The New SEC Disclosure Rule Will Impact Nearly Every U.S. Business

The new Securities and Exchange Commission (SEC )disclosure rule for cyber incidents represents the most sweeping attempt to date to mandate cyber security by the United States government. If you own or work at a publicly traded company, if you handle data provided by a publicly traded company or if you simply supply a publicly traded company, this new rule will impact your business.The New SEC Disclosure Rule Will Impact Nearly Every U.S. Business

What Is the New SEC Disclosure Rule?

As reported by the Federal Bureau of Investigation, the new SEC Disclosure Rule goes into effect on September 5, 2023. In broad terms, it requires the following:

  • Every publicly traded company in the United States must file form 8K to the EDGAR database within 4 days of the discovery or awareness of any cybersecurity incident that has a “material impact” on their business.
  • The United States Attorney General may allow a reporting delay of up to 30 days, with a possible renewal for an additional 30 days, if the cybersecurity incident presents a danger to public safety or national security.
  • The United States Attorney General may allow an additional 60-day delay in reporting only if there is a significant risk to national security.

Publicly traded businesses have the ability to determine whether or not a cybersecurity incident has a material impact on their operations or valuation. In the event that it does, they must report the nature, scope and timing of the incident, as well as its impact or potential impact.

How Does the SEC Rule Apply to Me If I Do Not Own a Publicly Traded Business?

This rule will be enforced by the SEC, which has extensive investigative capabilities and the ability to determine the penalties that violators will face. Unlike the FTC Safeguards Rule, which has defined penalties and regulations, the SEC disclosure rule is open, both in terms of what defines a “material impact” and in terms of how the agency will follow up. In the worst-case scenario, Federal investigators could arrive at your door to seize documents and devices, if they believe you are responsible for a cybersecurity incident that impacted a publicly traded company, or if the company identifies your business as the source of the data breach.

Here are a few examples of ways a company could inadvertently be swept up in an SEC investigation:

  • A franchisee of a national company suffers a data breach that exposes the personal financial information of its clients.
  • A shipping company receives a fraudulent order through a pretexting attack that diverts money or materials of significant value to criminal actors.
  • A conference planner suffers a data breach, exposing the email addresses, usernames and login credentials of all conference attendees.
  • A marketing agency’s servers are breached, revealing the embargoed technical specifications of a client’s new product.
  • A law firm’s email is breached, revealing details of a client’s patent filings or lawsuits.
  • A doctor’s office wireless network is compromised, allowing hackers to steal the personal health information of corporate executives.
  • A mortgage broker’s file transfer system is compromised, exposing the property valuations of individuals referred by a client.
  • A company website is hacked, revealing administrative usernames and credentials.

These examples fall into three broad categories:

  1. Data breaches that expose data belonging to a client’s customers.
  2. Hacking attacks that uncover a client’s future business plans, internal information or intellectual property.
  3. Credential theft or protected personal data theft that compromises a client’s leadership or employees.

Something as simple as a phishing attack that exposes your email contacts could be material, if hackers then use that information to launch a targeted attack on your client or sell the information to others. Pretexting attacks that divert payments, materials or finished goods that a client needs to operate could be material if they have a significant impact on a client’s sales. Ransomware attacks that lock your clients out of needed services, disrupting their operations, could also qualify as a material impact.

What Do I Need to Do to Comply?

Only publicly traded businesses are required to report cyber incidents under the disclosure rule, but their ability to report depends on support from their vendors, franchisees, service providers and partners. Remember that if your business is the source of a cyber incident that compromises a client’s business, you may be investigated, and your cyber security policies will be scrutinized. The publicly traded company will face SEC penalties. You will lose the client, and your reputation will take a significant hit.

