Posts

Security is Everyone’s responsibility

In the movies, the good guys always get the bad guys. In cyber reality, no such thing exists.

1DA survey of 5,000 IT security professionals turns up the following:

  • 63% doubt they can stop data breaches.
  • 69% think threats slip through the cracks of their security systems.
  • 57% believe their company lacks protection from advanced attacks.
  • 80% think their company’s leaders fail to connect the dots between a data breach and potential profit loss.

A survey of customers shows:

  • 59% are quite concerned about credit and debit card information theft.
  • 57% are very concerned about ID theft.
  • About 60% believe that a data breach involving their credit card or personal details would make them less likely to conduct business at a store or bank they usually use.

That last point leads to reputation smearing and loss of customer trust. But what about customer responsibility when it comes to security breaches? The “blame the customer” mentality seems more appropriate in the workplace when employees bring to work their own devices to assist in their jobs. This lets the data-breach cat out of the bag.

Though a significant percentage of employees have admitted (in surveys) to having a security problem with their device, a remarkably small percentage of these users felt compelled to report this to their boss. A very statistically significant number of employees who bring their devices to work haven’t even signed a formal contract that outlines security procedures. The bottom line is that taking security seriously is a rare find among employees who do the BYOD thing.

Another survey turned up an unsettling result: 76% of the 700+ consumers (who were affected by a breach) who were surveyed experienced stress from the event—but more than half didn’t even take steps to prevent ID theft afterwards.

Maybe this complacency can be in part explained by the fact that the losses from breaches are mostly absorbed by the companies involved.

The consumer, customer and employee need to step up to the plate and do their fair share of taking security measures seriously, rather than sitting back and letting businesses and banks take the entire burden.

It’s like getting attacked by a shark. Is the shark entirely to blame if the swimmer jumped into water near a sign that says “Beware of Sharks”? Then again, someone has to take the responsibility of putting the sign there in the first place…

All entities must pull together, stop finger pointing and accusing, and try to get a step ahead of the real villains.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

What is Criminal Identity Theft?

Identity theft gets all kinds of buzz in the news. It’s not hard to see why—in 2012, over 16.6 million Americans were victims of identity theft. What most people don’t know is that identity theft is much more than just stealing your credit card number. In other posts, I discussed how thieves use your identity to get free healthcare or your child’s identity to apply for credit. Today, I want to introduce you to another kind of identity theft—criminal identity theft—where the criminal uses your identity to make you look like the criminal.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Criminal identity theft involves impersonation and it’s the worst kind of identity theft and the hardest to clean up. You don’t want to end up like Jason Bateman’s character Sandy Patterson, in the movie Identity Thief, where his identity was stolen and used by another individual and he finds out because he owes a bunch of money and has a warrant out for his arrest.

Basically, a thief takes over your identity and assumes it as his or her own. But instead of using your identity to access your bank account or apply for a credit card, the thief uses your identity to commit crimes and get off scot-free.. How? They can give your personal information (like your name, identification number, or date of birth) to law enforcement officials during an investigation or an arrest. They could also use your information to create fake identification for themselves.

Criminal identity theft can lead to a very nasty headache for you. A thief could get caught for a traffic violation or a misdemeanor and sign the citation with your name. Then you get stuck paying those annoying fees and fines. If a thief uses your name when getting arrested for a crime, you could end up with a criminal record, which could affect your ability to get a job or buy property. Another case is when the thief commits a crime using your identity, and then a warrant is issued for your arrest.  But instead of looking for the criminal, they are looking for you—you could have a warrant out for your arrest and not even know it!

Criminal identity theft can have some pretty drastic consequences. Here’s some ways to protect yourself from this dastardly form of identity theft:

  • Shred all sensitive documents. This can prevent thieves from getting their hands on your personal information.
  • Report missing identification cards. Most criminal identity thieves get your information from stealing your driver’s license or other personally identifiable information (PII) like Social Security numbers or Identification cards. If you report a missing driver license, your state might flag your license number and in the event that another driver is pulled over by law enforcement and presents your license as their own they could be questioned for further information
  • Get a background check on yourself. If you feel like someone may be impersonating you, get a background check done. This can be done via online services or by a private investigator.
  • Check State and National criminal databases. Search your name in criminal databases like the FBI’s National Crime Information Center (NCIC) database to see if you have a criminal record.

