Father nabs Daughter’s Kidnapper

So if your family goes to bed, and a sociopath walks in at 4:30 in the morning (because you left a door unlocked!), and grabs your child while you’re asleep …you’d better hope your guardian angel is on steroids.

2BAn Associated Press article reports that a Utah man managed to rescue his 5-year-old daughter as an intruder was carrying her across the lawn after kidnapping her at 4:30 am.

The parents left a door unlocked! The father never heard screams, but was a light enough sleeper that he heard the front door opening, then heard the child talking.

The time lapse between when the front door opened and when the father caught the intruder outside is not clear. But there was enough time for the sociopath to get into the girl’s basement bedroom, pick her up, exit the house, and make it partway across the front lawn before dad came out and demanded he hand her over to him. The intruder did so, then fled. If dad had been a few seconds delayed…this could have been another “missing child’s body found” story.

The intruder is Troy Morley, 48. He was stupid enough to break into another house shortly after this incident, just a few blocks away, entering through a doggie door. Good thing he wasn’t bright enough to figure that a doggie door means a dog lives there and will start bark its head off at his presence.

And yes, that’s how the house’s owner knew he was there; the dogs barked. By this time, police were already nearby searching for the scumbag, and a police dog bit him in the shoulder after the house’s occupants called out for help.

Police said that the attempted abduction was random and still don’t know if Morley knew ahead of time a little girl lived there, or if he decided to kidnap her on a whim upon discovering her bedroom while looking for things to steal.

Though one account says that the little girl was “talking,” a neighbor says that her younger sibling heard screams. The girl’s family is keeping a low profile and trying to get on with their life as normally as possible. No doubt, the parents will never go to bed with an unlocked door ever again.

It took this incident to inspire a couple down the street to consider a home security system. April Parry has three kids and says in the AP article, “That is your biggest fear as a parent.” But don’t wait till someone tries to abduct a child down the street to get an alarm system! Get one NOW. Sociopaths aren’t waiting for you to get smart.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

6 Survival Tips for Being Lost in the Woods

Some may remember the James Kim case out of Oregon in December 2006. Kim inadvertently chose an old logging road while driving home, getting lost in the woods. He left his wife and two young kids in the vehicle while he sought help, promising to return by early afternoon. He never did and his body was found in a creek. Based on snow tracks it was determined he walked practically in the same loop over and over for 16 miles. Awful.

1MHere are no-nonsense, easy tips for surviving mentally and physically if you ever become lost.

  1. Once you realize you’re lost, assess for injuries or situations that interfere with life sustenance. This assessment is ongoing because it includes avoiding doing anything that could interfere with breathing, blood flow, consciousness, you know, life.
  1. Next is think and observe. Where are you? What landmarks did you spot prior? How did you get here? Assess the environment: Hot? Cold soon? Darkness soon?
  1. Get logical, not emotional. Admit you’re truly lost. If you have an idea from where you came, backtrack mentally for clues, e.g., if you see wet mud on the trail where you think you came, check if your shoes are muddy. Think before you wander.
  1. Inspect your inventory. Maybe you have something that could help like a sharp tool, whistle, cellphone. And, how much water do you have? Sip in small amounts when thirsty, and limit exertion.
  1. It’s time to plan. Once you decide to find your way back, leave trail markers. But don’t budge unless you’re 100 percent sure you know the way out. It’s safer to stay put in your lost spot and wait for rescue than do what James Kim did (rescuers eventually found his vehicle and his unharmed family).
  1. What about food? Don’t panic (cavemen certainly didn’t; long fasts were a way of life). The body can go up to three weeks without food (but only two or three days without water; less in scorching heat).

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Risk Reduction: #1 Concern of Bank Boards

The Bank Director’s 2014 Risk Practices Survey reveals some very interesting information about the risk management programs that bank boards have in place.

11DIt’s classically challenging for many banks to assess how risk management practices affect the institution. However, banks that have worked at measuring the impact of a risk management program report favorable outcomes on financial performance.