No business wants to deal with the SEC. Investigations can be lengthy, disruptive and expensive. It is very likely that publicly traded companies will demand some accountability from vendors and partners, as well as assurances, possibly legally binding assurances, that cybersecurity incidents will be reported. For companies that are not publicly traded, compliance requests will likely include the following:

  1. Documentation of current cyber security standards, including incident monitoring and security updates.
  2. Documentation of cyber security employee training practices.
  3. Written plans to report cyber security incidents to impacted clients as soon as these incidents are known.
  4. Written plans to respond to and stop cyber attacks, along with an evaluation of data loss or potential third-party compromises.

Do not be surprised if clients ask for this documentation. Clients may also want to execute additional nondisclosure agreements (NDAs) that include specific language around cyber incidents, or ask for these protections to be outlined in service contracts or contract amendments.

How Will the SEC Enforce the Cyber Incident Disclosure Rule?

It is impossible to know what enforcement will look like, as the SEC tends to treat violations on a case-by-case basis. Based on past behavior around new regulations, the SEC is likely to issue warnings for a period of time for first-time offenders or minor breaches. If a significant breach occurs, or if a publicly traded company repeatedly violates the rule, an extensive investigation with significant penalties will follow. This will trigger a stampede for services that will leave providers struggling to keep up with demand, and companies scrambling to find providers who can help them. It is better to take this matter seriously now, evaluate your needs and get professional cyber security support if you need it.

Note that the new disclosure rule does not require an experienced or certified professional to oversee or report cybersecurity incidents. Most small businesses should be able to manage compliance on their own, or with the help of a VCISO.

Why Did the FTC Add This Reporting Rule?

The SEC outlined two needs that drove the new disclosure rule. First, the SEC believed, as do many law-enforcement organizations, that cyber crime is underreported. By bringing their authority to this area, the SEC seeks to compel a greater level of reporting compliance, eliminating the tendency of some businesses to quietly pay ransoms or overlook seemingly minor cyber intrusions.

Second, the SEC felt that current reporting, which lumps cyber security incidents in with other business challenges, did not provide enough information to shareholders. The standard report will allow shareholders to see how often a business suffers cybersecurity incidents and how severe they are, providing another data point investors can use to evaluate opportunities.

As a final, broader goal that was unstated, the disclosure rule puts anyone who works with a publicly traded company on notice that their clients’ interactions are under Federal scrutiny. This is likely meant to compel greater adoption of cyber security best practices across all U.S. businesses, which will make it harder for criminals to carry out attacks. In that regard, it is the most significant effort to date by the U.S. government to establish and require cyber security as a basic element of business operations.

If you have questions about the SEC disclosure rule, how it could impact you, how you can comply or how you can improve your cyber security employee training, please contact us online or call us at 1-800-658-8311.

This GUN Website is a Fraud. How to Determine if a Website is Fake or Real

There are many scammers out there, and one of the things they like to do is to create fake sites that are meant to trick people into giving them personal information, commit identity theft or wire fraud or they’re designed to facilitate a P2P payment like Venmo or PayPal or they’re designed to siphon money via a wire transfer.

One such site is https://empiregunshop.com/ Empire Gun Shop is set up specifically to scam users via a wire transfer. I stumbled upon the site via a Google search looking for a specific part for an old firearm that was provided to me. Google index’s the site, which is scary, and people are being scammed every day. The site has been in operation since March 2020. They also have a Yelp and a Yellow Pages listing which furthers their “legitimate” presence. What also makes this site so effective, beyond the quality web development, is the fact that the URL has HTTPS meaning the “S” designates it is a “secure site” but that doesn’t mean it’s safe.

The site also has a “Live chat” feature that allows visitors to immediately connect with a live operator. And if you do, and feel free to try it, they will respond directly to you. And what is likely to occur is they will set up a wire transfer either via email or via chat. All communications with the scammers are done via a Google voice phone number. I’ve talked to them, engaged in email communications and text. Based on their thick heavy accents and they’re utter brazen attitudes, it’s likely they are from West Africa or Nigeria etc.