Stay safe!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

2 Ways to Prevent Military Identity Theft

You’d think that servicemen and women would be better protected than civilians from identity theft, but their risk is higher, since their Social Security numbers are used so often and also abroad. In Iraq, it’s painted on their laundry bags!

2DOhio wants to introduce a bill to stifle military ID theft.

When a military individual has damaged credit and accumulated debt, they are subjected to disciplinary action. ID theft can delay or cancel a military person’s deployment and lead to revocation of security clearances.

The FTC says that ID theft among service individuals is on the rise. Last year, 22,000 filed complaints of ID theft. In Ohio, this crime jumped 20 percent between 2012 and 2013.

The proposed Ohio bill would raise the penalties for ID theft against active-duty members and their spouses. The bill would also allow the victims to file civil actions against the thieves.

New Jersey is also considering a bill that would increase the penalty for ID theft of veterans. New York and Illinois have already passed stronger penalties. North Carolina bans the release of military discharge documents.

All along, the SSN was printed on a service member’s military ID card, which was used all over the place. In 2008, the Department of Defense began removing the numbers. In 2012, they implemented removal of the SSNs from the card barcodes. These changes won’t be completed till 2017.

What can military personnel do to protect against ID theft?

Two things that service members can do is get active duty alerts and security freezes, but it would be simpler to use these tools one at a time.

The active duty alert, which is free, is done one year at a time after contacting one credit bureau. You can remove this at any time.

The security freeze, once in place, is indefinite unless you decide to remove it. It requires contacting three credit bureaus and is free online to North Carolina residents.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

3 Stupid Simple Tips to protect your Identity

For anyone who goes online, it’s impossible to hack-proof yourself, but not impossible to make a hacker’s job extremely difficult. Here are three things to almost hack-proof yourself.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Two-factor authentication. Imagine a hacker, who has your password, trying to get into your account upon learning he must enter a unique code that’s sent to your smartphone. He doesn’t have your smartphone. So he’s at a dead-end.

The two-factor authentication means you’ll get a text message containing a six-digit number that’s required to log into your account from someplace in public or elsewhere. This will surely make a hacker quickly give up. You should use banks and e-mail providers that offer two-factor. Two factor in various forms is available on Gmail, iCloud, PayPal, Twitter, Facebook and many other sites.

Don’t recycle passwords. If the service for one of your accounts gets hacked, the exposed passwords will end up in the hands of hackers, who will invariably try those passwords on other sites. If you use this same password for your banker, medical health plan and Facebook…that’s three more places your private information will be invaded.

And in line with this concept of never reusing passwords, don’t make your multiple passwords sound schemed (e.g., Corrie1979, Corry1979, Corree1979) for your various accounts, because a hacker’s penetration tools may figure them out.

Use a password manager. With a password manager, you’ll no longer be able to claim not being able to remember passwords or “figure out” how to create a strong password as excuses for having weak, highly crackable passwords. You’ll only need to know the master password. All of your other passwords will be encrypted, penetrable only with the master password.

A password manager will generate strong passwords for you as well as conduct an audit of your existing passwords.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Tonight’s Special Guest: McAfee’s Most Dangerous Celebrity of 2014

After a long day of hard work, there’s nothing like coming home, throwing on some PJs, and watching some good old late night television. I love catching up on all the latest news and watching celebrities like Kaley Cuoco-Sweetin discuss the celebrity photo hack (what can I say? I’m a security junkie).

Dangerous Celebrity of 2014It seems like we’ve always had a fascination with the lives of the rich and famous. In the 1700s, people gathered to watch the every move of the King of France, from getting out of bed to changing his underwear. Page Six, the gossip column, used to be the must-read page in the New York Post. Now, in the age of social media, following our favorite celebrities’ comings and goings is even easier. All we have to do is go on Twitter to get the latest about Jayoncé.

Unfortunately, our obsession with celebrities can get us into trouble on the Web. Cybercriminals love to take advantage of our interest in celebrities for malicious means. They use hot celebrity news, like updates on Ryan Gosling and Eva Mendes’ baby, along with the offer of free content to lure you to malicious sites that could steal your money or personal information or install malware.