Survey Findings

  • 97 percent of the respondents reported the bank has a chief risk officer in place or equivalent.
  • 63 percent said that a separate risk committee on the board oversaw risks.
  • 64 percent of banks that have the separate risk committee reported that the bank’s strategic plan plus risk mitigation strategies got reviewed; the other 36 percent weren’t doing this.
  • 30 percent of the respondents believed that the bank’s risk appetite statement encompasses all potential risks.
  • Of this 30 percent, less than half actually use it to supply limits to the board and management.
  • The survey found that the risk appetite statement, risk dashboard and the enterprise risk assessment tools aren’t getting fully used.
  • And only 30 percent analyze their bank’s risk appetite statement’s impact on financial execution.
  • 17 percent go over the bank’s risk profile monthly at the board and executive level, and about 50 percent review such only quarterly; 23 percent twice or once per year.
  • 57 percent of directors believe the board can benefit from more training in the area of new regulations’ impact and possible risk to the bank.
  • 53 percent want more understanding of newer risks like cyber security issues.
  • Senior execs want the board to have more training in overseeing the risk appetite and related issues.
  • 55 percent believe that the pace and volume of regulatory change are the biggest factors in leading to risk evaluation failures.
  • Maintenance of data infrastructure and technology to support risk decision making is a leading risk management challenge, say over 50 percent of responding bank officers, and 40 percent of survey participants overall.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

How to safely and securely recycles Devices

Don’t just throw out your old devices; take measures to protect your personal information.

13DBack Up

Before ridding your device, back up everything on it—everything. Use an automated PC service and/or a flash drive. For the iOS and Android, activate Apple’s iCloud or the Google Auto Backup service.

Wipe

Wiping refers to removing all your data. Simply hitting “delete” or reformatting the hard drive won’t do. I purchased 30 used computers off Craigslist, scoured their hard drives with a forensics expert, and discovered that half of the devices—that had been reformatted—still had personal information.

To wipe Windows PCs, you can use Active KillDisk. For Macs, use the OS X Disk Utility or WipeDrive. “A factory reset should be enough to secure most recent smartphones, provided that you remove any SIM cards that could contain personal info. To be super safe, use Blancco Mobile to wipe the iOS or Android.

Destroy

If you can’t wipe the device, destroy it if you don’t plan on donating or reselling. For example, I recently recycled a laptop that was missing its power supply, so there was no way to turn it on and wipe the disc. Instead I removed the hard drive with a screwdriver, and then took a sledgehammer to it. (Aside from protecting my personal data, it was also a lot of fun.)

Recycle
Ask the recycling company just who does the downstream recycling so that your e-waste doesn’t find its way into a foreign landfill. Make sure the company is part of R2 (Responsible Recycling) or e-Stewards certification programs.

Keep Records

Make sure you document donations with a receipt so that the IRS can give you a little return.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Be your Family’s Chief Security Officer

Schlage is all about safety and security. But you need not be in the profession of security analyst to be vigilant about your home and family’s security. And when it comes to security, this doesn’t just mean protection from home invasions and burglaries, but anything and everything, such as online security and guarding against viruses, hackers and other fraudulent invasive cyber crimes that can really mess things up for you or a family member.

1HBe your family and home’s Chief Security Officer, even if your job outside the home is unrelated to security measures. Make sure everything is safe and sound inside your home. This includes child-proofing the house; senior-proofing if there are elderly occupants; and just in general, making the environment safe—e.g., cleaning up spills on the floor to prevent a disastrous fall.

I won’t lie: This kind of vigilance requires a lot of thought to get it rolling. It’s not second nature to many people, but they can work on that element and improve over time so that it’s automatic to put the alarm system on when going to bed.

You must be fierce so that fires don’t start in your home, and so that you don’t end up in the news as a victim of a crime.

