Most Security Awareness Training is Insufficient and Should Lead to Consequences

Maybe company executives who don’t engage in real world security awareness training should suffer the consequences for their insufficiency. 

An excellent Help Net Security article is titled “What CISOs need to keep CEOs (and themselves) out of jail” discusses many of the fundamentals of cyber security, what security leaders should be doing, but aren’t doing, and so on. The article makes no mention of “security awareness training” but it does explicitly state “The overwhelming majority of major breaches and attacks involved human error.” Which, of course, could often be averted with security awareness training that enhances digital literacy.

This author and his team have reached out to thousands of CIO/CISO’s for city and town municipalities whose sole responsibility is to maintain the cities IT infrastructure and security. And often, when approached to assist in their security awareness training to enhance a change in behavior, the response is generally “We use a third-party company that provides phishing simulation training, we’re all set.” Frankly, that response sucks. What it says is that the CIO/CISO is providing the absolute bare minimum of training that facilitates whatever legal-compliance is required.

Interestingly, many of these municipalities use Proofpoint, who do fine job, but it’s not enough. Speaking of, a The Hacker News article titled “Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails” further states “The cybersecurity company has given the campaign the name Echo Spoofing. The activity is believed to have commenced in January 2024, with the threat actor exploiting the loophole (at Proofpoint) to send as many as three million emails per day on average, a number that hit a peak of 14 million in early June as Proofpoint began to enact countermeasures.” OUCH.

Anyway, back to “but it’s not enough”. Phishing simulation training does one job, it is designed to change behavior in regards to preventing phishing. And while that may lead to compliance, it doesn’t actually solve various real-world security problems, nor does it significantly enhance digital literacy or fundamentally change people’s behavior regarding what security is and more importantly, what security isn’t. Most people have a false notion of what security is, where they think it revolves around paranoia, fear, worry, etc. and it doesn’t.

If compliance is all you, the CEO/CIO/CISO are going to do, maybe you SHOULD go to jail. Recent headlines “Boeing accepts a plea deal to avoid a criminal trial over 737 Max crashes, Justice Department says” point to everything Boeing DIDN’T DO to ensure safety. Really, what’s the difference between what Boeing didn’t do regarding compliance or providing the bare minimum of network security or compliance type security awareness training?

Data breaches, ransomware, network vulnerabilities, are becoming life and death scenarios. What happens when a hospital is hacked? What happens if traffic systems are hacked? What happens if GPS for airlines is hacked? What happens if the grid goes down for a significant period of time? The Justice Department/Boeing deal requires Boeing to invest at least $455 million in its compliance and safety programs. The Justice Department is saying your basic compliance isn’t enough, and it cost people’s lives.

Hell, Ars Technica reports a North Korean hacker got hired by US security vendor KnowBe4, which provides security awareness training in the form of phishing simulation training, the hacker immediately loaded malware into the company’s network. Employees seemed to be fooled by a stolen ID. The hypocrisy is endless. KnowBe4 is one of the best in the world at what they do. But still, “The overwhelming majority of major breaches and attacks involved human error,” even inside top security awareness training firms. Humans are hackable because we trust by default. And none of these companies are providing the necessary real-world security awareness training that fundamentally changes people’s behavior.

Here’s the deal, and I’ve wrote about this before, and this is what I present in all of my trainings, and none of this is presented by any of the security awareness training firms; Security goes against our core beliefs. Security is not natural, it’s not normal, it means that we don’t trust others. However, we trust by default. Not trusting others is actually a learned behavior. Security means that you are aware that there are others out there that may choose you as their target. That’s not normal. It’s not natural. No-one wants to think they are a target.

What’s normal is that we live happily ever after, we live together as one species in harmony. We trust each other, we are good to each other, we treat others as we want to be treated. We don’t hit, hurt, harm or take from one another. We are civilized creatures.

However, there is a small percentage of predators, uncivilized beings, we call them sociopaths, psychopaths, and hard-core narcissists. They are the criminal hackers, the serial killers, the rapists. They are a minority, and we choose to think they don’t exist. Or at least we deny they would choose us. We resist security practices, because it goes against what it means to be a civilized being.

The complexity of cybersecurity topics can overwhelm employees and consumers, making them feel incapable of understanding or implementing the necessary precautions. I blame pretty much every cyber security awareness training company out there. It’s not all about phishing simulation training. None of these companies have a clue when it comes to teaching individuals about risk. It’s not “do this, don’t do that” they have forgot what it means to be human.

1. Denial. Some people may deny the importance of cybersecurity or believe that they won’t be targeted by cyber threats, leading them to dismiss training efforts. Denial is more natural and more normal than recognizing risk. Denial is comfortable, it’s soothing, and it allows us to avoid the anxiety of “it really can happen to me”

2. Fear of technology. Individuals who are not confident in their technological abilities may feel intimidated by cybersecurity training, leading them to avoid it altogether. This, of course makes total sense. How many times have you gone in a vicious circle, a constant loop of not being able to log into an account because of two factor authentication not working or something else out of whack? Technology can be frustrating. If security is not easy, people aren’t going to do it.