Their “Contact us” page provides both a phone number and an email address. And as soon as you contact them they will respond. They will convince you that they have your product in stock, and they will work with you to set up a wire transfer or a peer to peer payment. And once you do, that’s it it’s over Johnny, you lose that money.

When I engaged them to purchase a part, I became immediately suspicious when they were unable to answer a single question that I had asked. Firearms are a certain specialty, and there is a specific language that one needs to speak in order to understand the world of guns. These scammers have no idea what they’re talking about. And if you’re a new gun enthusiast and don’t understand the language of firearms you are likely to get scammed. And that is their edge. Newbies are their mark.

So for laughs, I engaged them via text. I asked if I could buy a “Bazooka” which if you didn’t already know, a Bazooka is a common name for a man-portable recoilless anti-tank rocket launcher weapon, widely deployed by the United States Army. It’s a grenade launcher.

And I told them that my intent was “I am declaring jihad against the infidels.”  Which for any normal company would set off red flags. But not these guys. They’re all about the jihad! And they asked for the FFL which is the Federal Firearms License. And I provided  “Youra Sheethed” Get it? You’re a Shithead. He He.

And I gave them the physical address of the ATF and Boston. And they responded with their PayPal identification number. Feel free to send them some money. Or report them to Paypal. Whatever you wanna do.

Once I started to see this was a scam, I quickly researched the name of the company and found numerous online forums that enforced my belief that it was fraud. Here are those links below:

https://www.bbb.org/us/pa/danville/profile/gun-shop/empire-gun-shop-0241-236059607/complaints

https://www.scam-detector.com/validator/empiregunshop-com-review/

https://www.glocktalk.com/threads/empire-gun-shop-anyone.1883574/

https://www.ar15.com/forums/hometown/Is-Empire-Gun-Shop-in-Danville-legitimate-/14-652483/

https://www.yelp.com/biz/empire-gun-shop-danville

https://www.yellowpages.com/danville-pa/mip/empire-gun-shop-6086596

Here are some of the ways that you can determine if a site is real or fake:

You Aren’t Sure How You Got to the Site

 Have you found yourself on a site and you don’t know how you got there? Did you click on an email link? This is one of the most effective methods that a scammer uses to get a victim to go to a fake site. This is also the case with links on social media sites. Whatever you do, do not click these links. Instead, if you know you want to go to a site, either use a bookmark or type it directly into your browser.

Do You See Spelling or Grammar issues?

 Another sign that a site might be fake is a lot of grammar and/or spelling issues. Many of these fake sites are created by non-native English speakers, and they often make mistakes with spelling and grammar. Some also use translation software, which is notorious for making mistakes like using “there” instead of “their.”

Is the Site Endorsed?

If you see that a site is endorsed, you might believe that it’s totally safe, but just because you see an icon that looks like an endorsement, it doesn’t mean it’s real. A person creating a fake website can add information saying, for instance, that it is endorsed by a news outlet, but that doesn’t mean it actually was. The same can be said for authenticating badges. You should be able to click on these badges and be directed to a site explaining what it means. If you can’t click it, it’s probably a fake.

Look at the Address

Another sign that a site is a scam is if the website address is incorrect. For example, let’s say you want to do some online shopping, and you get an email coupon from Kohl’s. You click on the link, but instead of going to Kohls.com, it takes you to K0hls.com. This is a fake site. You also want to pay attention to the beginning of the address, too. You should only be doing shopping or entering information at a site beginning with HTTPS, not HTTP.

How to Make a Purchase

Almost every website out there takes credit cards. This is a good thing, because a credit card gives you protection. If a site doesn’t take cards, and it only wants a check or wire transfer, you should be suspicious. Empire Gun Shop doesn’t take credit cards.

Are the Prices Too Good to Be True?

Are the prices on a site too good to be true? If the prices are much lower than other prices, this could be a sign of a scam. For example, if you want to buy a new designer purse, and every other site has them for $400, but this one has it for $100, this is a red flag.