There are some celebrities who are more likely to lead you to bad stuff than others. Today McAfee announced that Jimmy Kimmel, the host of Jimmy Kimmel Live!, is the 2014 Most Dangerous Celebrity™. McAfee found that searching for the latest Jimmy Kimmel videos and downloads yields more than a 19.4% chance of landing on a website that tested positive for online threats.

Here are the rest of the celebrities that round out this year’s Top 10 Most Dangerous Celebrities list.

 

History tells us we probably aren’t going to get over our fascination with celebrities anytime soon. But there are some things you can do now to stay safe online while you’re reading about your favorite personalities.

  • Be suspicious. If a search turns up a link to free content or too-good-to-be-true offers, be wary
  • Check the web address. Look for misspellings or other clues that the site you are going to may not be safe (for more on this, read my blog on typosquatting)
  • Search safely.Use a Web safety advisor, such as McAfee® SiteAdvisor® that displays a red, yellow, or green ratings in search results, alerting you to potential risky sites before you click on them
  • Protect yourself. Use comprehensive security software on all your devices, like McAfee LiveSafe™ service, to protect yourself against the latest threats

Help Spread the Word!
In order to continue to promote safe celebrity searching, McAfee will be running a sharing sweepstakes. Help others stay educated about staying safe online by sharing Most Dangerous Celebrities content and you could  win a Red Carpet Swag Bag that includes a Dell Venue™ 7 tablet, Beats Solo 2.0 HD headphones, a subscription to McAfee LiveSafe service along with other goodies. You must be 18 or older and reside in the United States in order to participate. Learn more here.

While it’s fine to get your fix of celebrity gossip , remember to be safe when doing so.

To learn more about Most Dangerous Celebrities, click here or read the press release, use the hashtag #RiskyCeleb on Twitter, follow @McAfeeConsumer or like McAfee on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Robert Siciliano Joins Identity Theft Resource Center Board of Directors

(San Diego, CA:  October 1, 2014) The Identity Theft Resource Center, a nationally recognized organization dedicated to the understanding of identity theft and related issues, announced today that Robert Siciliano, CEO of IDTheftSecurity.com, will serve on its Board of Directors.  Siciliano, with more than 30 years of experience in this field, will bring his vast knowledge to the ITRC Board and will help to heighten awareness on current trends and pro-active measures consumers and victims can take to protect themselves.

ITRCThe ITRC, founded in 1999, is a non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft.  It is the on-going mission of the ITRC to assist victims, educate consumers, research identity theft and increase public and corporate awareness about this problem and related issues.

“The ITRC is the single most comprehensive resource for victims dealing with identity theft,” said Siciliano. “For the past 15 years victims have been coming to me for help and my immediate response is to point them right to ITRC. There isn’t another non-profit on the planet that has as much experience in dealing with this horrible crime,” Siciliano added.

As an identity theft expert and frequent speaker, Siciliano is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace.

“Robert’s expansive expertise in the areas of data security and online safety will help the ITRC in serving the thousands of consumers who reach out to the ITRC call center year after year,” said Julie Fergerson, ITRC Board Chair.  “His research efforts in these areas have allowed him to forge ahead as a nationally renowned industry leader in identity theft, internet best practices and technological advances being made in this space every day,” Fergerson added.

About the ITRC

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization which provides victim assistance and consumer education through its toll-free call center, website and highly visible social media efforts. It is the mission of the ITRC to: provide best-in-class victim assistance at no charge to consumers throughout the United States; educate consumers, corporations, government agencies, and other organizations on best practices for fraud and identity theft detection, reduction and mitigation; and, serve as a relevant national resource on consumer issues related to cybersecurity, data breaches, social media, fraud, scams, and other issues.

Contact:  Cristy Koebler
Communications & Media Manager 
Identity Theft Resource Center
Cristy@idtheftcenter.org|858-444-3287 (D)

Consumers Eager for Connected Technology

Many of us are familiar with the Jetson’s TV cartoon that showed the life of a family in 2026 and how technology is a part of their everyday life. If you’re like me, some of the gadgets that George and his family had are probably things you thought were cool or would be convenient to have, especially the automatic meals that could be selected and then delivered with the push of a button or the flying cars. While we’re not quite at the level of George Jetson, technology advancements are only going to continue.