3. Lack of awareness. Some consumers may simply not be aware of the risks posed by cyber threats, leading them to underestimate the importance of cybersecurity training. This is a real problem. This lack of attention to what your options are regarding anything security is common. Part of that lack of awareness stems from disbelief these things can happen to us, denial we can be targeted, and a relative “pacifist” attitude.

Addressing these barriers requires organizations to tailor their cybersecurity awareness training programs to be engaging, relevant, and accessible to all employees and consumers. This can involve using clear language, providing real-life examples, and offering support for individuals who may struggle with technology or cybersecurity concepts. It also means getting “real”. And cyber security awareness training companies aren’t going to do that, nor are their 2-dimensional employees, and most of them don’t have the ability to get down and dirty and speak “holistically” about life and security in the same sentence.

And if the CIO, CEO, CISO or in my case, the Mayor or town administrator, who oversees the budget of their CIO, CISO doesn’t think this kind of security awareness training is necessary, maybe they should go to jail too.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, and the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Why EVERYONE is Resistant to Engaging in Security Practices and How to Fix It

It’s everyone. (It’s you too. Just read.) Security goes against our core beliefs. Security is not natural, it’s not normal, it means that we don’t trust others. However, we trust by default. Not trusting others is actually a learned behavior. Security means that you are aware that there are others out there that may choose you as their target. That’s not normal. It’s not natural. No-one wants to think they are a target.

What’s normal is that we live happily ever after, we live together as one species in harmony. We trust each other, we are good to each other, we treat others as we want to be treated. We don’t hit, hurt, harm or take from one another. We are civilized creatures.

However, there is a small percentage of predators, uncivilized beings, we call them sociopaths, psychopaths, and hard-core narcissists. They are the criminal hackers, the serial killers, the rapists. They are a minority, and we choose to think they don’t exist. Or at least we deny they would choose us. We resist security practices, because it goes against what it means to be a civilized being.

Therefore, in addition to the above, consumers (you) may be resistant to cybersecurity awareness training for several reasons:

1. Perceived inconvenience. Some may view cybersecurity training as an additional task or inconvenience, especially if they believe it interrupts their regular activities. Which is all nonsense. If you thought your bank was being targeted, would you do something about it? Of course. Beyond the perceived inconvenience, we are tired, lazy and selfish. That’s actually normal too.

2. Lack of perceived relevance. Some individuals may not see the immediate relevance of cybersecurity to their daily lives, leading them to ignore or resist training efforts. This is frustrating for your IT directors, and it is also frustrating for your government who see you, and I, as part of the problem regarding our critical infrastructure being vulnerable. Cyber security is relevant if you want to keep the lights on, have clean water, and heat your home. 

3. Overwhelm. The complexity of cybersecurity topics can overwhelm consumers, making them feel incapable of understanding or implementing the necessary precautions. I blame pretty much every cyber security awareness training company out there. It’s not all about phishing simulation training. None of these companies have a clue when it comes to teaching individuals about risk. It’s not “do this, don’t do that” they have forgot what it means to be human.

4. Denial. Some people may deny the importance of cybersecurity or believe that they won’t be targeted by cyber threats, leading them to dismiss training efforts. Denial is more natural and more normal than recognizing risk. Denial is comfortable, it’s soothing, and it allows us to avoid the anxiety of “it really can happen to me”

5. Fear of technology. Individuals who are not confident in their technological abilities may feel intimidated by cybersecurity training, leading them to avoid it altogether. This, of course makes total sense. How many times have you gone in a vicious circle, a constant loop of not being able to log into an account because of two factor authentication not working or something else out of whack? Technology can be frustrating. If security is not easy, people aren’t going to do it.

6. Lack of awareness. Some consumers may simply not be aware of the risks posed by cyber threats, leading them to underestimate the importance of cybersecurity training. This is a real problem. This lack of attention to what your options are regarding anything security is common. Part of that lack of awareness stems from disbelief these things can happen to us, denial we can be targeted, and a relative “pacifist” attitude.

Addressing these barriers requires organizations to tailor their cybersecurity awareness training programs to be engaging, relevant, and accessible to all consumers. This can involve using clear language, providing real-life examples, and offering support for individuals who may struggle with technology or cybersecurity concepts. It also means getting “real”. And cyber security awareness training companies aren’t going to do that, nor are their 2 dimensional employees, and most of them don’t have the ability to get down and dirty and speak “holistically” about life and security in the same sentence.

Encouraging computer users to engage in cybersecurity awareness training involves several strategies:

1. Relevance. Highlight the relevance of cybersecurity to their personal and professional lives. Emphasize how it can protect their data, finances, and privacy.

