The First Step to Secure Your Data

Your personal information and data are literally everywhere for criminals to target, and there isn’t much you can do to keep it from spreading. You use your email credentials on countless websites, you use your credit card number with countless vendors, and, believe it or not, your Social Security number is shared rapidly immediately after you’re born.

It’s almost impossible to give out your personal information nowadays. However, criminals know this, and they lurk around the same places that your information is used. You need to take action to secure your information so you are less of a target. Let me show you one simple step you can take today that will create one layer of security and improve your defenses.

There is one specific action you can take to secure your information, and after you do it, you’ll be much less likely to be targeted because criminals tend to take the path of least resistance. That said, if you DON’T do this action today, you ARE the path of least resistance.

All you have to do is set up a credit freeze. There are four major credit bureaus in the United States, and you need to get a credit freeze with them. Just use your preferred search engine and look for Experian credit freeze, Equifax credit freeze, TransUnion credit freeze, and Innovis credit freeze. You should freeze your credit with all four, but you should still review your annual credit reports. More importantly, you should dispute discrepancies with the appropriate bureau AND the lender. Getting a credit freeze won’t gum up your credit score or make it so you can’t use credit. You are able to “thaw” the frozen credit as needed and then freeze it again. You can literally do this in a single day. Then you’ll want to put more layers of defense in place to become an even harder target than the other guy.

A credit freeze will secure your information, but setting up multiple layers of defenses is really what will make you a hard target. Criminals are constantly probing defenses, and even while technology advances, crimes against your data are usually ahead of the curve. You don’t need to know everything about security, but you do need to take on the responsibility of protecting yourself. I’ve created a free guide that will make you a pseudo expert on your own security, and if you follow it’s simple steps, you will have more layers of defense than the average person. If you want to create even more layers of defenses, bring this guide to my next webinar, and I will walk you through each step so you can rest assured that you are creating a smart, secure, safer “me.”

Do You Really Need Identity Theft Protection or is it a Waste of Money?

I see a ton of articles that say identity theft protection is not something you really need. These articles have titles like “ID Theft Protection Does Not Work,” or “The Poor Man’s Guide to ID Theft Protection.” Though some of these articles have a bit of merit, they totally miss the point.

Here’s the deal – You can’t protect yourself from every type of ID theft out there, and the types you can protect yourself against require a ton of focus. One way or the other, it will cost you money, time, and probably a bit of anxiety too.

Those who have elected not to invest in ID theft protection say they don’t need to pay for a service that they can take care of on their own. Why? Because they do the following:

Dispose of Their Mail, Securely – One thing that people do to protect their identity is to shred all of their mail. This is especially the case when it contains account information. However, this isn’t enough. Though you might do your part, there is no guarantee that your bank, mortgage company, or even electrical provider won’t toss paperwork with your information into a dumpster. At that point, it’s free for the taking.

Opt Out of Preapproved Credit Card Offers and Junk Mail – Yes, this is good advice. You can do it online at OptOutPrescreen.com. However, keep in mind that even if you do this, you will still get some offers.

Get a P.O. Box – I’m not sure why people think that getting and using a P.O. box will help to protect them from identity theft, but they do. Yes, this is a more secure way of getting your mail and in some cases will protect sensitive data. Unfortunately, this doesn’t help much.

Check Their Credit Report – Yes, you should always check your credit report. But, people who believe that checking their credit report can stop ID theft are mistaken. You can get a free credit report each year at AnnualCreditReport.com, but you really need to check more often than once every 12 months. Checking a credit report does not proactively protect your identity.

Set Up Fraud Alerts – People also set up fraud alerts and think they are fully protected from ID theft. Again, fraud alerts are great, but they expire after 90 days, and most people forget to renew the service. Additionally, these are only a guideline for your creditors, and they are not required to contact you if they issue credit.