Read Reviews

Finally, you can determine if a site is real or not by looking at reviews. You can do this by searching on Google, or you can look at the Better Business Bureau listing. There is also a scam tracker on the BBB website, too. And as I did above, seek out the name of the company and its domain on various forums that specialize in that product or service. Keep in mind, however, that some of these reviews might still be fake, so spend a little time on this and don’t always give these landing pages or splash pages too much credibility.

And hey, feel free to mess with those scumbags at Empire Gun Shop and make their life hell.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Your Uber Driver May be a Criminal

Do you Uber? If you do, you probably feel pretty safe getting into the car of a stranger. However, you might not be as safe as you think.

Most people take for granted that Uber does background checks on its drivers, but there are actually a number of shady drivers who have recently been accused of crime, and it’s definitely not the first time they have had run ins with law enforcement. Some of these people are accused of committing crimes against their passengers, and that’s where things really get scary.

CNN recently took a look at both Uber and Lyft and found that both companies approved hiring thousands of drivers who have criminal records. Uber responded to this report by saying it knows that there were some hiring mistakes in the past, but they have improved the way they hire, and in 2017, rejected more than 200,000 people because of issues on the background check. However, both companies are not keen to adopt more scrutiny in the screening process.

Several state and local law enforcement agencies are pushing the companies to put more focus on potential drivers. Right now, for instance, they don’t do any fingerprinting nor federal background checks. Instead, both Uber and Lyft use a third-party background check company. It uses the name and Social Security number of potential drivers to check the national sex offender database, local court records, and suspected terrorist databases. The goal is to get drivers on the road as soon as possible, and many of these checks are instant.

Currently, there are 43 states that require screening for rideshare services, but these laws don’t say that the companies have to use a specific company or screen in a certain way. Instead, 42 of these states allow rideshare companies to take responsibility for the screening. Only Massachusetts requires a company background check and an additional check, which is done by the state. Only New York City requires rideshare drivers to have fingerprinting done.

It’s also worth mentioning that just because a company does background checks that include fingerprinting, it isn’t always fool proof. The FBI system that is used for this has incomplete records and it is not meant to be used in this way.

As someone who uses Uber, it’s important that you keep all of this on the back of your mind before you take your next ride. Yes, there is some type of background check done, but don’t let that fool you; your Uber driver could still be a criminal.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Mass Shootings: Driven by Evil or a Desire for Celebrity Status?

If all a gunman, who opened fire and randomly killed nine people, wanted was 15 minutes of fame, he could have achieved this running naked into the field at a major league baseball game.

At least one criminologist believes that the driving force behind mass shootings is a desire for celebrity status. According to Adam Lankford, a criminologist at the University of Alabama, they want to be famous.

But this theory has holes. You don’t have to kill people to be famous, and since when are murderers treated like celebrities? Since when does celebrity treatment include prison food?

If it all came down to wanting to be famous, then why do these mass murderers always have troubled pasts, particularly a history of being victimized by bullying?

However, many criminologists do believe that most shooters are seeking infamy – even though, certainly, anyone who’s planning a shooting spree knows there’s a good chance they’ll get killed in the process – in which case, they won’t be alive to revel in their infamy.

In an attempt to prevent future mass shootings, the media has decided not to mention the killers’ names more than once, such as with the 2012 movie theatre slaughter in Colorado and the 2017 Las Vegas concert massacre.

This tactic has proved futile, given the shootings that occurred the first week of August 2019 in El Paso, Texas and Dayton, Ohio, plus many additional (smaller) shootings since 2012 and even 2017.

Nevertheless, supposedly the Sandy Hook Elementary School shooter kept a journal detailing decades of mass shooting events.

If a man has suffered a corrupt childhood and is seething with hatred towards people, feels no hope for his future and knows how to get an AK-47, or AR-15, do you really think that he cares whether or not his name is mentioned after a killing spree?