2. Interactive Training. Offer engaging and interactive training modules that include simulations, quizzes, and real-life scenarios to make the learning experience more enjoyable and practical.

3. Incentives. Provide incentives such as certifications, badges, or rewards for completing cybersecurity training. Recognition for their efforts can motivate users to participate.

4. Customization. Tailor training content to the specific needs and interests of different user groups. For example, employees in finance may require different training than those in marketing.

5. Regular Updates. Keep the training content up-to-date with the latest cybersecurity threats and best practices. This demonstrates the importance of ongoing learning in an ever-evolving digital landscape.

6. Leadership Support. Gain support from organizational leaders and managers to promote the importance of cybersecurity training. When leadership emphasizes its importance, employees are more likely to prioritize it.

7. Accessibility. Make training accessible by offering multiple formats such as online courses, in-person workshops, and mobile-friendly materials. This accommodates different learning preferences and schedules.

8. Feedback and Support. Provide avenues for users to ask questions, seek clarification, and provide feedback on the training materials. Addressing their concerns and offering support can increase engagement.

By implementing these strategies, organizations can create a culture of cybersecurity awareness where users are motivated and empowered to protect themselves and their data online.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

The Software Patch is a Nuisance and a Necessity

Valentine’s Day kicked off a big week for software patch fans, as Apple sent out a patch for its operating systems and Microsoft pushed a flurry of patches for Windows.

The Software Patch is a Nuisance and a NecessityIf you are not a software patch fan, you should be. The seconds you spend patching work and personal devices can save thousands of dollars and dozens of hours cleaning up from cyber criminals who exploit vulnerabilities. Yes, patches are a nuisance and more common than most would like them to be, but they are also a necessity if you care about cyber security.

Why Do I receive so many software update requests?

Responsible software makers continually evaluate threats to their systems and issue software patches to fix them. Apple was tipped off to a flaw in its operating systems that could allow hackers to install and execute code on an unpatched device. This patch fixed what is known as a Zero-Day Flaw or Zero-Day Exploit, which is a flaw that exists in software when it ships. Hackers carefully review every new piece of software to find vulnerabilities in security, as do researchers familiar with vulnerabilities. Apple issued its software patch in response to findings by a researcher who recognized the potential risk.

Microsoft, as usual, is furiously patching its most recent Windows release to close 75 security gaps, including some that would allow a hacker to bypass Windows malware filters or access system functions.

Patching Protects Against Phishing

Everyone who uses Windows or iOS should apply these software patches immediately. Doing so, on personal devices as well as work-issued devices, delivers two real benefits. First, it blocks a potential risk to cyber security that is known to and in use by criminal hackers. Second, it nullifies some phishing attacks by making it impossible for hackers to deliver malicious software.

The exploits patched by Apple and Microsoft may require users to visit a compromised website or download software that can exploit the known vulnerability. A software patch removes the vulnerability, so even if an employee clicks on a compromised link, the hacking attempt fails.

Every business should make software patches mandatory for all personal and work devices, particularly personal smart phones and laptops, which may access business WiFi or networks when employees come to the office. Software patches are usually sent out by software manufacturers automatically, but users may find them a nuisance and ignore them. Businesses can assist with updates by emailing staff when security patches are sent out. Ask employees to update their devices and provide links to download sites and additional information from manufacturers.

Patches may arrive at inconvenient times and employees may consider them a bother, but they are an essential piece of overall cyber security. Be aware that failure to patch can violate a cyber liability policy or expose a business to government fines if an unpatched exploit leads to a data breach.

Installing software patches is good cyber hygiene and part of employee cyber security awareness. Protect Now has developed an employee training program that changes culture by changing the way employees consider cyber security. We go beyond concepts and hypotheticals to help employees understand their attitudes about cyber security and the need to apply the same standards they use in their personal lives to data protection in the workplace. Contact us online to learn more, or call us at 1-800-658-8311.

How are Guns Affecting Americans? The Stats Give Us Some Insight

Whether you are a gun enthusiast or hate guns, guns are here to stay. And while the Second Amendment pretty much guarantees guns will remain in America in perpetuity, it is unlikely the founding fathers would agree with the mayhem that is going on today.

All of this violence is happening at a time when many states are loosening gun restrictions with something called constitutional carry also known as a permit-less carry of a firearm. For those of us who are responsible, that’s great. This of course is a double edge sword for those who have significant mental health issues and the potential victims at the end of their barrel.

As reported in the Washington Post and elsewhere, “of course, semiautomatic firearms technology didn’t exist in any meaningful sense in the era of the founding fathers. They had something much different in mind when they drafted the Second Amendment. The typical firearms of the day were muskets and flintlock pistols. They could hold a single round at a time, and a skilled shooter could hope to get off three or possibly four rounds in a minute of firing. By all accounts, they were not particularly accurate either.”

