Data Breaches hurt Businesses’ Brand

/in /by

That very newsworthy data breach that’s still in the news struck 110 million customers, not the more commonly reported 40 million; that’s one-third of the U.S. population.

4HThere was also another, but less publicized, breach of huge proportions that occurred to a major retailer in mid-December of 2013. And some reports say another 6 or more retailers may be affected in a similar breach.

The major-news retailer that got kicked in the butt by cyber criminals has run full page newspaper ads apologizing for not effectively protecting customers’ data, and hoping to win back consumers’ trust and loyalty. Kind of sounds like the Tylenol poisoning scare in the 1980s when the drug maker went on a massive ad campaign to win back consumers’ trust.

But with each new revelation of more data being compromised and growing concern of additional fraud, has come more media and customer scrutiny resulting in compounded brand damage.

Trust and Security

Feeling secure and trusting the brand is a major force behind consumer loyalty. Prior to that massive December breach, the retailer was right up there with its huge competitors as far as meeting reasonable consumer expectations.

That data breach has severely tainted the retailer’s customers’ trust. The 2014 Customer Loyalty Engagement Index accesses the retailer’s brand engagement level to be about 6 percent.

Sales have plummeted since the breach hit the news. Recovery is expected to be slow and arduous, and social media is fueling the sensationalism. It can take years to build up trust, but just a few hours of news “going viral” to crush it.

All is not lost.

The adage “What doesn’t kill us makes us stronger” plays a vital role when companies embrace their failures, learn from them and do right by their customers. The next few months will have a serious impact on the future of the breached companies and every retailer who accepts credit cards for payment.

Now is the time to beat the drum of customer security and bring awareness to how your company protects customer data. Move up http://i.forbesimg.com t Move down

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

It’s Data Privacy Day, and It’s a Mess

/in /by

Target continues to be tangled up in chains due to its December 2013 data breach that current estimates say affected 110 million customers.

2P Target is known as proficient and prolific in the use of mobile devices and other means for collecting consumer data. This proficiency has backfired, resulting in the retail giant struggling to regain consumer trust and brand name reputation, not to mention figuring out how this mess happened in the first place and how to prevent a repeat performance.

  • Was there a lapse in Target’s IT security?
  • Did “Big Data” go too far and get way too ahead of security?

And let’s not put all the focus on Target, either. What happened with Target is a sign of the times and perhaps a sign of things to come in this world of cyber transactions. The questions above should also be asked of Facebook, Google, Yahoo and others who waited until the fiasco involving Edward Snowden’s NSA scandal to better encrypt their user data.

Big Data is like a drug; so addictive you can’t get off it, and of course, a huge potential for danger. Companies like Facebook, Google and Twitter love to sell consumers’ data to advertisers—this is how these giants stay giants; otherwise, they’d shrink into nothing. And there’s no end in sight with Big Data. Big Data is on course to become the Big Bang Data—to forever expand consumers’ personal information into cyber space.

But all of these entities—retailers, social media, the government—need to take responsibility for what they’re doing with our data.

Just when you thought that your privacy couldn’t be violated any more, Big Data has now spread its tentacles into the realm of selling lists of sexual assault victims, people with AIDS and HIV, and seniors with dementia to marketers. The World Privacy Forum, in the midst of researching how data brokers gather up and sell consumers’ private information, discovered these lists, and unfortunately, there are more disturbing list categories that were uncovered. Marketers are actually purchasing this kind of data to target shoppers from every which way.

When are lawmakers going to catch up to Big Data and grab it by the horns?

In the meantime, consumers need to take control of their information online; it just takes one hacker to wreak havoc. Here are 6 tips every consumer should take to stay protected online.

#1 Install/update your devices antivirus, antispyware, antiphishing and firewall.

#2 Update your devices operating system ensuring the critical security patches are current.

#3 Password protect your devices and use strong passwords with upper/lower case, numbers and characters. Never use the same password twice.

#4 Protect your wireless communications from prying eyes with a virtual private network that encrypts your data. Hotspot Shield masks your IP address and prevents data leakage.

#5 Limit your exposure on social networks. Consider what you post and how it can be used against you by criminals, predators and your government.

#6 Before giving out your name, address, phone, email, or account numbers consider how it will be used and read the services terms of service and privacy policies.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Corporate BYOD puts Client Data at risk

/in /by

When employees improperly use mobiles, they put their companies at risk for data breaches. This includes leaving lots of sensitive data on the devices—which can pave the way to leakage of data, plus other issues.

7WMobile device use in workplaces is increasing—and so is its associated security risks. Current security measures are lagging behind the increased rate of mobile device use in the corporate realm.

One study not only showed that a lot of company information was left on handsets, but personal information as well was left on, putting employees at risk for personal compromises.