Sure, he’d like to gain a lot of notoriety – as long as he’s going to commit the deed. But notoriety isn’t the reason he wants to kill people.

Are killers born or made via childhood environment?

These killers may have come from “privileged backgrounds,” but a big house, a swimming pool in its backyard and tennis lessons can still be part of a childhood environment that’s conducive to creating a soulless, evil person who hates humans so much that he one day decides to shoot into a crowd.

We can argue till the cows come home whether or not years of bullying led to the Columbine massacre, or if while growing up El Paso murderer Patrick Crusius frequently heard his father rant that Mexicans didn’t deserve to live.

But at the end of the day, it really makes no sense that wanting to hear your name on CNN would make a well-adjusted man go on a homicidal rampage.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Another Rideshare Rape is an Epidemic

Women should never take a ride from a stranger because it’s dangerous – unless she’s paying the driver???

Wrong, of course. Uber and Lyft drivers provide paid rides to strangers as requested via the Uber and Lyft apps.

As of August 2018 WhosDrivingyou.org tallied the number at almost 400 rapes and probably stopped recording the sexual assaults because it has become so common. A quick Google search for “rideshare rape” pulls almost 7K results.

YeT another rideshare rape allegedly happened this week when an intoxicated woman was overcome by her driver. And before you blame the victim, JUST SHUT UP.

Almost the Perfect Crime

  • The predator has no problem getting a woman into his vehicle.
  • There’s an easy explanation for her DNA in the vehicle: the ride service.
  • She might be intoxicated, which is a common reason for hiring a rideshare service, and intoxication means vulnerability and lack of credibility.

Has the rideshare industry created a monster?

What makes rape even easier to get away with is if the passenger passes out from intoxication.

But by no means does this mean a predator should feel confident he could get away with his crime, such as Uber driver John David Sanchez, who got 80 years for ride-related sex crimes.

A CNN investigation revealed that at least 31 Uber drivers have been convicted of crimes such as rape as well as forcible touching.

On the other hand, CNN reported the case of an Uber driver who was accused by his fare of sexual assault. He claimed it was consensual; the charges were dropped.

CNN also reported that many of the women who were sexually assaulted by the over 100 accused drivers had been drinking or were drunk at the time of the alleged crimes.

A similar investigation of Lyft by CNN also revealed numerous sexual assault accusations.

What can a woman do?

  • Use Uber, Lyft (or a taxi service) only as a last resort, i.e., you can’t find someone you know to transport you.
  • Make sure you’re not impaired by any substances. This is a two-edged sword because an impaired person should not drive, either. If you’re convinced ahead of time you’ll be impaired, then arrange for a trusted friend to drive you home. If you can’t find someone, then reconsider your plan on getting wasted; is it worth it?
  • Arrange to use rideshare services with a companion.
  • Hire only female drivers.
  • Under no circumstances let a driver into your home.
  • Make sure your phone has a one-touch emergency alert button that will activate first responders who can home in on your location.

Don’t assume that just because someone works for Uber or Lyft that they’re safe. Though these companies do background checks, you have to consider that some predators have a clean record because they haven’t been caught (yet).

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Should Life Insurance Policies Be Banned?

It’s fair to wonder how many people would still be alive today if there were never any such thing as a life insurance policy. Personally I can’t imagine NOT having a life insurance policy if you have children 17 and under. But the below info might ring true for some of you.

An insurance policy may be the only thing it takes to kick a murder plan into high gear. A woman who isn’t generally capable of murder just because she saw him with another woman might be to get her hands on that $300,000 payout.

Which brings us back to the initial question: How many people would still be with us had they not named their killer as the beneficiary of a life insurance policy?

Who in their right mind keeps an angry, disgruntled family member as the beneficiary anyways?