Let’s take a look at some basic gun statistics in America:

  • There are 393 million guns out there
  • In 2020, 40 million guns were purchased – the highest number ever
  • 45,222 people died in the US from gun injuries in 2020
  • Between 2000 and 2020, there was a 40% increase in active shooter incidents
  • From 1998-2019 the USA had 109 Mass Shootings. Second in place for “wealthy nations” was France with 8 Mass Shootings.
  • Guns are now the leading cause of death for American children. 4,368 children and adolescents up to the age of 19 died from firearms in 2020, there were 4,036 deaths linked to motor vehicles.
  • From the New York Times “Where there are more guns, there are more gun deaths. Studies have found this to be true at the state and national level. It is true for homicides, suicides, mass shootings and even police shootings.
  • And: Stricter gun laws appear to help. They are associated with fewer gun deaths, in both a domestic and global context, while looser gun laws are linked with more gun deaths.
  • And: Over the past decade, the Anti-Defamation League has counted about 450 U.S. murders committed by political extremists.
  • And: As this data shows, the American political right has a violence problem that has no equivalent on the left. And the 10 victims in Buffalo this past weekend are now part of this toll. “Right-wing extremist violence is our biggest threat,” Jonathan Greenblatt, the head of the ADL, has written. “The numbers don’t lie.””

Many believe that people are becoming numb to the instances of gun violence, and it’s interesting to consider if there is a mass shooting in small town, would it affect a person in a high-rise in a big city. A group of researchers at Evolv and Equation Research surveyed over 2000 Americans to find out the answers.

 Gun Violence is Everywhere

 One of the most shocking things the researchers found…or perhaps not so shocking…is the fact that guns and shootings are truly everywhere.

According to the researchers and Security Magazine, 29% of people who responded said that they were in a location where a person unexpectedly shot off a gun. About 38% of those who replied also reported that they knew someone else who had experienced gunfire unexpectedly.

In both of these scenarios, the gunfire occurred either at a large gathering of people or in a nightclub/bar.

Why is this type of violence on the rise? There could be a few explanations. First, we have the COVID-19 pandemic and the lockdowns, which disrupted all of our lives. This includes the social services that people have access to that can lower violence and crime. The next could be the high-profile police killings in 2020, which spurred protests and put a damper on police-community relationship. Finally, of course, we have the rise in gun purchases.

However, there is also a growing feeling of distrust and discord, and Americans have greatly lost faith in the American institution. The country is deeply divided politically, and it is believed that all of this has led to an increased murder rate, more mental health issues, and even problems with more confrontations between strangers.

Americans are Nervous 

The American Psychological Association has reported that Americans, overall, have a lot of anxiety and stress since March of 2020. Research shows that people are anxious about things like terrorism, shootings, and other forms of gun violence. In fact, about 81% of the people who replied to the study are anxious specifically about guns and 62% feel anxiety about going to a public place, especially a movie theater, nightclub/bar, or large gatherings.

For those who have plans to go to a live event in the next six months, around 46.2% of people reported that they were feelings anxiety about COVID-19, but 31% of them also say they have anxiety about shootings and 21% have concerns about terrorism.

The Threat of Gun Violence is Also Impacting Business

 In addition to general anxiety about gun violence, this research has shown that businesses are also impacted by gun violence.

 Almost 40% of people who were studied report that they have not gone somewhere because they had a fear or anxiety about guns. A lot of people also report that they have a plan in place or look for a way out when they go to a place where a mass shooting could occur. For instance, almost 63% of people report that they have a mental escape plan and check exits when they go to a movie theater. Almost 50% report that they do the same thing in a grocery store. More than 60% report that they have anxiety about going to a public place.

 People are Willing to Change Their Habits 

Just as it is important for people to understand how Americans feel about the rates of gun violence rising, it is also so important to understand what steps they may take in order to feel safe. Around 78% of people said that they would be okay to take extra steps at places where there is potential for gun violence. For instance, 57% of people said they would comply with weapons detection screening. Around 46% of people say they would be willing to have their bags checked, and 44% would be fine to check their guns at the door. It’s also important to note that 22% of respondents say they would not be willing to do anything.

 Businesses across the board have to keep all of this in mind and take some steps to create a plan to keep their patrons safe. This is a unique time in history, and as people around the world start to come back from the pandemic and enjoy life again, there is a lot of anxiety around what will happen as we go “back to normal.” The best thing to do is to make some new plans and protocols in order to keep up with any threats.

There are many solutions on the table geared toward preventing gun violence. Is it more rules and regulations? Stricter access to firearms? Will background checks solve the problem or only just a small part of it? Is the solution for every single person to have a gun? Smaller magazine capacities? The list goes on and on. At this point, the worst thing we can do, is nothing.