Sometimes, a person’s greatest enemy is themselves. So you have all the windows penetration-proofed, triple bolts on all the doors, maybe a protection dog and an extensive video surveillance system…but one second…you get lazy and don’t lock your doors and after you leave and you took the dog with you, then some bad guy chooses your home simply because he saw you leave. Locking your doors, that little extra effort might have saved all kinds of heartache.

So it takes a little extra time to create a safety system, and then stick with it, to prevent bad things from happening. If you can’t make time for safety and security, you’ll have to make time for catastrophe. When you make security a habit, it really doesn’t require that much effort after a while. Lead your family and home as its Chief Security Officer.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Top Security Techniques That Work For The Masters

Banks know security just about better than anyone. Find out what they can teach you about safeguarding your small business.

8DSecurity is a journey, not a destination. This is a security industry axiom that means we can strive for security, and by making this effort, we can put ourselves on a path to security. But while we may achieve a relative degree of security, our businesses will never be 100 percent secure—the destination we all strive for. Even Fort Knox, the White House and the New York Stock Exchange are vulnerable.

But that doesn’t mean we shouldn’t strive to reach our destination. In order to protect our businesses, we can apply strategies that significantly reduce our risk level. One of the best security techniques is layering. Layers of security make a criminal’s job more difficult, as they are forced to address all the vulnerabilities in our business.

Helen Keller once said, “Security is an illusion; life is either a daring adventure or nothing at all.” Her quote has significance, although it’s not entirely accurate. That’s because security is part illusion and part theater. The illusion, like a magic act, seems believable in many cases.

Security theater, on the other hand, refers to security intended to provide a sense of security while not entirely improving it. The theater gives the illusion of impact. Both play a role in deterring criminals, but neither can provide 100 percent security, as complete security is unattainable. Hence, security is a journey, not a destination.

Banks know security, both the illusion and the theater. They have to, because robbers target these buildings daily. Because banks want to promote a friendly and inviting environment, consumers are mostly oblivious to the various layers of security that financial institutions utilize to protect their bank accounts. And that’s not a bad model to follow.

What Banks Know About Security

Banks have multiple layers of security. The perimeter of most banks are often designed to include large windows, so passersby and law enforcement can easily see any problems occurring inside. The bank’s doors also have locks. There is, of course, an alarm system, which includes panic buttons, glass-break detectors and motion sensors. These are all layers, as are the security cameras, bulletproof glass and armed guards. Ideally, the tellers and members of management should have robbery-response training. Many banks also use dye packs or GPS devices to track stolen cash.

All banks have safes, because banks know that a well-constructed safe is the ultimate layer of security. A safe not only makes it extremely difficult for a bank robber to steal the bank’s money, but it also protects the cash in the event of a fire.

And then there are the multiple layers of computer security. The basics include antivirus, antispyware, antiphishing and firewalls. However, there are numerous additional layers of protection that monitor who is accessing data and why, and numerous detectors that look for red flags which indicate possible identity theft.

Banks also recognize that a simple username/password is insufficient, so they require their clients to adopt multifactor authentication. Multifactor authentication is generally something the user knows, such as a password or answers to knowledge-based questions, plus something the user has, such as a smart card, token or additional SMS password, and/or something the user is, such as identification through a biometric fingerprint, facial recognition, hand geometry or iris scan. In its simplest forms, multifactor authentication occurs when a website asks for a four-digit security code from a credit card or installs a cookie on your machine, or when a bank requires a client to add a second password to his or her account. Some institutions also offer or require a key fob that provides a changeable second password (a one-time password) to access accounts, or it might require a reply to a text message in order to approve a transaction.

Every layer of protection the bank adds is designed to make it harder for a criminal to get paid.

Consider a layered approach for your small-business security plan. Think about the current layers of business protection you have in place, and then consider how many more layers you might want to install to ensure a seamless customer experience and a security-minded culture.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

11 Tips to Hotel Safety and Security

Can you name 11 tips for hotel safety and security? How about just five?

4HHave you ever walked down the hallway of a hotel and passed by rooms with doors left wide-open by cleaning staff? Ever thought of how easy it would be to enter and pretend the room is yours? Imagine what you could steal.

