Top 12 Tips to Destroy Your Sensitive Data

Believe it or not, you just can’t shred too much. If you aren’t destroying your sensitive data, my best advice is for you to start now. There are people out there who make a living diving into dumpsters in search of credit card info, bank account number, mortgage statements, and medical bills; all things they can use to steal your identity.  

Here are 12 tips that you can use to help you destroy your sensitive data:

  1. Buy a shredder. That said, I don’t own a shredder. I’ll explain shortly. There are a number of different brands and models out there. Some even shred CDs. This is important if you keep your documents saved on a computer, which you then saved to a CD. Don’t, however, try to shred a CD in a shredder that isn’t equipped to do this job. You will definitely break it.
  2. Skip a “strip-cut” shredder. These shredders produce strips that can be re-constructed. You would be surprised by how many people don’t mind putting these pieces together after finding them in trash. Yes, again, people will go through dumpsters to find this information. Watch the movie “Argo” and you’ll see what I mean.
  3. Shred as small as you can using a cross cut shredder. The smaller the pieces, the more difficult it is to put documents together again. If the pieces are large enough, there are even computer programs that you can use to recreate the documents.
  4. Fill a large cardboard box with your shreddables. You can do this all in one day, or allow the box to fill up over time.
  5. When the box is full, burn it. This way, you are sure the information is gone. Of course, make sure that your municipality allows burning.
  6. You should also shred and destroy items that could get you robbed. For instance, if you buy a huge flat screen television, don’t put the box on your curb. Instead, destroy, shred, or burn that box. If it’s on the curb, it’s like an invitation for thieves to come right in.
  7. Shred all of your documents, including any paper with account numbers or financial information.
  8. Shred credit card receipts, property tax statements, voided checks, anything with a Social Security number, and envelopes with your name and address.
  9. Talk to your accountant to see if they have any other suggestions on what you should shred and what you should store.
  10. Shred anything that can be used to scam you or anyone. Meaning if the data found in the trash or dumpster could be used in a lie, over the phone, in a call to you or a client to get MORE sensitive information, (like a prescription bottle) then shred it.
  11. Try to buy a shredder in person, not online. Why? Because you want to see it and how it shreds, if possible. If do buy a shredder online, make sure to read the reviews. You want to make sure that you are buying one that is high quality.
  12. Don’t bother with a shredder. I have so much to shred (and you should too) that I use a professional document shredding service.

I talked to Harold Paicopolos at Highland Shredding, a Boston Area, (North shore, Woburn Ma) on demand, on-site and drop off shredding service. Harold said “Most businesses have shredding that needs to be done regularly. We provide free shredding bins placed in your office. You simply place all documents to be shredded in the secure bin. Your private information gets properly destroyed, avoiding unnecessary exposure.”

Does your local service offer that? Shredding myself takes too much time. And I know at least with Highlands equipment (check your local service to compare) their equipment randomly rips and tears the documents with a special system of 42 rotating knives. It then compacts the shredded material into very small pieces. Unlike strip shredding, this process is the most secure because no reconstruction can occur.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Malware Hack Attacking the Grid…BIGLY

For more than four years, malware has been posing as legitimate software and infecting industrial equipment across the globe.

The malware, which looks just like the Siemens control gear software, has affected at least seven plants in the US. According to security experts, the malware was specifically designed to attack this industrial equipment, but what it does is not totally known. It is only described as a type of “crimeware.”

The malware was first hinted at in 2013, but at that time, it was not seen as dangerous, and many anti-virus programs were flagging it as dangerous, but it was considered a false positive. Eventually, it was seen as a type of basic malware, and upon further inspection, it was found that there are several variations. The most recent flag was in March 2017.

This particular infestation is only one of many malware infections that target industry. Approximately 3,000 industrial locations are targeted with malware each year, and most of them are Trojans, which sometimes can be brought in by staff on found or compromised USB sticks.

Most of these programs aren’t extremely harmful, meaning they won’t shut down production. However, what they could do is pave the way for more dangerous threats down the road. It also allows for sensitive information to be released.

It is not easy for hackers to infiltrate an industrial plant, and it takes good knowledge of layout, industrial processes, and even engineering skills to pull something like that off. This goes way beyond a simple malware attack.

However, these attacks have also brought to light the issue of how many legitimate files are being flagged as malware and vice versa. This means that the files can be used by the bad guys, who can then target a specific industrial site. There are thousands of these programs out there, ripe for the picking by observant hackers.