Peter Warmka, my cohost and retired CIA Spy and I discuss all of this in our podcast The Security Guy and CIA Spy.

What do you think? And whatever you put in the comment section, please be respectful.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Here’s How You Can… Almost…Delete Yourself Off of the Internet

Whether you like it or not, companies like Facebook, Google, and Amazon all have a ton of data about you, including social connections, health information, and things you like or dislike. These companies usually use this information for advertising and marketing purposes, other companies out there also are collecting information on you to influence you politically, and you probably don’t want them to have it.

Here’s How You Can... Almost...Delete Yourself Off of the Internet

The bad news is, that it is next to impossible to totally delete yourself from the internet. Keep in mind that if your data has been hacked, such as usernames and passcodes on sites that were breached, that data will live on the dark web forever. Check if your email, as a username was compromised on my site here: https://protectnowllc.com/hacked-checker/ The good news, however, is that you can remove a lot of your data if you put a little time and effort into it. Here are some steps to follow:

Opt-Out When You Can

You probably wouldn’t be surprised to know that collecting and selling consumer data is a big industry. In 2019, Vermont passed a law that required any company doing business in the state and buying and selling third-party info to register. More than 120 companies went through the process, and they collect information such as names, DOBs, addresses, education level, buying habits, and yes…. even Social Security numbers.

Some of these companies might be familiar to you — Oracle, Equifax, Experian, Acxiom, and Epsilon are some of them. There are data brokers that allow people to opt-out of this type of data collection, but it can be difficult to figure out how to do it. You may have to fill out a form online, send them an email, or even send in other identifying information.

There is an organization that can help – it’s called the Privacy Rights Clearinghouse. Here, you can access a database of more than 200 different data brokers, and you can see information on whether or not you can opt-out. You can also take a look at YourDigitalRights to get opt-out forms for the top 10 biggest data brokers.

Ask Google to Remove Your Personal Info

Another thing that you can do is to ask Google to remove your personal contact info from search results. You can remove your home address, your phone number, and your email address.

You can get started with this by going to this Google Support site to begin the process. Here, you can submit up to 1,000 URL’s that include information about you, and it will be removed from Google search results.

This doesn’t happen automatically. The company will review the request, and then contact you if more information was necessary. Once everything is in place, Google will let you know if it will approve the request. Some things, like public record or news articles, will not be removed, and people can still find this information by searching a name.

Also, keep in mind that just because your information is removed from Google, there are other search engines out there.

Get Rid of Old Accounts 

If you really want to minimize your online presence, deleting any accounts that you no longer use can be a real help. Did you have an account on MySpace? Try to delete it. Did you blog on Tumblr during high school? Scrap it.

Though it’s easy to delete a lot of these old accounts, it’s also pretty time-consuming. Start by making a list of any old accounts you can remember, and then go through them one by one. You will have to go to each site, and then figure out how to log in and then delete the account. To make things easier, you can use a site called Justdelete.me, which will point you to the page where you can start the process.

You also might want to search for your name, email address, or other information to see what comes up. If you see posts that come up, you may be able to contact the site administrator to remove the information.

Clean Up Your Online History 

If you don’t want to delete old accounts, that’s totally fine. However, you can still clean up some of the old data that may be stored online. For instance, your Twitter or Facebook timelines may have old messages on them that you don’t want to get out in public. You can also do similar with your email account.

Data that is posted publicly, like text or photos, is much more easily found than other information, but make sure prior to deleting, that you are backing these things up if you may want to ever access it. Almost all social media platforms have a backup option in settings that you can use to do this.

For those who want to get rid of old tweets in bulk, Twitter doesn’t let you do that. However, other programs like TweetDelete and Tweet Deleter will get rid of it. It’s not free, however, but once you do it once, at $5.99 a month for Tweet Deleter, you can cancel after that first month. Also, remember, that when you give third-party service access to your account, they can access information that is within those accounts, like direct messages. Alternatively, if you don’t use your Twitter account, just delete it.

Facebook posts are a bit different. Google, for instance, won’t post information from individual Facebook posts online, but if you want to do the most possible to remove your history, you can go into your account and delete them. You can make it a bit easier by checking out the Activity Log, and then choosing what you want to delete. Alternatively, if you no longer use your Facebook account, you can delete it.

Pay Someone to Do It 

Of course, there is a market for anything, and if you don’t want to spend the time to do all of this yourself, you can definitely hire a company to do it for you. These third-party data removal companies will do the time-consuming job of removing your data from the internet. Some, like DeleteMe, can attempt to remove the data from brokers who are selling your info. Others, like Jumbo, can give you an alert when there are data breaches that your accounts might be a part of, or it can be set to delete social media posts after a certain period of time.

Preparing for the Future 

As you can see, it’s probably possible to remove some of your information, but once a lot of it is out there, it’s nearly impossible to remove it all. However, the future is yet to be written, so there are some things that you can do to protect yourself in the years to come.

