s why it’s called personal data. It’s not so much that revealing one’s private information would do little, if any, harm. It’s the principle of respect that’s the bigger picture.

Trust

Trust is vital in any kind of relationship, from personal to commercial to professional. When trust is broken in one relationship, this could cause a domino effect into other kinds of relationships.

Social Boundaries

We all need a sanctuary from people’s interest in us. When boundaries are crossed, relationships can be tarnished. Nobody really wants everyone to know everything about them, or vice versa.

Freedom to speak freely

We’re all free to think whatever we want without fear of repercussion, but turning those thoughts into speech is what can create problems—both real and perceived.

The Second Chance

Thank goodness that once we get our foot stuck in the railroad track, we can yank it out and start over. Having privacy promotes the second chance, the ability to make changes.

Control

You’ll be hard-pressed to come up with a transaction you can complete in public or online without forking over your personal data. Minus cold cash transactions, just about every move we make requires some revealing of personal information. And the more that your data is out there, the more likely someone can use it to control you.

Freedom of Political Association

Due to privacy, we can associate with political activities, and nobody ever has to know whom we voted for for a political office.

What others think of You is none of your Business

Privacy means never feeling you must explain or validate yourself to those near or far.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Ransomware demands Dollars for Data

/in /by

“Ransomware” is what holds data hostage by invading one’s computer when the user clicks on a malicious link in an e-mail or downloads an infected attachment. Visiting a fraudulent web site can also trigger an attack.

CRYRansomware then goes to work at putting your files on lockdown so you can’t access them—but the hacker sure can. The crook will then have full access to your computer and all of your private information stored in it.

Ransomware in some cases masquerades as “Anti-Adware” or “Browser Security” claiming that the security product license has expired. Ransomware on Windows shows as a full-screen “error alert” like message. Though ransomware is uncommon, it’s a rising star in the world of malware.

How can you protect your computer from an infection?

  • Ensure your computer is running the most up-to-date version of your chosen operating system.
  • Use updated antivirus software.
  • Never click links in e-mails. Always go to the source or use your password manager.
  • Never go to unfamiliar web sites, as they can initiate the virus cascade.

Keep in mind that although malware and ransomware usually affect PCs running on Windows, malware can be created for any operating system and for mobiles. In fact, Android malware has been picking up steam. But Mac users should not breathe easy; they too, should be on the alert, says the McAfee Threat Report.

The best way to implement protection of your computer and devices is to install a comprehensive measure of security—in addition to sticking to that never-repeated-too-often rule of never click a link in an e-mail.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Six Steps for Keeping Your Mobile Secure

/in /by

Mobile phones are a world away in terms of capabilities to what they were 10 years ago. Research from Doilette has found that 72% of people in the UK now own a smartphone device.

Considering all the personal information evidently available on your phone, it’s probably about time that you properly protected it. Read more HERE