This small study demonstrates a clear need for improved guidelines and policies governing smartphone use and security of the devices. This becomes even more relevant as businesses turn more to cloud storage for data.

Non-approved software-as-a-service (SaaS) apps, used by employees, is widespread, according to a McAfee study. These apps are not approved by the company’s IT department. Employees can easily bypass the IT department by using the cloud. The study showed:

  • Over 80 percent of survey participants reported using unauthorized SaaS apps.
  • About 35 percent of SaaS apps used on the job are not approved.
  • About 15 percent of users have had a security problem using SaaS.

Employees may not realize that their chosen SaaS apps are poorly safeguarded. Such employees aren’t malicious; they’re just trying to be more efficient. Businesses need to find the right balance of protecting themselves yet allowing employees to use apps for increased productivity.

An ideal situation would be to monitor SaaS apps and apply policies that do not inhibit employees’ ability to be productive.

A recent Forbes article got my attention and the authors solutions make good business sense.

Six Solutions

1) XenMobile. This allows IT to secure and manage smartphones, data and apps, and establish policies based on smartphone ownership, location or status. Users can then more easily access the web, e-mail, corporate apps and documents with a single click on a mobile.

2) Airwatch. This mobile device system provides management of apps, content and e-mail, to oppose inadvertent mismanagement of smartphones by employees (e.g., storing documents in vulnerable locations).

Just enter username and password; Airwatch will wirelessly and automatically configure all the settings, apps, security policies and more based on the worker’s role in the company.

3) Mobile Iron. This system manages and secures apps, devices and content, ideal for businesses that support the BYOD program. Personal content can be separated from corporate content, protecting the employee’s private data.

4) Good Dynamics secure mobility platform. This is a BYOD program that keeps employees productive while zeroing in on security. Personal data is partitioned off from business data to protect programs like e-mail.

5) Samsung Knox. This system is for Android devices, managing with a multi-tiered security approach. One’s network will be protected from malware, hacking, viruses and non-approved access.

6) Protect your BYOD on wireless networks. Use VPN if you’re on a portable wireless device. Hotspot Shield VPN is free, though its paid version is more e expanded and faster. First launch Hotspot before you use your PC laptop, iPad or iPhone to connect to free public Wi-Fi services like at the airport or at a coffee shop or hotel.

Your entire web surfing session will then be protected. All of your connections will be secured. This will eliminate some of the aggravation for your company’s IT department.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

10 Tips to Keep Your Data Private Online

/in /by

The Internet has become an essential tool for most of us and a part of our everyday lives. We rely on it to send/receive emails, post/share photos and messages on social networking sites, shop for clothes, search for information, etc. But how do all these online activities affect your privacy?

2PYour online privacy depends on your ability to control both the amount of personal information that you provide and who has access to that information. Unfortunately, some of us are too casual and careless with how we manage our personal information and activities online. This leaves us vulnerable to identity theft and invasion of our privacy, both from legitimate and illegitimate sources.

That’s because your personal information, including your email address, phone number and Social Security number and other personally identifiable information, is worth a lot of money. The bad guys will use it to steal from you and businesses want to know as much about you as possible so they can sell you more products and services or serve you ads that are highly relevant to your demographics and preferences.

So take these simple steps to protect your valuable personal information:

  1. Be careful what you share and post online. Remember, don’t post or share anything that you wouldn’t want shared publically, even if you think you’re just sending it to one person.
  2. Don’t freely give out personal information online any more than you would to a stranger on the street. Keep personal information (such as your hometown, birth date with year and phone number) off social networks.
  3. Don’t send any sensitive information when connecting over public Wi-Fi (e.g. don’t do banking or shop online)
  4. Use private browsing mode on your Internet browser or at least turn off your browser cookies.
  5. Never reply to spam or unknown messages, whether by email, text, IM or social networking posts from people you don’t know—especially if it’s for an offer that sounds too good to be true.
  6. Only friend or connect with people online you know in real life.
  7. Make sure when you’re providing any personal information online that the site uses encryption (look for https:// in the URL) and check to see how they are using your personal data in their privacy policy.
  8. Be aware of location services with your smartphone or tablet. Turn off the GPS on your mobile device’s camera and only allow
  9. Routinely update your social media privacy settings to ensure your profile is appropriately protected and also make sure to change your passwords on your accounts at least 3x a year.
  10. 10. Make sure all your devices are protected with comprehensive security, like McAfee LiveSafe™ service that provides not only antivirus, anti-spyware, anti-phishing, anti-spam and a firewall, but also protects your data and identity on your PCs, Macs, smartphones and tablets.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Devising a Data Security Strategy

/in /by

Whether you are an individual who games, a work-at-home employee, a family of four that shops online, a road warrior or even a small business, chances are you have data to protect—and so this all pertains to you.