First, consider what type of information you really want to put online. When you sign up for a new account, consider what type of information you are comfortable sharing, and if you can, consider using a burner email account. This is an account that you can use to sign up for new accounts that are different from your actual email account. That way, when you start getting all of the spam, it goes to this account, and not your main account. Additionally, if this account gets compromised, it’s not a huge deal, assuming there is no identifying information kept in it.

You also might consider not using the “big guys” for your online browsing. For instance, you can choose a web browser that is not Chrome or Safari-like Brave, or a search engine that isn’t Google, like Duck Duck Go. You also should truly understand what type of information is shared by the apps or programs you are using.

Finally, you need to talk to your family and friends. If you really want to be invisible online, then you should make sure everyone knows. Most people will be considerate of your request. It’s a respect issue these days, and there could be many reasons why you don’t want your current location or photos of yourself posted to social media sites. Tagging you in things should also be avoided.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Be Aware of These Safe Travel Security Tips

Covid seems to be on the downswing (hopefully). Airlines are reporting record-breaking bookings. There are a number of travel security considerations to be made when traveling domestically and even more when internationally.

Rental Cars

Be Aware of These Safe Travel Security TipsIf you are planning an upcoming vacation or a business trip, you might be thinking about renting a car. “Smart Cars” are all the rage, and they connect to the internet. You get Bluetooth, navigation, hands-free calling, live-streaming, and much more. In fact, if you have a fairly new car, yourself, you probably already have some access to these features. You probably connect your devices to your car, too, so that you can stream music, text, make phone calls, etc. This is no issue because it’s your own car, and only you and your family are using it.

Now, think of this. You have your devices, you are on vacation, and you have a rental car. So, you connect, just as you do at home. But what you don’t realize is that your personal information is now on the car, and the next person who rents it might be able to access it.

I travel a lot, and I rent a lot of cars. There has not been one car that I can think of that hasn’t had information about previous renters in it, and that’s pretty scary. I could even access their address book information in some cases.

Even if all you want to do is listen to Pandora or something, connecting to the rental car might still store data onto the car, including where you are driving. This might not seem like a huge deal if you are on vacation, but what if you have a rental car at home? The person who rents the car next can access your home address, your workplace, where you shop, etc.

The vehicle can also store your phone number and your text logs, too. Again, this can get into the hands of the wrong people unless you know how to delete them.

As you can see, there is more to auto safety than simply putting on your seat belt and refraining from texting and driving. If you are connecting to a smart car, the person who drives it next could learn so much from you; information that you certainly don’t want people to know.

Do This, Not That 

Here are some tips you can use the next time you rent a car:

  • Don’t use the USB port on a rental car to charge your phone. It can transfer data to the car. Instead, buy a cheap adapter and use the cigarette lighter.
  • Check up on the permission settings of your devices. If the infotainment system allows you to choose what is sent, only give access to things that are necessary.
  • Before you turn the car on, make sure to delete your phone from the car’s system.

Will your identity get stolen as soon as you connect your phone to a smart rental car? Probably not, but by connecting it and not deleting the data, you could run into some security and privacy issues down the road, including identity theft. Be smart, and don’t put yourself in a situation where someone else might get access to your personal information.

Everything Else

Some thieves specialize in hanging around tourist spots to spot the tourists and make them victims of hands-on crimes such as purse snatching or a mugging. But don’t wait till you’re aimlessly wandering the piazza with your face buried in a huge map to take precautions against less violent forms of crime.

  1. Before traveling, make copies of your driver’s license, medical insurance card, etc., and give these to a trusted adult. Have another set of copies in your home. Scan them and email them to yourself.
  2. Never post your travel plans on social media until you return. You never know who’s reading about you.
  3. Before departing from home, make sure your credit card company and bank know of your travel plans.
  4. Clear your smartphone or other devices of personal data that’s not essential for your trip.
  5. Travel on a light wallet. Take two credit cards with you in case one is lost or stolen. Have with you the phone numbers for your bank and credit card company, just in case.
  6. Avoid using Wi-Fi in coffee houses, airports, and other public areas other than just catching up on the news. Use a VPN. Google it.
  7. When traveling internationally, read up on the safety of food and water and get whatever shots you may need.
  8. Never give your credit card number to the hotel staff (or at least, anyone identifying themselves as hotel staff) over the phone in your hotel room. The call could be coming from a thief posing as hotel staff telling you they need your number again.
  9. Never leave anything out in your hotel room that reveals personal information, such as a credit card receipt, passport, checkbook, medical insurance card, etc. If the room does not have a safe, then have these items on you at all times.
  10. Use only an ATM that’s inside a bank, never a free-standing one outdoors somewhere. Cover the keypad with your other hand as you enter the PIN to thwart ATM skimmers.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Survival Tips When You are Lost in the Woods

It’s that time of the year again. And getting lost in the woods is NOT fun and sometimes deadly. But you have a chance if you are lucky and have a clue. A hiker from Hawaii, was found alive after being lost in the wilderness for 17 days. Though it might not seem likely that it could happen to you, it could really happen to anyone. So, it’s important that you know what you should do if you get lost in the woods. The Hawaii did a lot right, according to sources, and it saved her life. She was able to find fruit, like berries and guava, and only drank water when she could see that it was absolutely clear. On top of that, though she got a terrible sunburn and hurt her knee, she was able to nurse herself back to relative health.