Freeze Their Credit – These people also freeze their credit. This is a good thing to do, and I think it is fundamental to protecting your identity, but again, it doesn’t help to protect your ID from tax-related identity theft, criminal identity theft, account takeover or medical identity theft.

All of these things help, and are necessary in addition to a Protection Service, but people who stick with these and don’t get full service identity theft protection are putting themselves in a precarious position. Instead, it’s best to get a professional product, which offers better protection.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How to Rock the Room as a Professional Speaker

For those of you who want to knock your presentations out of the park and be the speaker everyone raves about, Victoria LaBalme is leading an unbelievably unique workshop titled Rock the Room LIVE.

If you create and deliver keynotes, trainings, breakouts, podcasts, videos, webinars or teleseminars, this event will completely catapult you from being “good” to being “amazing.”

In the winter of 2015, I was given the opportunity to present a 5 minute, timed “TED” type presentation at the NSA’s 2015 national conference in Washington DC. I accepted the challenge determined to present a packed presentation. Up to that point, I’d never presented a memorized program, so I practiced over 100 times, and as I got closer to getting onto the main stage, I started to stress out that I wouldn’t be able to remember the presentation word for word.

On the main stage, there was an actual nerve racking digital clock counting down, second by second. That same day, I received my CSP, which is the National Speakers Associations earned designation for Certified Speaking Professional. When I got up on stage, I was a bundle of nerves and was spooked that I wasn’t going to remember my presentation word for word. I stammered through the first minute, and then froze.

Speaking in front of your colleagues apparently is a lot harder than it looks, and even as a CSP, I didn’t deliver. Most people would have left the conference, and I thought about it, too, but I kept my head high and stuck around.

It was then that Victoria Labalme approached me. She gave me a few pointers, told me I’d be fine, and she offered to help any time. Seeing an opportunity for redemption, I approached the conferences leadership and petitioned for a “do-over” before the end of the event. After some heart to heart negotiations, I got a second chance and Victoria cleared her schedule and provided 3 days of intense consulting. The rest is a Cinderella story. Frankly, I was a dead man walking, but Victoria Labalme saved me.

Here it is: See the before and after.

For those who don’t know her, Victoria Labalme (CPAE), is a rock star speaker and coach…and she changed my career. Her clients include NSA’s top brass, TED speakers, Oscar winning directors, experts creating PBS specials, and the C-suite executives at Starbucks, Microsoft, PayPal, New York Life Insurance, etc.

Victoria is the real deal.

Captivate your audience. Create killer content. Tell stories like a pro using Hollywood secrets. Cut your prep time in half. Use humor in unforgettable ways. And take your audience on a journey they will never forget.

You’ll get texts from people saying, “You nailed it!” People will whisper to you that you were the “best” speaker. And you’ll earn more bookings, greater invitations and coveted speaking opportunities.

Click here to read more: http://www.rocktheroomlive.com

This isn’t like any other event you’ve experienced. In fact, she’s rented out the Los Angeles Theater Center. And she’s got some special surprises planned. So if you can make it, GO!!! You get the online course, too and some whopper bonuses. And she has a special running through Dec 31 (and you will save a ton of $$) and you’ll get a FREE upgrade to VIP status (which includes lunches and reception…)

I know Victoria doesn’t do anything half way. This event is going to be very special and the people attending are world class.

Here’s the link for all the info you’ll need…and to secure your spot:

http://www.rocktheroomlive.com

Robert Siciliano Joins Identity Theft Resource Center Board of Directors

(San Diego, CA:  October 1, 2014) The Identity Theft Resource Center, a nationally recognized organization dedicated to the understanding of identity theft and related issues, announced today that Robert Siciliano, CEO of IDTheftSecurity.com, will serve on its Board of Directors.  Siciliano, with more than 30 years of experience in this field, will bring his vast knowledge to the ITRC Board and will help to heighten awareness on current trends and pro-active measures consumers and victims can take to protect themselves.