With that in mind, McAfee commissioned MSI for a study, “Safeguarding the Future of Digital America in 2025,” that looks at how far technology will be in 10 years. And also looking at how all this technology and interconnectedness affects our privacy and security—something George Jetson never had to worry about with Rosie (his robot maid), or while he video chatted.

What is interesting to see from the study is what people believe will be prevalent in 2025 (some of which are Jetson-esque) such as:

  • 60% believe that sooner or later, robots and artificial intelligence will be assisting with their job duties
  • 30% believe they’ll be using fingerprints or biometrics to make purchases
  • 69% foresee accessing work data via voice or facial recognition
  • 59% of people plan to have been to a house that speaks or reads to them.

There’s no reason to doubt all of these advances won’t soon be reality, but there will also be new considerations for consumers to be aware of. The more “connected” you are, the more you’re at risk. But while consumers seem to be embracing these new conveniences, 68% of them are worried about cybersecurity so it’s imperative that all of us know how to protect ourselves today and into the future.

How can you protect yourself?

  • Do your research before purchasing the latest gizmo. Read the manufacturer’s, app’s or site’s security and privacy policy. Make sure you fully understand how the product accesses, uses and protects your personal information and that you’re comfortable with this.
  • Read customer reviews. There’s hardly a product on the market that doesn’t have some kind of rating or customer feedback online. This unsolicited advice can help you determine if this is a device you want to own.
  • Password protect all of your devices. Stop putting this off. Don’t use the default passwords that come with the device or short, easy ones. Make sure they’re unique, long and use a combination of numbers, letters and symbols. Complex passwords can also be a pain to remember, that’s why using a password manager tool, like the one provided by McAfee LiveSafe™ service is a good idea.
  • Don’t have a clicker finger. Be discriminating before you click any links, including those in emails, texts and social media posts. Consider using web protection like McAfee® SiteAdvisor® that protects your from risky links.
  • Be careful when using free Wi-Fi or public hot spots. This connection isn’t secure so make sure you aren’t sending personal information or doing any banking or shopping online when using this type of connection.
  • Protect all your devices and data. McAfee LiveSafe service you can secure your computers, smartphones and tablets, as well as your data and guard yourself from viruses and other online threats.

Make sure you’re not like George calling out to his wife Jane saying “Jane…stop this crazy thing!” as he’s ready to fall off his electronic dog walker that’s gone out of control! Stay safe online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

MCAI

To join the conversation use the hashtag #FutureTech or follow McAfee on Twitter or like them on Facebook.

To download the infographic, click here or click to read the press release.

Identity proofing proves who You are

Identity proofing is proof of whom you are. Proving one’s identity starts with that person answering questions that only they themselves can answer (even if the answers are fictitious), such as their favorite movie, mother’s maiden name or name of their high school. Since most people provide real answers (that can be found online) rather than “Pointy Ear Vulcan Science Academy” as the name of their high school, this technique is on its way to the dogs.

8DMichael Chertoff, the former chief of the Department of Homeland Security, stated, “I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.”

New Jersey suffered one of the biggest unemployment frauds, and to date, has identified over 300,000 people who attempted to fraudulently collect benefits via ID theft, among other improper schemes but also honest errors. However, New Jersey is turning things around.

It’s the only state that’s used identity proofing to fight unemployment benefit fraud, which mandates that job applicants verify a number of personal details through a quiz on New Jersey’s labor department’s website.

The use of billions of public records, collected by LexisNexis, verifies the details, to filter out imposters seeking unemployment benefits. The idea is for honest people to provide answers to questions: information that crooks can’t extract from googling.

This approach has rewarded New Jersey well, with nearly 650 cases of potential ID theft prevented. The state has also saved $65 million since May 2012 after blocking foreign IP addresses from gaining access to its unemployment system. Other states are following suit.

Improper payments (including for jobless benefits) have been occurring for years. Over $176 million in grants, to stop this problem, was issued by Washington in 2013 to 40 states. The errors in unemployment benefits payments on a national level have been about 10 percent for the past 10 years.