If you are injured or lost, it is imperative that you know how to survive in the woods. Most people don’t understand that even though you should be waiting to be rescued, you have to keep yourself alive, too.

Here are some tips to help you survive if something has you lost in the wilderness:

First, Stop and Breathe

As soon as you realize that you are lost, remember to stop…and to STOP. This is a mnemonic term meaning:

  • Stop – stay where you are, sit down, and don’t panic.
  • Think – what the right thing to do might be depends on your situation and location. According to the US Forest Service, it is best to stay where you are until you absolutely need to move.
  • Observe – Look around and try to get some information about where you are. Think about supplies you might have like a map or a compass. Are there any signs that you are near a trail or an intersection?
  • Plan – Finally, make a plan about what your next course of action will be. You may want to move forward, you might want to backtrack, or you might think it’s best to stay right where you are.

Think Ahead

Now that your realize you are lost, it’s too late to make a plan on how not to get lost. However, since it’s very likely that you are not currently lost, (and if you are, and reading this, stop and call 911) take some time to consider the following:

  • Always tell people where you are going. If you are going on a hike, for instance, tell a friend or family member where you are planning on going.
  • Bring essential survival gear like sunscreen, bug spray, first-aid supplies, a flashlight, and even an emergency shelter.
  • Do everything you can to make sure you can communicate if you have an emergency. Go out with a fully charged cell phone, and if you can, bring a backup battery. If you go deep out into the wilderness, consider an emergency GPS beacon, too.

Understand How the Rescue Process Works

If you do need to be rescued, you should understand how the process works. Most people think it’s like the movies. Your loved ones call the police, and they immediately start to search. However, that’s not really the case.

Most often, the cops get a call from the person who is reporting you missing. They will then start gathering information as a lot of people simply run off.

If they do believe that you might be lost, only then will they start looking. If you have used your cell phone, they can try to use cell towers to pick up a signal. They can do that even if your phone is turned off. Authorities will also get a description of you, including where you might be and what you wore.

The good news is this: approximately 97 percent of those who get lost are eventually recovered within 24 hours of going missing. However, the odds of a better outcome go down the longer you are out there. So, make sure you are well-prepared.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Is Your Uber Driver a Criminal?

Do you ever Uber? If you do, you probably feel relatively safe when getting into a stranger’s car. However, you might not be as safe as it seems.

Most people believe that Uber does thorough background checks on its drivers, but that’s not totally the case. Recently, there have been a number of cases where Uber drivers, who have been accused of crimes when on the job, actually have a record and several run-ins with the cops.

Simply doing a quick Google search for “rideshare assault” provides way too many search results of recent stories of sexual assaults and otherwise, perpetrated by drivers. There’s simply no shortage of predators behind the wheel.

In South Carolina a college student got into a car she thought was her Uber, police say. She was found dead in a field. I was asked to discuss this on CNN. When you watch the video on rideshare murder, you will clearly see how upset I was, and frankly, still am.

CNN took a look at Uber, and its competitor, Lyft, and the report found that both of these companies approved the hire of thousands of drivers who have records. Uber did respond to this report, and it says that it knows that there were some hiring mistakes previously, but the company has worked hard to improve the way it hires. In 2017, the company claims, it rejected over 200,000 applicants because of issues found during a background check.

A number of state and local law enforcement organizations have pushed the ride-sharing companies to put more of a focus on who they are hiring. Right now, for example, they don’t fingerprint applicants, nor do they do any type of Federal background checks. Instead, Lyft and Uber both use third-party background check companies. It uses the Social Security number and name of potential drivers to check the national sex offender database, terrorist databases, and local court records. The goal is to get people on the road quickly, so not a ton of time is spent on this.

At this point in time, there are over 40 states that require screening for ridesharing services. But these laws don’t require the companies to screen in a certain way or to use a specific company. Instead, 42 states allow rideshare companies to take this on by themselves. Massachusetts is one state the requires an additional check in addition to the regular background check, and New York City requires that all drivers for ridesharing companies get their fingerprints taken.

It is also important to mention that just because a company does finger printing along with background checks, this isn’t foolproof. The FBI system that is accessed actually has an incomplete record system, and it really isn’t meant to be used like this.

