Posts

Should You Fight or Take a Flight When Being Attacked?

I am a big believer that people should run away from an attacker. If a bad guy gets into your home and he often wants to cause you pain, RUN as quickly as you can to the nearest door. If you are in a corner or you have to protect a loved one, you might have to fight him.

Most of us are taught to not hurt other people. We teach our children to have manners and to be kind to others. This is a process known as “civilized conditioning,” and it allows us to live in a civilized society.

However, sometimes violence occurs regardless of this civilization. In fact, there are millions of people out there who are uncivilized and fully capable of doing terrible things to other people.

When you think of it, civilized conditioning is a type of double-edged sword. Yes, it helps to prevent us from being violent to each other for no good reason. But, it also prevents us from being violent with another person if we need to. Because of this conditioning, you might panic, stop breathing, or even freeze when someone attacks you.

Do you know what you would do if a bad guy confronts you? Would you freeze? Fight? Run?

If you are a parent and someone attacks your child, you would probably defend your son or daughter with a vengeance. But, what about when it comes to your own safety?

Here are some tools that you can use to overcome civilized conditioning when you need to:

  • Understand that no one has any right to harm you for any reason.
  • Realize that fighting back and resisting is the best way to remove yourself from a situation that is dangerous.
  • Ask yourself “What if” questions, such as “What if, as I walk through this parking lot, there is someone hiding behind that van?” This helps to prepare your body and mind to quickly respond in the face of danger.
  • Practice visualization to try to create potential scenarios in your thoughts, and then think about your response.
  • Take self-defense classes. This helps to give you a different perspective on your situation.
  • Have an awareness of your situation and environment no matter where you are or what you are doing. If you feel like something is wrong, it probably is.
  • If you are attached, run to a safe place, such as to a store, a home, or any other populated area.
  • Install home alarm systems in your home to further protect yourself from the bad guys.

And, when it’s all said and done, don’t worry about any of this. BUT, you need to know your options and you need to do something about it if a bad guy enters your life.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Private Identifiers Not Private

Today’s commerce occurs very much online, with products and services ranging from A to Z. Hence, these many online merchants have hundreds of millions of people around the globe registered with them for convenient purchases.

1PTo verify authentication as the true user of these services, the registrant must supply personal data. If cyber criminals get ahold of this data, much of it can be changed by the user after the breach, such as user name, password and even the address they’ve been using.

However, the Social Security Number and date of birth cannot be changed. When cyber crooks get personal data off of these online retailers and service providers, it invades the customer’s privacy.

Online enterprises must take full responsibility for stolen data. It’s a real serious issue when permanent (“static”) data like DOB and SSN is breached, as opposed to temporary data like a password or answer to a security question.

Of course, the registrants to these sites do bear some culpability when they post their personal data in the public domain. But business sites make posting personal data a requirement to use their site. Unique data like the SSN should not be a requirement.

The online commerce world should know that such a requirement destroys confidence in current and potential customers, and that their competitors who abandon this practice will have the upper hand in gaining and retaining business.

More and more users are realizing that the security systems of online enterprises are weak, putting users at risk for identity theft—a risk that they’re catching onto.

NSS Labs, Inc., a world leader in information security research and advisement, has the following recommendations:

  • Online businesses should limit requiring data that can be shared among other enterprises.
  • Online enterprises should be designed with the anticipation of possible data breaches; this way they’ll minimize risk and be more prepared to mitigate problems.
  • Third-party data breaches should be analyzed by online companies to protect users if data seeps out.
  • “At risk” users should be able to be re-authenticated.
  • Governments need to reassess the idea of using static data like DOB and SSN.
  • Online enterprises must embrace the possibility that legislation will eventually make it illegal to require SSNs from users.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures

Top Security Techniques That Work For The Masters

Banks know security just about better than anyone. Find out what they can teach you about safeguarding your small business.

8DSecurity is a journey, not a destination. This is a security industry axiom that means we can strive for security, and by making this effort, we can put ourselves on a path to security. But while we may achieve a relative degree of security, our businesses will never be 100 percent secure—the destination we all strive for. Even Fort Knox, the White House and the New York Stock Exchange are vulnerable.

But that doesn’t mean we shouldn’t strive to reach our destination. In order to protect our businesses, we can apply strategies that significantly reduce our risk level. One of the best security techniques is layering. Layers of security make a criminal’s job more difficult, as they are forced to address all the vulnerabilities in our business.