5DFundamentals:

Antivirus isn’t enough: A free antivirus package is good, but it might not update automatically—and you need your antivirus to be today’s version. Spend a couple bucks and get your antiphishing, antispyware and firewall protection.

Updated browsers: An old, outdated browser is a nightmare that is often riddled with holes for criminals to slither a bug through. Install the latest update ASAP, automatically or both.

Updated operating systems: Set your OS to automatically update, as manual updates are often forgotten and missed.

Disk encryption: Your device may come equipped with the ability to encrypt individual files, folders or the entire disk. There are many free third-party encryption programs that are excellent.

Backing up: You should have at least two local backups of all your data in case a device fails. I use external drives and GoodSync to keep it all backed up every hour. Also, invest in cloud-based storage that has encryption as well—all for under $100 annually.

Password management: It’s not OK to have one password for 30 accounts. You need 30 different passwords, and this can only be accomplished with a password manager.

Wireless WiFi protection: Having open WiFi so your neighbor can piggyback on your connection is a bad idea. Use WPA2 encryptions that are built into the router. Whenever using public free WiFi, use a virtual private network software such as Hotspot Shield VPN to encrypt all your data.

Mobile device security: Mobiles are small computers that store our data or have access to our cloud-based accounts. Mobiles need to be password protected and have antivirus protection, just like PCs do. Keep in mind that WiFi on a mobile is no different than on a laptop, so use a VPN on your mobile too.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Organized Web Mobsters Getting Jobs Inside Corps

/in , , , , , , , /by

In 2009, there were a reported 140 million records compromised, compared to 360 million in 2008. In 2010 there have been almost 13 million records stolen. But don’t have a party just yet. Criminals are fine-tuning their craft and getting better. The industry just isn’t making it as easy. 97% of those records were stolen using malware – malicious software designed to attack the target’s existing systems and software in place.

A reported 50% of the malware was installed remotely. Almost 20% came from visiting infected websites and almost 10% was installed when employees clicked infected links that conned or “socially engineered” them.

A recent Verizon report stated, “Over the last two years, custom-created code was more prevalent and far more damaging than lesser forms of customization, the attackers seem to be improving in all areas: getting it on the system, making it do what they want, remaining undetected, continually adapting and evolving, and scoring big for all the above.”

This may be also attributed to an inside job. A rogue employee on the inside always has the advantage of knowing exactly how to remain undetected.

The report further stated that organized crime rings may “recruit, or even place, insiders in a position to embezzle or skim monetary assets and data, usually in return for some cut of the score, the smaller end of these schemes often target cashiers at retail and hospitality establishments while the upper end are more prone to involve bank employees and the like.”

In the past three years that’s a total of 513 million records. On average, every citizen has had his or her data compromised almost twice. Where’s your Social Security number in that mix?

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Fox News. (Disclosures)

Do You Spy on Your Spouse?

/in , , , , /by

Robert Siciliano Identity Theft Expert

Generally in a trusting relationship spying isn’t necessary. I’m sure Sandra Bullock, Kate Gosselin or Tiger Woods wife didn’t think they needed to spy on their husbands, until they did. Reckless behavior like that can bring home a very itchy or very deadly disease.  One that victimizes the innocent.

The fact is humans have a tendency to lie.  Lying is generally done to protect people from the consequences of their actions or to protect others from the emotional hurt because of what they did.

Spying generally occurs when trust is broken or intuition kicks in and someone senses something is askew. Spying is easier today than it’s ever been. According to a recent survey polling 1,000 men and women of various ages, incomes, and locations in the United States, there’s a 38 percent chance you would spy if you’re 25 or younger.

Among respondents, 38 percent of those 25 years old or younger admitted to snooping on their boyfriend’s or girlfriend’s messages, and 36 percent of those who are married admitted to checking their spouse’s e-mail or call history.

Spying can be accomplished by simply picking up a person’s phone and looking at the incoming and out going calls and text messages. Mobile phone spyware is readily available and can monitor almost every aspect of a phones use remotely.

Small wireless cameras installed in lighters, pens, clocks, smoke detectors and just about anything else are readily available. Commercially available spyware can easily be installed on a person’s computer. Undetectable hardware called “key catchers” can be installed in the PS2 or USB ports and the person’s keyboard is piggybacked and logs all their keystrokes.

Identity thieves are using the exact same technologies.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN

Self-revelation Can Help Assemble a Social Security Number

/in , , , , , /by

I am not done nor will I ever be done sounding that alarm, ringing that bell and informing you about how ridiculous social media is. I was asked in a radio interview today what it will take to get people to recognize they are sharing too much data. In a word, tragedy. When a home is broken into, they install a home security alarm. When someone is mugged, they take a self defense course. When planes fly into buildings, we get frisked. Being smart is understanding risk and being proactive.