What can they do if they get this information? They could find out where the site is, who operates it, the layout and configuration, what software they have, and even what equipment they are using. Though this wouldn’t give them everything they need, it would be enough to plan a bigger, more dangerous attack.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Second Hand and Discarded Devices Lead to Identity Theft

A new study was just released by the National Association for Information Destruction. What did it find? Astonishingly, about 40% of all digital devices that are found on the second-hand market had personal information left on them. These include tablets, mobile phones, and hard drives.

The market for second hand items is large, and it’s a good way to find a decent mobile device or computer for a good price. However, many times, people don’t take the time to make sure all their personal information is gone. Some don’t even understand that the data is there. This might include passwords, usernames, company information, tax details, and even credit card data.  What’s even more frightening is that this study used simple methods to get the data off the devices. Who knows what could be found if experts, or hackers, got their hands on them. It wouldn’t be surprising to know they found a lot more.

Here are some ways to make sure your devices are totally clean before getting rid of them on the second-hand marketplace:

  • Back It Up – Before doing anything, back up your device.
  • Wipe It – Simply hitting the delete button or reformatting a hard drive isn’t’ enough. Instead, the device has to be fully wiped. For PCs, consider Active KillDisk. For Macs, there is a built in OS X Disk Utility. For phones and tablets, do a factory reset, and then a program called Blancco Mobile.
  • Destroy It – If you can’t wipe it for some reason, it’s probably not worth the risk. Instead, destroy the device. Who knows, it might be quite fun to take a sledge hammer to your old PC’s hard drive, right? If nothing else, it’s a good stress reliever!
  • Recycle It – You can also recycle your old devices, just make sure that the company is legitimate and trustworthy. The company should be part of the e-Stewards or R2, Responsible Recycling, programs. But destroy the hard drive first.

Record It – Finally, make sure to document any donation you make with a receipt. This can be used as a deduction on your taxes and might add a bit to your next tax return.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Getting Rid of an Electronic Device? Do This First…

A shocking study by the National Associated for Information Destruction has revealed some terrifying information: 40% of electronic devices found on the second-hand market contains personal information. This information includes usernames and passwords, personal information, credit card numbers, and even tax information. Tablets were the most affected, with 50% of them containing this sensitive information, while 44% of hard drives contained the info.

What does this mean for you? It means that all of those old devices you have laying around could put you in danger.

Deleting…Really Deleting…Your Devices

Many of us will haphazardly click the ‘Delete’ button on our devices and think that the information is gone. Unfortunately, that’s not how it works. You might not see it any longer, but that doesn’t mean it doesn’t exist.

To really make sure your device is totally clean, you have to fully wipe or destroy the hard drive. However, before you do, make sure to back up your information.

Back Up

Whether you use a Mac or a PC, there are methods built into your device that will allow you to back it up. You can also use the iCloud for Apple, or the Google Auto Backup service for Androids. And of course you can use external hard drives, thumb drives or remote backup.

Wipe

Wiping a device refers to completely removing the data. Remember, hitting delete or even reformatting isn’t going to cut it. Instead, you have to do a “factory reset,” and then totally reinstall the OS. There is third party software that can help, such as Active KillDisk for PCs or WipeDrive for Mac.  If you are trying to clean a mobile device, do a factory reset, and then use a program like Biancco Mobile, which will wipe both Android and iOS devices.

Destroy

Wiping will usually work if your plan is to resell your old device, but if you really want to make sure that the information is gone for good, and you are going to throw the device away anyway, make sure to destroy it.

Many consumers and businesses elect to use a professional document shredding service. I talked to Harold Paicopolos at Highland Shredding, a Boston Area, (North shore, Woburn Ma) on demand, on-site and drop off shredding service. Harold said “Theft, vandalism, and industrial espionage are ever increasing security problems. Today’s information explosion can be devastating to your business. Most consumers and businesses may not know that they have a legal responsibility to ensure that confidential information is not disseminated.” The reality is, if security is important to you or your company, then shredding should be as well.  

The goal, of course, is to make it impossible for thieves to access the data you have and/or discard.