This is why a hotel that takes security seriously will be very strict about whom is issued an electronic key to rooms, and will issue regulations regarding housekeeping tasks. In more remote hotels or those in less developed countries, the hotel staff itself may be the thieves.

Nevertheless, whether you’re in the ritziest hotel or the shoddiest dump, Schlage locks wants you to know there’s a baseline of precautions you should take.

#1. Never leave valuables in your room unless you’re present. If you must, use the hotel safe and be sure to get a receipt.

#2. When in the room, keep the door locked, including the chain feature.

#3. Always use the peephole before opening the door.

#4. If you anticipate the door won’t have a lock (such as in a foreign country), bring along a traveler’s door lock, a motion detector that you hang on the knob that sounds when the door opens, and/or a doorstop alarm—it wedges against the door’s base.

#5. Don’t open the door to strangers.

#6. If the “stranger” claims to be a hotel service person, call the front desk for verification first.

#7. Consider have all food deliveries made to the lobby. This isn’t convenient, but it’s safer. You never know if the delivery person is actually a predator looking for a target. Men should also practice this procedure; men can be targeted for violent crimes too. The delivery person may also case you as a potential target later on.

#8. Be mindful of what you leave outside your door. E.g., what appears to be leftovers from one person’s meal, indicates you’re alone.

#9. Before going to bed, double check all possible entry points.

#10. Make people think you’re there when you’re not: Place the “do not disturb” sign on the door—after you put the TV on loud. But first make sure this won’t coincide with maid service.

#11. If your hotel wants you to turn your key in when you go out, keep the key so that nobody knows you’re out.

Robert Siciliano home security expert to Schlage discussinghome security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Windows XP not dead yet—but users Beware

Would you reasonably expect success when attempting to drive cross country in a 1975 Pinto with balled tires, no brakes, dried cracked belts and with already 250k on the motor? You might if you didn’t stop and think about things.

winxpThe same is true of an individual or a business who’s still using a Windows XP operating system on devices that have even 1 megabyte of sensitive data. You cannot reasonably expect security with one of the most hacked operating systems in existence.

But I digress. Fret not, there’s temporary hope yet for Windows XP procrastinators: Microsoft is extending support into 2015. It was previously believed that April 8, 2014 was the end of the world for support towards MS Security Essentials, System Center Endpoint Protection, Forefront Endpoint Protection and Forefront Client Security.

This meant that on that date, new malware signatures plus engine updates to XP users would cease, even though updates for the same software that was running on Windows Vista would continue to be provided.

However, a recent blog post by Microsoft’s Malware Protection Center notes that XP users will continue receiving support—but it won’t last long: July 14, 2015 will be here before business owners know it.

With hackers swarming in like killer bees, knowing that XP’s support’s days are limited, XP users must stay in heavyweight mode for any attacks. Thieves can even use new security updates for Windows Vista (and later) as a guide to hacking into systems running on XP.

Anti-malware solutions aren’t very effective on operating systems that lack support, and hackers know this. But more alarming is that fewer users, including business owners, are ready to accept this or even have a clue about it.

After all, it’s estimated that almost 30 percent of all the personal computers across the world are using Windows XP. Business owners and other decision makers of organizations need to overestimate just how risky it is to cling onto an old favorite rather than promptly switch to a new system that has stronger support.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Tightening up Security is Everyone’s Responsibility

Most information technology (IT) experts are very much unnerved by cyber criminals, says the biggest study involving surveys of IT professionals in mid-sized businesses.3D

  • 87% send data to cloud accounts or personal e-mail.
  • 58% have sent data to the wrong individual.
  • Over 50% have confessed to taking company data with them upon leaving a post.
  • 60% rated their company a “C” or worse for preparation to fight a cyber threat.

Here is an executive summary and a full report of the survey’s results.

second study as well revealed high anxiety among mid-size business IT professionals.