You’d be stunned to know the answer: Enough to supply the Investigation Discovery channel with one crime documentary after another in which a person was murdered for their life insurance policy.

  • In many cases the killer is a woman – either directly, or she “hires” someone to do the job.
  • Of course, many times the victim is a woman.
  • A third scenario is when a non-family member has been scammed by the killer to name the killer as the sole beneficiary.
  • A fourth scenario is when the killer takes out the policy of the victim without the victim knowing!

This article is about the first two types.

What’s absolutely mind-blowing is why the policyholder keeps these beneficiaries on the payout plan, when any one of the following has occurred:

  • The beneficiary and the policyholder have separated or divorced – and have a very ugly relationship in which the beneficiary has displayed fits of rage.
  • The policyholder is afraid of the beneficiary, though there’s been no violence directed towards him or her.
  • The policyholder has been assaulted by the beneficiary.
  • There are no children (which then begs the question more than ever of why the policyholder would want that ex-spouse or soon-to-be ex-spouse still as a beneficiary).

In short, why on earth would you want someone – whom you’re either afraid of or now hate to the bone – to be your beneficiary?

Even if you have young children with the beneficiary…it still makes zero sense if you believe there’s even a remote chance that your ex is capable of killing you for that money.

Your raging ex or deeply troubled son do NOT need $800,000 if you die in a car accident or from disease. So why do you have the policy and why are they on it?

Bottom Line

  • Nobody whom you fear or who now hates you should be your beneficiary.
  • Remove them at once and inform them promptly.
  • It could save your life.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Put the Stupid Phone Away! Pedestrian Deaths Rise

If you like taking an evening stroll, walking your dog, or even hitting the pavement for exercise sake, you could be putting yourself at risk according to a recent report from the Governors Highway Safety Association.

The statistics are shocking; the report looked at how many pedestrians were killed by vehicles while walking in 2018, and it was not only a 4 percent increase from 2017, but the highest rate of death since 1990.

Why are these numbers rising? There are a couple of reasons. First, there are more SUVs and trucks on the road, and these vehicles are more likely to kill someone due to the weight and size. In fact, since 2013, the number of pedestrian deaths caused by SUVs has risen by 50 percent. Another reason for this is that people are not paying attention, both behind the wheel and on the pavement. Why? Smartphones. Alcohol was also to blame, as about half of the deaths reported in 2017 was caused by alcohol consumption by either the pedestrian, the driver, or in many cases, both. Of course, there is also the fact that the population has grown, so there are naturally more people out and about on the streets.

Population growth might not seem like a big deal, but the statistics show otherwise. When you look at the states that have had the highest population growth from 2017 to 2018, you also see that there is an increase of the number of deaths from pedestrians getting hit by vehicles. There has also been an increase in the number of people who are walking to work instead of driving when you look at statistics from 2007 to 2016.

The Governors Highway Safety Association also reports another unsurprising fact; the majority of these deaths are occurring after dark, and when comparing the number of pedestrian deaths during the day and at night, the nighttime deaths are rising quickly when compared to daytime deaths. When you look at the number of nighttime deaths between 2008 and 2017, there was an increase of 45 percent. When looking at daytime pedestrian deaths, there is also an 11 percent increase between those same years.

If you are looking for a safe place to walk around, consider New Hampshire. There was only one death in the first half of 2018. On the other end of the spectrum, New Mexico had the highest rate of pedestrian deaths. Almost half of all pedestrian deaths in the United States occurred in Florida, Arizona, Texas, California, and Georgia. None of us should have to worry about crossing the street, and this might be a sign that it’s time to improve vehicle design and improvements to the road.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Your Real Estate Agent May Have a Gun

If you are thinking of buying a house, and you start going to open houses, you might be surprised to learn an interesting fact: the real estate agent might be carrying a gun. Some of you reading this might have jumped to this article looking for a fight, because in M’erka guns are a controversial subject and why shouldn’t your real estate agent have a gun?