Recycle

If you want to recycle your device, make sure that you only use a company that is certified and does downstream recycling. Know that recycling offers NO security for your information. They should be part of the R2, or Responsible Recycling program or the e-Stewards certification program. Otherwise, your data could end up in the wrong hands. Also, if you recycle or donate your device, make sure to keep your receipt. You can use it when you file your taxes for a little bit of a return.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Parents Beware of Finstagram

You have surely heard of Instagram, the photo sharing social network, but what about “Finstagram?” If you are like most parents, you have rules about the social media practices of your kids. However, once you learn about Finstagram, those might all go out the window.

When you combine the words “fake” and “Instagram,” you get Finstagram. Essentially, these are fake, or alternative, Instagram accounts that are created by teens, for the most part. These accounts can be used for harmless laughs, such as sharing embarrassing pictures with your close circle of friends, or for harmful deeds, such as hiding alcohol or drug use from parents. Finstagram accounts are also commonly used for bullying.

You can look at your child’s Instagram account and see the innocent angel that you believe you have raised. But, do they have a Finstagram account that shows a different side? It’s possible, and you might even be able to find it by using the Find Friends feature on the software. Of course, it’s possible that your child has linked their Finstagram to a new email address or even name.

On top of all of this, kids are using Finstagram accounts to do things that would never be acceptable on their “real” Instagram accounts. For instance, there have been instances where these fake accounts are used to post inappropriate or altered photos of their classmates in inappropriate situations. In some cases, things get so serious that the schools, themselves, have to contact Instagram to get the accounts shut down.

Even if you think that you have nothing to worry about with your own kids, it might be worth it to do a check on them. You can certainly ask your child if they have an account, and they might be forthcoming and tell you. Odds are, however, that they won’t. In fact, about 90% of Finstagram accounts are unknown, so it is the parent’s responsibility to look for the signs.

Parent should have all passcodes to access the device and its applications. Or the child can’t have a phone. Non-negotiable. Done deal.

Sit down with your child to talk about their usage of social media, and the repercussions of their actions on social media. You also might want to talk to other parents you know about Finstagram accounts. These accounts might be for innocent fun, but they could also ruin someone’s life.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Investigators Using Social Media to Find Missing Children

Gone are the days when social media is only used to share what you had for dinner or announcing to the world that you are headed to the gym. But social media has become a platform for any and everyone to say what’s on their mind, and sometimes that’s great, but all too often it isn’t. Social is significantly lacking in decorum. But at least some are using social for good.

These days, law enforcement is using social media to find missing children.

Washington, DC police are leading the way on this. In 2017, alone, the district is averaging about 190 missing kids a month. By using social media, information about the children is getting out quickly. Previous to this, the district was issuing press releases, but with social media, there are now thousands of people getting information about these children.

This new way of spreading the word is helping to find missing children, for example a Twitter user recently created a screenshot of several missing person’s flyers. She then shared the tweet with her followers, and it received over 108,000 retweets. It also, however, raised the red flag that these girls might be the victims of a human-trafficking scheme.

DC police admits that missing children are vulnerable to this type of exploitation, but are quick to point out that there is no evidence that these missing people were linked to any type of known human trafficking scheme.

Other groups, such as the Black and Missing Foundation, are also using social media to share leads, but still use traditional media, too. For instance, in 2012, a missing teen in New York was found in a matter of hours after her story appeared on the television show, The View.

Thanks to this new way of making the public aware of missing kids, DC police are seeing results. During the last two weeks of March, for instance, eight children were found after their stories were shared on social media.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Study Shows Millennials Choose Convenience Over Security

To those of us consider Tom Cruise the movie star of our day or even Grunge as the music we grew up with, looking at millennials, and the way they view life, is fascinating. These “kids” or young adults, many are brilliant. They really do define “disruption”.

However, that doesn’t mean that this tech savvy generation is always right. In fact, a new study shows just the opposite when it comes to internet safety. Though, they can also teach us a few things and are definitely up to speed on the value of “authentication” (which leads to accountability).

Anyway…South by Southwest, or SXSW, is a festival and conference that is held each year in Austin, TX. This year, a survey was done with some good AND scary results. The company that did the survey, SureID, found that 83% of millennials that were asked believed that convenience is more important than safety. That’s not good. But this is not the only interesting finding, however. On a positive note, the study also found the following:

  • About 96% want to have the ability to verify their identity online, which would ensure it was safe from hackers.
  • About 60% put more value on time than they do their money or safety.
  • 79% are less likely to buy something from a person who can’t prove their identity.
  • 70% feel more comfortable interacting with a person online if they can verify that other person’s identity.
  • 91% say they believe that companies “definitely” or “maybe” do background checks on those who work for them. These include on-demand food delivery and ridesharing. However, most companies do not do this.