  • Over 50% of those surveyed expressed serious concern over employees bringing malware into an organization: 56% for personal webmail and 58% for web browsing.
  • 74% noted that their organization’s networks had been infiltrated by malware that was brought in by web surfing; and 64 percent via e-mail—all in the past 12 months.

The above study is supported by this study.

  • 60% of respondents believed that the greatest risk was employee carelessness.
  • 44% cited low priority given to security issues in the form of junior IT managers being given responsibility for security decisions.

The first (biggest) study above showed that about 50% of C-level management actually admitted that it was their responsibility to take the helm of improving security.

And about half of lower level employees believed that IT security staff should take the responsibility—and that they themselves, along with higher management, should be exempt.

The survey size in these studies was rather small. How a question is worded can also influence the appearance of findings. Nevertheless, a common thread seems to have surfaced: universal concern, and universal passing the buck. It’s kind of like littering the workplace but then thinking, “Oh, no problem, the custodian will mop it up.”

  • People are failing to appreciate the risk of leaving personal data on work systems.
  • They aren’t getting the memo that bringing sensitive data home to personal devices is risky.
  • Web browsing, social sharing and e-mail activities aren’t being done judiciously enough—giving rise to phishing-based invasions.

IT professionals are only as good as their weakest link: the rest of the employees who refuse to play a role in company security will bring down the ship.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Cloud Computing 101

A public cloud service can bring on five risks to a business. Here they are, and their solutions.

3DThe three A’s: authentication, authorization, access control. Here are some questions to ponder about a cloud service:

  • How often does it clean up dormant accounts?
  • What kind of authentication is necessary for a privileged user?
  • Who can access or even see your data?
  • Where is it physically stored?
  • Does your organization share a common namespace with the service (something that greatly increases risks)?
  • Are private keys shared among tenants if a data encryption is used?
  • Ask your cloud vendor these questions. Get answers.

Multiple tenants

There’s always that concern of data inadvertently slipping out to tenants who share the cloud service with you. One little error can expose your data and set you up even for identity theft. Breaches that can occur include: accessing data from other tenants from supposedly new storage space; and peering into other tenants’ IP address and memory space.

Virtual exploits

There are four chief kinds of virtual exploit risks: 1) server host only, 2) host to guest, 3) guest to host, and 4) guest to guest. Many cloud customers are in the dark about virtual exploits and are clueless about the vendor’s virtualization tools. Ask the vendor:

  • What virtualization products do you have running?
  • What’s the version currently?
  • Who is patching the virtualization host?
  • How often?
  • Who’s able to log into any virtualization host and guest?

Ownership

Here’s a surprise: Quite a few cloud vendors state in their contracts that the customer’s data belongs to the vendor, not the customer. Vendors like ownership because they get to have more legal protection should a mishap occur. They can also do other things with the data that can bring more profit.

  • Find out if the contract contains language referring to vendor ownership of data.
  • Learn what the cloud provider can do with it if indeed, they get ownership.

Fallibility

Even the biggest and best cloud services can become dismantled due to service interruptions, attacks or some miscellaneous issue with the vendor.

Funny, because a cloud provider typically insists it has superior, super-protected data backups in place. Be aware that even when a provider claims a guarantee for data backup, data can indeed get lost, even permanently.

  • Back up your data!
  • Require some language in the contract that entitles you to damages should your data become permanently lost.

Cloud services haven’t been around long enough for analysts to have come up with a predictable, clear model of all the possible risks, how likely they are, likeliness of security failures and how much, if at all, risks will negatively impact customers. And that’s just in general. Figuring this out for a particular vendor is even more vexing.

  • There are many unknowns, but at least you can work on minimizing them.
  • Obtain a copy of the vendor’s last relevant, successful audit report.
  • Seek out information from the vendor about prior incidents of tenant data problems.
  • Ask the vendor about its policy of reporting data compromises to customers.
  • Grind out just what the provider’s responsibility really is.

Robert Siciliano is an Identity Theft Expert an is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.