ITRCThe ITRC, founded in 1999, is a non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft.  It is the on-going mission of the ITRC to assist victims, educate consumers, research identity theft and increase public and corporate awareness about this problem and related issues.

“The ITRC is the single most comprehensive resource for victims dealing with identity theft,” said Siciliano. “For the past 15 years victims have been coming to me for help and my immediate response is to point them right to ITRC. There isn’t another non-profit on the planet that has as much experience in dealing with this horrible crime,” Siciliano added.

As an identity theft expert and frequent speaker, Siciliano is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace.

“Robert’s expansive expertise in the areas of data security and online safety will help the ITRC in serving the thousands of consumers who reach out to the ITRC call center year after year,” said Julie Fergerson, ITRC Board Chair.  “His research efforts in these areas have allowed him to forge ahead as a nationally renowned industry leader in identity theft, internet best practices and technological advances being made in this space every day,” Fergerson added.

About the ITRC

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization which provides victim assistance and consumer education through its toll-free call center, website and highly visible social media efforts. It is the mission of the ITRC to: provide best-in-class victim assistance at no charge to consumers throughout the United States; educate consumers, corporations, government agencies, and other organizations on best practices for fraud and identity theft detection, reduction and mitigation; and, serve as a relevant national resource on consumer issues related to cybersecurity, data breaches, social media, fraud, scams, and other issues.

Contact:  Cristy Koebler
Communications & Media Manager 
Identity Theft Resource Center
Cristy@idtheftcenter.org|858-444-3287 (D)

How the Average Consumer Can Keep Their Smartphone Secure and Private, a Conversation with Identity Theft Expert, Robert Siciliano

By David Geer (bio: http://www.linkedin.com/in/daviddgeer)

“A mobile phone is lost every 3.5 seconds. More than half of those devices are smartphones. 40% are not password protected.” – Identity Theft Expert, Robert Siciliano

Smartphones outnumber PCs. Though the devices are more personal than “personal” computers, they can certainly be less secure. Malware (mal = bad, ware = software) such as viruses, apps that are not secure or that funnel out private information, and the loss or theft of unprotected devices are all threats that lay in wait for unprepared users.

I spoke with Identity Theft Expert, Robert Siciliano for a Q&A about consumers’ top smartphone security and privacy concerns. Genuinely concerned and personally involved, Robert details how the average consumer can keep their smartphone safe.

David Geer: What are the average consumer’s smartphone security concerns?

Robert Siciliano: We are hearing a lot about malware. We are hearing a lot about privacy issues with the apps people download. There are apps that violate user privacy by communicating information the user may not want to communicate (without their knowledge). Though the vendors often state in the TOS (Terms of Service) what these apps will do, some apps share personal information despite what their TOS say. There are also issues with lost or stolen phones, especially when the user has not password protected their device.

There are thousands of examples of malware targeting mobile devices. But while consumers are more concerned about that, the loss or theft of their phone is a larger issue. A mobile phone is lost every 3.5 seconds and more than half of those devices are smart phones. Forty percent of phones are not password protected. An overwhelming number of phones are lost with no password protection.

Then there are the issues we have seen with people stealing people’s phones. I think the biggest concern should be password protecting your phone as opposed to worrying about malware. That is not to say you should not be concerned with malware.

DG: What are some real-world cases of smartphone threats occurring?

RS: A woman contacted me saying, “Robert, I was at a concert last night and I lost my phone.” When she got home, she logged on to her Facebook page and someone had posted all of her naked photos from her phone to her Facebook page.

There are two issues here. One is the fact that her phone was not password protected. The other is that she and many, many starlets are taking nude photos and storing them on their phones. That is a big detail. I have read a half dozen stories in the past year about young, successful actresses that had nudes on their devices and these have ended up on the web because the device was hacked or stolen. These starlets are giving other women the green light to go ahead and do the same thing. We have an entire culture that is engaged in this behavior and not doing much if anything to protect their data.