What does this information tell us? It says that we are very close to seeing a shift in the way millennials are viewing their identities, as well as how they view the people and businesses they interact with.

Millennials have a need to want to better verify another person’s identity. To support this, just look at dating apps. Approximately 88% of people using them find the idea of verifying the identity of the people they might see offsite as appealing. It’s similar with ride sharing, where about 75% of millennials want to know, without a doubt, who is driving them around.

We live in a world today that is more connected than ever before. These days, as much as 30% of the population is working as freelancers, or in another type of independent work. In many cases, this work is evolving from small gigs to large and efficient marketplaces. Thus, the need for extra security and transparency is extremely important. Sometimes, technology helps us act too comfortably with people we don’t really know, and the study shows that having people prove whom they are will help to create higher levels of trust.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

These Real-Life Stories Will Show You the Importance of Door Security

If you are like most people, when you think of burglars, you think that it “won’t happen to me.” But, it very well could happen to you, because it happens each and every day across the country. I have taken some time to gather some recent real-life stories that will not only show you that it can happen to anyone at any time, it will show you how important it is to secure your doors.

Menlo Park, NJ – Series of Burglaries with the Doors Kicked Down

In less than one week, there were three burglaries in Menlo Park, NJ. All three of the homes had the doors kicked in. Jewelry, electronic devices, passports, and computers were all taken.

Milwaukee, WI – New Year’s Eve Break-In

Around 11pm on New Year’s Eve, a Milwaukee woman was the victim of a break-in when several suspects kicked her door in. Her alarm went off, scaring the burglars, and they ran off. She called 911, and police said these suspects had done the same throughout the neighborhood.

Elmwood Park, NJ – Burglar Kicks Down the Door and Steals Valuables

A woman came home to find her door kicked in and the bedroom light on. She immediately went to her neighbor’s home to call police. The burglars took jewelry and ransacked the home.

Torridge, North Devon, UK – Woman Comes Home to Find Door Kicked In

A woman came home to find her front door kicked down and her Xbox console missing. As you can see, these crimes don’t just happen in the US. This is a worldwide problem.

Lafayette, IN – Four Suspects Kick in Door

Four men kicked down an apartment door and began rummaging through a desk looking for money and marijuana. The tenant, who was home at the time, tackled one of the men, who was arrested; the other three ran away.

Chesterfield County, VA – Grandma as a Victim

An 80-year old grandmother was the victim of a home invasion in the middle of the afternoon. A group of boys kicked her door right down while she was sitting on the couch playing cards.

Boston, MA – Man Loses $4,000 in Valuables

A Boston man came home from work one day to find his door kicked in and almost $4,000 of valuables gone. This included a television, appliances, and furniture. He reported a shoe impression on the front door where burglar kicked the door.

Edmond, OK – Family Heirloom Stolen

An Oklahoma woman came home to find her door kicked in, her dogs locked up, and a treasured family heirloom missing. In addition, they took her gun, her laptop, and even the pillowcase off of her bed.

Decatur, GA – Woman Kidnapped After Her Door is Kicked Down

A daughter arrived to her mother’s home to find the door kicked down, the home ransacked, and her mother missing. She was later found safe in an adjacent county, and she claims she was kidnapped.

Portland, OR – Businesses Targeted by Thieves

Three businesses were broken into in Portland, OR at the end of January. All three of them had the doors kicked in, giving the thieves access to the stores.

Robert Siciliano is a home and personal security expert to DoorDevil.com discussing Anti-Kick door reinforcement on YouTube. Disclosures.

Hey Kids, the Internet is FOS

The internet is a beautiful place. It is the way we communicate, the way we create, and the biggest business platform that has ever been generated. However, it is also a hazard, as anyone can put anything on it, and it’s extremely difficult to tell fact from fiction…especially if you are a kid.

A Stanford study looked at the ability, or inability in this case, of almost 8,000 students to tell fake news stories from real ones. The results, to be blunt, are terrible. When focusing on the students who were in middle school, 80 percent of them were unable to tell the fake news from the real stories, and they didn’t get better as they got older. When the researchers looked at high schoolers, they really fared no better, and more than 80 percent of them accepted that fake pictures were true without question. The results of this study should scare us all.