If you use Uber, keep all of this on your mind before you take your next ride. Yes, there is a simple background check that is done, but that doesn’t mean your Uber driver isn’t a criminal.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

The First Step to Secure Your Data

Your personal information and data are literally everywhere for criminals to target, and there isn’t much you can do to keep it from spreading. You use your email credentials on countless websites, you use your credit card number with countless vendors, and, believe it or not, your Social Security number is shared rapidly immediately after you’re born.

It’s almost impossible to give out your personal information nowadays. However, criminals know this, and they lurk around the same places that your information is used. You need to take action to secure your information so you are less of a target. Let me show you one simple step you can take today that will create one layer of security and improve your defenses.

There is one specific action you can take to secure your information, and after you do it, you’ll be much less likely to be targeted because criminals tend to take the path of least resistance. That said, if you DON’T do this action today, you ARE the path of least resistance.

All you have to do is set up a credit freeze. There are four major credit bureaus in the United States, and you need to get a credit freeze with them. Just use your preferred search engine and look for Experian credit freeze, Equifax credit freeze, TransUnion credit freeze, and Innovis credit freeze. You should freeze your credit with all four, but you should still review your annual credit reports. More importantly, you should dispute discrepancies with the appropriate bureau AND the lender. Getting a credit freeze won’t gum up your credit score or make it so you can’t use credit. You are able to “thaw” the frozen credit as needed and then freeze it again. You can literally do this in a single day. Then you’ll want to put more layers of defense in place to become an even harder target than the other guy.

A credit freeze will secure your information, but setting up multiple layers of defenses is really what will make you a hard target. Criminals are constantly probing defenses, and even while technology advances, crimes against your data are usually ahead of the curve. You don’t need to know everything about security, but you do need to take on the responsibility of protecting yourself. I’ve created a free guide that will make you a pseudo expert on your own security, and if you follow it’s simple steps, you will have more layers of defense than the average person. If you want to create even more layers of defenses, bring this guide to my next webinar, and I will walk you through each step so you can rest assured that you are creating a smart, secure, safer “me.”

It Should Be Illegal for Teen Girls to Give Rides to Strangers

https://safr.me/webinar/  | Robert Siciliano is the #1 Security Expert in the United States with over 25 years of experience! He is here to help you become more aware of the risks and strategies to help protect yourself, your family, your business, and your entire life. Robert brings identity theft, personal security, fraud prevention and cyber security to light so that criminals can no longer hide in the dark. You need to be smarter than criminals yesterday so that they don’t take advantage of you today! If you would like to learn more about Security Awareness, then sign up for Robert’s latest webinar!

_______

If only. But that’ll never be.

Brandi Hicks, 17, and her high school friend, Liz Reiser, exited a video store at 9:30 pm, where they were approached by Matthew Vaca, a creepy acting stranger.

He asked them for a ride to his house. At first they refused, but then he offered $20 for gas. The ID Channel re-enactment portrayed Vaca as stating that his home was “just down the road,” that he had been “walking all day,” and that he wanted to get home before his kids went to bed.

The girls were sold and told him to get into the backseat.

What Brandi, the driver, should have done: Refused, possibly gone back into the store (with Liz) until Matthew left, or possibly asking the store manager to call the police.

The “down the road” seemed nowhere in sight as Matthew told Brandi to keep driving. Then he told her to pull over. He got out, during which the girls really began feeling fearful, discussing whether or not they should just leave him.

What Brandi should have done: Left him.

But Matthew got back into the car, and shortly after, threatened her with a gun, directing her to take the car into a wooded area.

He ordered both out, took Brandi’s shoelaces and bound her to the steering wheel, then ordered Liz to go off with him, eventually stabbing her to death.

He returned for Brandi, untied her and led her away, beating her, then using a shoelace to strangle her (it’s not known why he didn’t have the knife).

What Brandi should have done during the strangulation: Play dead.

What Brandi did: Play dead!

Faking death, she was pushed into a nearby river, and somehow while Matthew loitered nearby for an hour, pretended to be dead while floating in the water.

Once he was gone, she climbed to land and flagged down the first car she saw, which was a police officer’s.

We need to track back to the beginning, because once in the woods, victims don’t have too many options unless they are trained in self-defense tactics.

If you’re ever tempted to give a stranger a ride because he’s giving a story (“I’ve been on my feet all day”), remind yourself of some facts:

  • If he’s able-bodied and lives “down the road,” he doesn’t need ANY ride.
  • If he appears injured or sick, call him a cab, especially if he has $20.
  • If you refuse him a ride, what’s the worst that could happen to him if he’s truly harmless? Aching feet.

Bottom line: Under NO circumstances give a stranger, including a female, a ride. If she looks pregnant, she could be using pillows. Women, too, can be vicious.

Matthew Vaca will die in prison.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.