Our digital devices store our most private information: usernames, passwords and access to private accounts including banking and social accounts. Exposing all the intimate details of our lives because of a lost, stolen or hacked phone is serious business.

McAfee studied password sharing with ex-spouses. A significant number of people surveyed said that they have or would expose their former significant other’s most private photos and videos in the event of a bad breakup. They had access to the passwords and had the same data on their own devices because they took it from their significant other’s phone.

G: Most smartphone users have no interest in becoming technical gurus. What are some things any consumer can do to protect their devices and themselves from these concerns?

RS: It boils down to common sense in recognizing the risks. It is common sense to password protect your device. Beyond that, users should have lock, locate and wipe software whether the vendor built it into the phone or users download it. (This enables the user to lock the phone against access, find the phone or completely wipe all sensitive data from the phone remotely). Then the user should have anti-virus software on the phone.

Do not root or jailbreak your phone. This breaks down the defenses the OS software developer put in place. There is only one store where you can download safe, secure apps for the iOS (Apple) and one where you can download them for Android. When you jailbreak the phone to gain access to the hundreds of other stores and their downloads, neither Apple nor Google have tested these apps.

Jailbreaking is what gets the user and their employer who offers bring-your-own-device options into trouble.

DG: Are there any smartphone settings that can help without frustrating the consumer technically?

RS: Yeah. Turning off Bluetooth, especially when not in use will help. Turning off your location-based services will, too. You have options on what to do in the event that someone does try to access the password. So, for example, if they try to enter the password more than 10 times, then the device will wipe. That is something that you can turn on or off.

DG: Are there any free or modestly priced software solutions that can help without frustrating the consumer technically?

RS: I am a McAfee spokesperson, so I always recommend McAfee’s line of mobile security products. Some are free; some require a small fee. All are very user friendly. Other than that, there is whatever software is already on the device.

DG: If all this is still too much, where can a consumer go for help?

RS: You have heard the term, “Google is your friend”. There generally is not an issue where someone did not ask a question and someone else did not answer with respect to technology. Do a search and find a variety of forums where people have asked the same question you have and someone has answered it. It is a matter of knowing how to ask the right question. Beyond that, your device’s manufacturer or service provider is good places to start.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247

What Security Issues Should You Worry About?

First thing I tell my seminar attendees is “The chances of anything bad ever happening to you is very slim. So don’t worry about. However you should still put these systems in place.”

Are you a helicopter parent? An “alarmist”? Or Chicken Little: The sky is falling, the sky is falling! I heard somewhere along the line that 90% of what we worry about never happens. It might be even closer to 99%. But there is still that one percent that concerns.

Deciding what to worry about may be a conscious or unconscious (or sub-conscious) decision.

Often what we worry about comes from what we see and are fed in the media. It is well known that the nightly news is built on the premise “If it bleeds it leads”. Blood and guts is what sells airtime and newspapers.

These worries when confronted are often dumbed down by statisticians, researchers, some security professionals, social psychologists and are called “baseless paranoid fears”. Books written in this regard are designed to give perspective. My feeling is they are written simply to sell a contrarian idea to stimulate conversation (and sell books) and in reality the author is no less of a “worrier” than anyone else.

Perspective is good. Too much “worry” can have ill health affects and significantly detract from quality of life.

My gripe with the “Don’t worry, it’s a 1 in 10 million chance” mentality is that it fosters the “It can’t happen to me” syndrome which prevents people from taking responsibility for their security in the first place.

If you knew the statistical probability of the chances of your kid being shot at school or your child being kidnapped or even being struck by lightning and all were “slim”, would you take any less precaution to protect yourself or your family?

Would you stand next to a metal pole in a lightning storm? Would you drive without a seatbelt? Would you allow your 7 year old who is perfectly capable of navigating their way to school go by themselves even though the chance of them being kidnapped is extremely slim?