Part of the problem here is that we don’t have enough gatekeepers to fact check, edit, or vet the news that is going out there. Anyone with a computer can create a very realistic looking news site, and essentially, they can create stories about whatever they want. As you have probably noticed during the election, many adults also get caught up in the fake news that’s out there, and if adults can’t discriminate between what’s real and what’s fake, how can we expect children to?

The writers who create these fake news stories are very skilled, and when you put them up against the minds of others, especially children, it’s really not a fair fight. These students have to be taught how to use the internet, and it has to be soon. Kids are using the internet as young as two or three years old, and by the time they get to school, they can navigate the pages of the web better than many adults.

Speaking of school, how does the concept of internet literacy fit in with the typical curriculum in schools? Internet literacy, online behavior, reputation management, security and fake news are part of the same puzzle.

When computers first began to be commonplace in schools, most students took a class to learn how to use the mouse, keyboard, and basic programs. Now, these acts are usually learned before a child even gets to school, and the classes that are taught teach kids how to not only work a computer, but also how to be a good online citizen. The problem is, however, is that these classes are not given the same focus as other educational standards.

Further complicating things is that many teachers believe that teaching these concepts is not their responsibility. Instead, they believe that it is the job of others, such as the librarian, teacher’s assistant, or IT person.

If students are taught to consider what the intentions of the writer, or even the sources are, they will be able to eventually learn to sense the bias they have. When children can understand this concept, they can then learn about how news and other information gets from the writer to the readers. The internet creates a totally new concept for how news travels, and we all must recognize that when we click, we ultimately create a trail for more information to follow.

Will this new instruction be enough? We have reason to have hope. For instance, some social media outlets, such as Facebook, have recently announced that they will take steps to eliminate a lot of this fake news. Additionally, if we look at the history of humanity, when new innovations are introduced, such as when the printing press was invented, we, as humans, saw improvements in our lives.

It is also quite promising that children are not making the same mistake that their parents have made…they aren’t on Facebook much, which is where most of these fake news stories are found. Instead, children are in Instagram, YouTube, SnapChat and others. This information has been backed by a number of sources, and one study shows that teens are not using Facebook for their news. Instead, they are getting news from television or on Snapchat, which has recently rolled out a news delivery feature.

The bottom line here is that the original study from Stanford is disheartening, but there is a glimmer of hope since kids these days aren’t getting their news from the same places as the previous generation, like Facebook. Instead, they are using a mixture of traditional and digital sources that will likely help them to become more informed.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Researchers Say Office of Personnel Management Hack Leads to Ransomware

In June, 2015, it was revealed by an anonymous source that the Office of Personnel Management was hacked. This office, which administers civil service, is believed to have been the target of the Chinese government. This is one of the largest hacks in history involving a federal organization.

Slowly, the motivation behind the hacking is being understood. At first, it seemed obvious, the stolen data being personally identifiable information, which is what was taken can be used for new account fraud. But in government breaches, they usually look for military plans, blueprints, and documents that deal with policy.

The question, of course, is why did the hackers focus on this information? Well, some of the data that was taken was used to launch other attackers against contractors, and this resulted in the access to several terabytes of data.

Now, those who have become victims of this attack have found themselves being the target of ransomware.

Security experts have recently noticed that the victims have been getting phishing emails, and these messages look like they are coming directly from the Office of Personnel Management. When these emails arrive, the body and subject of the message seem as if the email contains an important file. When the unsuspecting victim downloads the .ZIP file, however, they instead receive a type of ransomware called Locky.

These attacks are much more dangerous than the average phishing attack. This is mainly due to the fact that they are being received by those who have worked with the Office of Personnel Management before. Thus, they have seen the genuine emails from the office, which look remarkably similar to the fake ones. The only thing that set the two emails apart was a typo that said “king regards,” instead of “kind regards,” and a phone number that doesn’t work. These are details that many people overlook, which makes it easy for hackers to be successful with these schemes.

Who was Really Behind This Hack?

Though experts believe that the Chinese government is behind this hack, there are some facts that look a bit fishy. For instance, since personal data was taken and data has been taking hostage, this seems much more like a typical cybercrime operation instead of something that a nation would do. After all, why would China be looking for a few hundred dollars from people who want their files back?

Of course, this could be a smokescreen and someone could just be using this attack as a smokescreen…and while experts are focused on this, the real attack could be planned for the future.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.