Real estate agents find themselves in precarious situations all of the time. They also might have to travel into neighborhoods that aren’t as safe as your typical bedroom communities. There are wayward dogs to contend with, random robberies, and the chance that a visitor to an open house has malicious thoughts. A real estate agent was killed in Maryland not too long ago and his killer stole his laptop and phone. He was killed for $2,000.00 in hardware by this shithead with the money on his face.

When you think about it this way, it’s no wonder that a real estate agents might feel the need to protect themselves.

The Statistics

Let’s look at some statistics: The National Association of Realtors released a report that states 25% of real estate agents who are male carry guns when on the job. Other real estate agents report that they carry other weapons, too, even if they don’t carry guns. Whether you are a fan of guns or not, you can certainly see why some Realtors feel the need to protect themselves.

The fact that 25% of male Realtors carry a gun is only the tip of the iceberg. The NAR report also says that more than half of all Realtors, both male and female, carry a weapon of some type to every showing. Here’s a brief synopsis:

  • Pepper Spray – 27% of female Realtors and 5% of male Realtors
  • Guns – 12% of female Realtors and 25% of male Realtors
  • Pocket Knife – 5% of female Realtors and 11% of male Realtors
  • Taser – 7% of female Realtors and 2% of male Realtors
  • Baton or Club – 3% of female Realtors and 3% of male Realtors
  • Noisemaker – 3% of female Realtors and 0% of male Realtors

Why are Realtors Afraid?

So, why are so many Realtors afraid enough to carry a weapon? First, there is the fact that approximately 3% of Realtors report being physically attacked when on the job in 2016. Though may that seem like a low number to some (too high for me), you have to understand that the overall rate in the country is about 2%, which means Realtors have a higher chance of being physically assaulted when compared with the average US citizen.

The reasons real estate agents feel the need to protect themselves is even more clear. In fact, many Realtors report that they are fearful of going to work each day. An astounding 44% of female Realtors told the NAR that they were worried about going to open houses in model homes and vacant lots.

Here’s some more stats:

  • 44% of female Realtors were afraid at some point in 2017 when on the job
  • 25% of male Realtors were afraid at some point in 2017 when on the job
  • 38% of all Realtors were afraid when in a small town
  • 35% of all Realtors were afraid when in a rural area
  • 39% of all Realtors were afraid when in an urban area
  • 40% of all Realtors were afraid when in a suburb

Knowing this, it’s certainly not surprising that a Realtor would carry a gun. HOWEVER, the problem with all this gun slinging is most people, regardless of their profession aren’t properly trained to “fight” with a gun. That means being trained to use a firearm under duress. I’m not talking about gun safety or target shooting, I’m talking about if you are being attacked, do you know how to respond with a gun if someone is coming after you? So to my Real Estate Agent friends and all others, seek out “Stress Response Training” and Firearm and get properly trained.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Here’s What Crazy Mass Shooters Look Like

Mass shootings. They happen so often these days, they are hardly making headlines, and when they do, they are soon pushed out of the news cycle thanks to what’s going on in the White House or in Russia. There are many red flags that show what crazy mass shooters look like.

Look at this:

According to reports, the Thousand Oaks shooter assaulted his track coach. The Florida high school shooter was accused of threatening, abusing, and stalking people he knew. People say that the Las Vegas shooter was verbally abusing his girlfriend while in public. What do you see here? A pattern.

The FBI is on the case here, but that’s hardly comforting due to the sheer volume of unstable people out there. Earlier this year, the FBI released a report that shows the “pre-attack behaviors” of people accused of or convicted of mass shootings. Here’s another takeaway: 63 percent of them were white, and 94 percent of them were male. The report concludes with a takeaway that shows a very troubling and complex view of the people who have failed to positively handle the stressors in lives. In addition, they all display several concerning behaviors, they plan and prepare, and they often share their intent to attack with others.