For many of the issues we worry about the chances of them happening might be 1 in a 100,000 or 1 in 10 million. Your chances of something bad happening may equate to the same statistics as winning the lottery, which is very slim, but you still might play the number.

Does it really matter what the odds are?

Every day someone somewhere wins the lottery. Every day someone somewhere is a victim of a heinous crime.

Knowing what I know I’m concerned about it all and I take the necessary steps to prevent what’s in my control. Do I worry?  Well, a part of my life’s energy goes into putting measures in place to prevent “bad”. If being proactive and taking responsibility is “worry” then yes. And I feel safe, secure and grounded without any nagging “paranoid” angst that detracts from the quality of life.

What’s so wrong with that?

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

Botnets Lead to Identity Theft

When a virus recruits an infected PC into a botnet, a criminal hacker is able to remotely access all the data on that computer.

Robot networks, or botnets, have a varied history. A bot, which doesn’t necessarily have to be malicious or harmful, is essentially a program designed to connect to a server and execute a command or series of commands.

As reported by a McAfee study, networks of bots, otherwise known as drones or zombies, are often used to commit cybercrime. This can include “stealing trade secrets, inserting malware into source code files, disrupting access or service, compromising data integrity, and stealing employee identity information. The results to a business can be disastrous and lead to the loss of revenue, regulatory compliance, customer confidence, reputation, and even of the business itself. For government organizations, the concerns are even more far reaching.”

In the second quarter of 2010, more than two million PCs were recruited into botnets in the United States alone. That’s more than five out of every 1,000 personal computers. The rise and proliferation of botnets will continue to put identities at risk.

Computers with old, outdated, or unsupported operating systems like Windows 95, 98, and 2000 are extremely vulnerable. Systems using old or outdated browsers such as IE 5 or 6, or older versions of Firefox offer the path of least resistance.

To protect yourself, update your operating system to Windows 7 or XP SP3. Make sure your antivirus software is set to update automatically. Keep your critical security patches up to date by setting Windows Update to run automatically as well. And don’t engage in risky online activities that invite attacks.

In order to protect your identity, it is important to observe basic security precautions. When you conduct transactions with corporations and other entities, however, the safety of your information is often beyond your control.

Consumers should consider an identity theft protection product that offers daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features in addition to live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visitwww.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft. (Disclosures)

7 Tips To Better Credit Card Security

Every time you use a credit card, you increase the chances of that card number being used fraudulently. Cards can be skimmed and hacked in a number of different ways.

#1 Watch your card. Whenever you hand your credit or debit card to a salesperson or waiter, watch to see where your card is taken and what is done with it. It’s normal for the card to be swiped through a point of sale terminal or keyboard card reader. But if you happen to see  your card swiped through an additional reader that doesn’t coincide with the transaction the card number may have been stolen.

#2 Cover your PIN. There may be cameras or “shoulder surfers” recording your PIN at an ATM or point of sale terminal. Cover up the keypad to foil the bad guys’ plan.

#3 Change up your card number. This is inconvenient but effective. The more frequently you change your number, the more secure that number will be. Once or twice a year is good.

#4 Select online shopping websites carefully. When searching for a product or service online, do business only with those you recognize. Established e-retailers are your safest bet.

#5 Beware of phishing. Never purchase products or services by responding to an email. This generally results in your card number being phished.

#6 Use secure sites. Before entering a credit card number, always look for “https” in the address bar. The “s” in “https” means the site has an additional layer of protection that encrypts the card number.

#7 The most important tip of all is to watch your statements. This extra layer of protection requires special attention. If you check your email daily, you ought to be able to check your credit card statements daily, too, right? Once a week is sufficient, and even once every two weeks is okay. Just be sure to refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses credit card fraud on NBC Boston. Disclosures



Botnets Turn Your PC into A Zombie

A botnet is a group of Internet-connected personal computers that have been infected by a malicious application, which allows a hacker to control the infected computers without alerting the computer owners. Since the infected PCs are controlled remotely by a single hacker, they are known as bots, robots, or zombies.