Most people are smart enough to NOT give out a social security number on Facebook. However between what you say, your family, friends and colleagues say and post, your profile is becoming more complete every minute. Even your mom or wife posts her name as “First Maiden Last” because she saw someone else do it and it made sense to allow her old friends/flames to find her.

But today with all this personal information readily available there are now rumblings from academia that they have cracked the code and have assembled technologies to decipher all this information and turn it into hard decipherable data that leads to opening new accounts in your name.

The New York Times reportscomputer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number. So far, this type of powerful data mining, which relies on sophisticated statistical correlations, is mostly in the realm of university researchers, not identity thieves and marketers.”

SearchSecurity.com reports that researchers at Carnegie Mellon University have developed a reliable method to predict Social Security numbers using information from social networking sites, data brokers, voter registration lists, online white pages and the publicly available Social Security Administration’s Death Master File.

Originally, the first three numbers on a Social Security card represented the state in which a person had initially applied for their card. Numbers started in the northeast and moved westward. This meant that people on the east coast had the lowest numbers and those on the west coast had the highest. Before 1986, people were rarely assigned a Social Security number until age 14 or so, since the numbers were used for income tracking purposes.

From this point on I’d suggest locking down social media profiles in a way that they are not publicly accessible. Prevent anyone (except those very close to you) from seeing and reading everything about your daily activities, who you associate with and all the names and contact information of all your friends and family.

Robert Siciliano personal security expert to Home Security Source discussing cracking the code and wireless security on Fox Boston.

Criminal Hacker Gets 20. Books, Movies and Hollywood Starlet Next

/in , , , /by

Robert Siciliano Identity Theft Expert

Albert Gonzalez and his gang of criminal hackers were responsible for data breaches in retailers and payment processors, with some estimates saying they breached over 230 million records combined. Gonzalez, considered a proficient criminal hacker, provided “dumps,” a term which refers to stolen credit card data, to “carders.” “Carders” are the people who buy, sell, and trade stolen credit card data online.

“Gonzalez and his hacking buddies hacked into computer systems and stole credit card information from TJX, Office Max, DSW and Dave and Buster’s, among other online retail outlets, in one of the largest — if not the largest — cybercrime operations targeting that sort of data thus far. They used some of the stolen numbers to remove cash from ATM machines and sold many of the other numbers to other criminals, including those in Eastern Europe.”

Gonzalez provided “sniffer” software used to intercept the credit and debit card numbers for the Russian hackers. Sniffer software or “malware” malicious software, acts like a virus attaching itself to a network and often spreading. The software allows the criminal hacker backdoor access to all the data in the server and provides remote control functionality.

Wired reports Gonzalez earned $75,000 a year working undercover for the U.S. Secret Service, informing on bank card thieves before he was arrested in 2008 for running his own multimillion-dollar card-hacking operation.

It was reported that Gonzalez buried a million dollars in the backyard of his parents’ Miami home. At one point he cracked and drew a map for investigators to find the money. WOW!

How many people in the course of history have actually dug a hole and buried a million bucks in it? I can’t wait to see the movie. I’d be happy playing a part in it. I’ll be the shovel.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Breach of 3.3 million Social Security numbers on Good Morning America

Be careful Your PC Isn’t Held for Ransom

/in , , , , , , /by

Computerworld reported that a hacker threatened to expose health data and demanded $10 million from a government agency. The alleged ransom note posted on the Virginia DHP Prescription Monitoring Program site claimed that the hacker had backed up and encrypted more than 8 million patient records and 35 million prescriptions and then deleted the original data. “Unfortunately for Virginia, their backups seem to have gone missing, too.” “Uh oh,” posted the hacker.

Holding data hostage is sometimes done using “ransomware” Otherwise known as “ransom software.” The software gets on your PC as the result of you downloading an infected attachment or clicking the links in the body of an email. Sometimes you can get ransomware simply by visiting a website in what’s called a “drive-by.”

Once your PC is infected with ransomeware it locks down your files in a way that prevents you from accessing them and gives the bad guy full control of your machine.  Sometimes the virus poses as a “Browser Security and Anti-adware” security application whose license has expired. Windows machines infected by the malware are confronted by a full-screen message that poses as a Windows error.

This type of an exploit not common, but it’s definitely a rising star in the malware community. The best way to avoid this is to make sure your PC is updated with the most current version of your operating system, and anti-virus definitions. It’s also very important not to click on links in the body of an email or visit rogue websites that may have viruses that inject themselves into your browser.

Robert Siciliano personal security expert to Home Security Source discussing Ransomware on Fox Boston.