It often takes several people to spot every red flag that a potential mass shooter displays, according to the FBI. These flags often include violent behavior, abuse, bullying, and harassment. To get even closer to what a mass shooter looks like, take a look at the following stats:

  • 57% of shooters have shown “concerning” behaviors
  • 48% of shooters have talked about suicide
  • 35% of shooters have made threats
  • 33% of shooters have a history of physical aggression
  • 33% of shooters have anger issues
  • 21% of shooters have used firearms inappropriately
  • 16% of shooters have used violence against their partners
  • 11% of shooters have been accused of stalking

The FBI report also shows that most shooters spent at least a week planning their attacks, and they often give their family and friends some type of “preview” of what’s to come. If people do become concerned about a future mass shooter’s behavior, it’s rare for them to go to the police, and they often become targets of the shooter, themselves.

It’s easy to make a report, however, so if you feel that someone you know might have the makings to be a mass shooter and made threats, you can report this to the FBI online. Finally, there are 13 states where “red flag” gun laws are in place. This means that a person’s guns could be removed if they are showing a high risk of violent behavior. These states are:

  • California
  • Connecticut
  • Delaware
  • Florida
  • Indiana
  • Illinois
  • New Jersey
  • Maryland
  • Massachusetts
  • Oregon
  • Rhode Island
  • Vermont
  • Washington

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Be aware of all these Confidence Crimes

Criminals have a reliance on tricking victims to get access to account information, like passwords. This is known as social engineering, and is also called a “confidence crime.” These come in many forms:

Do Not Take the Bait of These Phishermen

  • A phishing email that targets a specific person is known as spear-phishing. A spear-phishing email looks like an email that might come from a legitimate company to a specific person. For example, a thief might send a fake email to a company’s employee who handles money or IT. It looks like the email is from the CEO of the company, and it asks the employee for sensitive information, such as the password for a financial account or to transfer funds somewhere.
  • Telephones are used for phishing, too, also called “vishing,” which is a combination of phishing and voicemail.
  • Fake invoices are also popular among hackers and scammers. In this case, a fake invoice is sent to a company that looks like one from a legitimate vendor. Accounting pays the invoice, but the payment actually goes to a hacker.
  • Another scam is when a bad guy leaves a random USB drive around the office or in a parking lot. His hope is that someone will find it, get nosy, and insert it into their computer. When they do, it releases malware onto the network.
  • Cyber criminals also might try to impersonate a vendor or company employee to get access to business information.
  • If someone calls, if you get an email, if the doorbell rings, or if someone enters your office, always look at it with suspicion.

Be thoughtful about security:

  • Set up all bank accounts with two-factor authentication. All web-based email accounts should have two factor authentication. This way, even if a hacker gets your password, they still can’t access your accounts.
  • Train staff to be careful about what they post on social media, such as the nickname the CEO goes by in the office.
  • Do not click any link inside of an email. These often contain viruses that can install themselves on your network.
  • Any requests for money or other sensitive data should be verified over the phone or in-person. Never just give the information in an email.
  • All money transfers should require not one, but two signatures.
  • Make sure all employees are fully trained to recognize a phishing attempt. Also, make sure to stage phishing simulation attempts to make sure they are following protocol.
  • Help people understand the importance of looking out for things like a new email address for the CEO or Kathy in accounting suddenly signing her name Kathi.
  • Also, teach staff to report any uncharacteristic behaviors with long-time vendors or even fellow coworkers.

I once presented a security awareness program to a company that was almost defrauded. They hired me because of an email accounting had received from the CEO. The CEO sent a nice proper letter to accounting requesting payment be made to a specific known vendor.

A number of things were wrong with the email. First and foremost, like I mentioned, the email was nice and proper. Apparently the CEO isn’t all that nice, is somewhat of a bully, and all his communications are laden with profanity. So the red flags, where the fact that the email was nice. Imagine.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.