Consumers’ and small businesses’ lax security practices are giving scammers a base from which to launch attacks. Hackers use botnets to send spam and phishing emails, and to deliver viruses and other malware.

A botnet can consist of as few as ten PCs, or tens or hundreds of thousands. Millions of personal computers are potentially part of botnets.

Spain-based botnet Mariposa consisted of nearly 13 million zombie PCs in more than 190 countries. Further investigation determined that the botnet included PCs from more than half the Fortune 1000. This botnet’s sole purpose was to gather usernames and passwords for online banking and email services.

There are more than 70 varieties of malware, and while they all operate differently, most are designed to steal data. Mariposa’s technology was built on the “Butterfly” botnet kit, which is available online, and which does not require advanced hacking skills to operate.

The criminals in this operation ran the Mariposa botnet through anonymous virtual private network servers, making it difficult for law enforcement to trace back to the ringleaders.

The botnet problem persists. PCs that aren’t properly secured are at risk of being turned into zombies. Certain user behaviors can also invite attacks.

Surfing pornography websites increases your risk, as does frequenting gaming websites hosted in foreign countries. Downloading pirated content from P2P (peer-to-peer) websites is also risky. Remember, there is no honor among thieves.

Computers with old, outdated, or unsupported operating systems like Windows 95, 98, and 2000 are extremely vulnerable. Systems using old or outdated browsers such as IE 5, 6, or older versions of Firefox offer the path of least resistance.

To protect yourself, update your operating system to XP SP3 or Windows 7. Make sure to set your antivirus software to update automatically. Keep your critical security patches up-to-date by setting Windows Update to run automatically as well. And don’t engage in risky online activities that invite attacks.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures

Identity Theft Part 2 – 5 More Identity Theft Myths Unveiled

#1 Publically available information is not valuable to an identity thief.

If I was an identity thief I’d start with the phone book. All information about you is of value to an identity thief. The bad guy gathers as much intelligence about you as possible. Once they get enough data to become you they are off and running. The breadcrumbs we leave behind and the information we post is all used to help them gather a complete profile.

#2 Shredding will protect me.

Shredding will keep some of your data out of the hands of a dumpster diver. But when your information is hacked because someone like your bank was hacked or your mortgage broker threw it away, you are vulnerable. While you should still shred, you should also invest in identity theft protection and a credit freeze.

#3 I don’t use the Internet, I pay in cash, my credit stinks, so I am safe.

Wrongo bongo. While you may not use the internet, others that have your information in their internet connected databases make it vulnerable. Using credit cards doesn’t mean your identity is at risk or using cash means you are any less at risk. Credit card fraud isn’t identity theft. It’s credit card fraud. Just call the credit cards issuing bank and refute the charges within 60 days and you are fine. Bad credit just means not all lenders will grant you credit. Everyone with a SSN, a pulse and even some who are dead are vulnerable.

#4 My privacy settings in social media sites are locked down, so I am safe.

Negative. The mere fact you are sharing personal identifying information of any kind with anyone online means you are at risk. Anyone who you are connected to is a potential leak, whether you know them or not. If you tell a secret to one person, you are vulnerable. If you tell it to 250 people, the secret is out. Never share information in social media that could be used to crack the code of a password reset.

#5 Shopping or banking online isn’t secure.

It all depends. More than likely the etailer or bank where you do business is more secure than your PC. It is often the consumer who is the path of least resistance to fraud. As long as your PC is secured with updated antivirus and spyware protection then you should be fine. Always look for httpS:// in the address bar. The “S” means it’s a more secure site.

Robert Siciliano personal security expert to Home Security Source presenting 20 slides on identity theft at 20 seconds each to the National Speakers Association. Disclosures.