Businesses and government frequently must take the brunt of the fraud and waste despite an unemployment insurance system in place.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

4 Identity Protection Habits Every College Student Should Have

For some of us, fall is about to begin and the graduates of the class of 2014 are heading off to colleges across the country. It’s an exciting time—there’s a reason so many people call college the best four years of their lives. You learn so much about the world and yourself. You make lifelong friends. You are an adult without the full responsibility of being an adult.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813It’s pretty easy to believe that because you are young and not in the “real world” yet that you are immune to identity theft or credit card fraud. But crime isn’t so choosy about age. College students are actually a prime target for identity thieves because of naiveté. According to University of Colorado—Boulder, only 21% of college students are concerned about identity theft. And lack of concern leads to lack of managing financial and personal data making college students vulnerable to identity theft.

Luckily, managing your identity doesn’t have to be hard. Whether you’re an incoming freshman or a graduate student, here are four simple habits to help you protect your identity.

  • Check your credit card reports monthly. Many people believe that thieves will drain their accounts. Although that certainly does happen, in many cases, thieves will only take out small increments of money over time to avoid getting caught. By checking your credit card and bank statements monthly you can catch any suspicious charges and immediately alert your bank or credit card company.
  • Regularly change your passwords. Yes, it’s much easier to have one password for all of your accounts, but if hackers discover your password, they have easy access to all of your accounts.  Diversify your passwords and make it a habit to change your passwords every other month. To make this simple, you can use a password manager, like McAfee SafeKey, which comes with McAfee LiveSafe™ service. And to learn more about creating strong password, go to www.passwordday.org.
  • Cover the PIN pad when entering your PIN. Your PIN is the gateway to your bank account and thieves want it. This habit can protect you from skimming and video devices at automated teller machines (ATMs) or gas stations.
  • Think twice before giving out your personal information. Hint: Your fraternity or sorority does not need your identification or Social Security number. If you are shopping online, make sure the website is secure and not a fake before entering your credit card information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

The Sweet Sixteen Rule

Your child is turning 16! As a parent in the US, your mind is occupied with planning the big sweet 16 party and preparing for a new driver on the road (and the crazy high insurance that goes with it). During this exciting time, there’s something else you should be thinking about—your child’s credit score.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Child identity theft is more common than we want to think it is. According to a study by Identity Theft Assistance, 1 in every 40 households with minor children has been affected by child identity theft. Thieves love this kind of identity theft because 1) it gives them a clean slate because kids don’t have a credit history, and 2) it usually takes years before the crime is discovered—and it’s a lot of time to do some extensive damage. Many kids who have had their identities stolen don’t find out until they are adults trying to buy a car, apply for a college loan, or rent a place and they are denied due to low credit scores. At that point, it could take years to undo the damage and build a respectable credit score. No parent wants that for their child!

So when your child turns the big 16, start a new tradition and check to see if your child has a credit report. If your child does have a report, check to make sure there are not any mistakes on it and also check in why he or she would have a credit report (since most wouldn’t). You’ll not only save your child tons of headaches later on, but you’ll have a head start on clearing this up before it becomes a big mess.

But the best way to fix child identity theft is to prevent it in the first place. Here are a few tips to protect your child’s identity.

  • Keep your child’s information in a private, safe place. Don’t carry your child’s Social Security card or identity card around with you and make sure their birth certificate is in a safe place, like a locked file cabinet, safe or safety deposit box.
  • Only give out your child’s personal info when necessary. Be particular who you share your child’s Social Security number or identification number with, and when in doubt, leave it blank. The little league coordinator does NOT need to have this information, and even places that you may think may need it like your doctor’s office, you should check to be sure. Remember, once the information leaves your hands, it is out of your control.
  • Shred any sensitive documents before discarding. Rule of thumb: if it has an identification number  or any personal information on it, shred it.
  • Be alert to robberies and security breaches. If your home has been broken into, make sure all documents are accounted for.
  • Be careful what you and your child shares online. Make sure to teach your child the “rules of the road” for online safety and why sharing personal information online can be risky.
  • Invest in security software. Use software like McAfee’s LiveSafe™ service to protect your data and identity as well as your child’s on all your computers, smartphones and tablets.

For more information on protecting your identity, make sure to like McAfee’s Facebook page or follow us on Twitter.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.