Helen Keller once said, “Security is an illusion; life is either a daring adventure or nothing at all.” Her quote has significance, although it’s not entirely accurate. That’s because security is part illusion and part theater. The illusion, like a magic act, seems believable in many cases.

Security theater, on the other hand, refers to security intended to provide a sense of security while not entirely improving it. The theater gives the illusion of impact. Both play a role in deterring criminals, but neither can provide 100 percent security, as complete security is unattainable. Hence, security is a journey, not a destination.

Banks know security, both the illusion and the theater. They have to, because robbers target these buildings daily. Because banks want to promote a friendly and inviting environment, consumers are mostly oblivious to the various layers of security that financial institutions utilize to protect their bank accounts. And that’s not a bad model to follow.

What Banks Know About Security

Banks have multiple layers of security. The perimeter of most banks are often designed to include large windows, so passersby and law enforcement can easily see any problems occurring inside. The bank’s doors also have locks. There is, of course, an alarm system, which includes panic buttons, glass-break detectors and motion sensors. These are all layers, as are the security cameras, bulletproof glass and armed guards. Ideally, the tellers and members of management should have robbery-response training. Many banks also use dye packs or GPS devices to track stolen cash.

All banks have safes, because banks know that a well-constructed safe is the ultimate layer of security. A safe not only makes it extremely difficult for a bank robber to steal the bank’s money, but it also protects the cash in the event of a fire.

And then there are the multiple layers of computer security. The basics include antivirus, antispyware, antiphishing and firewalls. However, there are numerous additional layers of protection that monitor who is accessing data and why, and numerous detectors that look for red flags which indicate possible identity theft.

Banks also recognize that a simple username/password is insufficient, so they require their clients to adopt multifactor authentication. Multifactor authentication is generally something the user knows, such as a password or answers to knowledge-based questions, plus something the user has, such as a smart card, token or additional SMS password, and/or something the user is, such as identification through a biometric fingerprint, facial recognition, hand geometry or iris scan. In its simplest forms, multifactor authentication occurs when a website asks for a four-digit security code from a credit card or installs a cookie on your machine, or when a bank requires a client to add a second password to his or her account. Some institutions also offer or require a key fob that provides a changeable second password (a one-time password) to access accounts, or it might require a reply to a text message in order to approve a transaction.

Every layer of protection the bank adds is designed to make it harder for a criminal to get paid.

Consider a layered approach for your small-business security plan. Think about the current layers of business protection you have in place, and then consider how many more layers you might want to install to ensure a seamless customer experience and a security-minded culture.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

7 Laptop Security tips for the Traveler

Here are nine ways you can add a lot of security to your laptop when traveling.
8D

  1. Bag it. Keep the laptop in a sturdy bag that’s specially designed for laptops. The sleeve should be well-padded and the bag TSA-compliant. The bag should be collapsible and expandable (depending on contents), and easy to wear near your body for extended periods.
  2. Don’t part with it. Pretend your laptop is a baby. In public, you wouldn’t leave your baby unattended while you went to the restroom or moved around in your location. Likewise, take your laptop with you wherever you go in public, even if it’s just one aisle over.
  3. Hang the “Do Not Disturb” sign. If you must leave your laptop in your hotel room when you’re out, put up the “Do Not Disturb” sign. The fewer people in your room, the less likely your laptop will be stolen. You can also put the laptop in the hotel’s safe, though that’s no guarantee of security, either.
  4. Use a cable lock. Though a persistent thief won’t be deterred by this in a setting where nobody will notice him, it can indeed keep him at bay if the laptop is in a busy public place. Find out if your company provides cable locks. Otherwise, you can purchase them online.
  5. Software leash. A stolen or misplaced laptop can be located with software. For best results in the event your laptop gets stolen or lost, register with one of these anti theft tracking services prior to your trip. MyLaptopGPS is good.
  6. Don’t be nice. Yes, don’t be nice enough to let a stranger use your laptop.
  7. Use a VPN. VPN stands for virtual private network, and it’s very effective at providing data security when you use a laptop in public (airport, coffee house, hotel) where the network is open season all season for hackers. You’ll be protected when you’re on any site. Ask if your company can give you a VPN when you travel. Use Hotspot Shield.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Analyze Security to reduce Threats

A deep analysis into security (security analytics programs) unveils some riveting areas that need to be addressed if business users are serious about reducing threats of data breaches.

1DReveal data leaks. Convinced your business is “data leak proof”? See what stones that security analytics turn over. Don’t be surprised if the leaks that are discovered have been ongoing, as this is a common finding. You can’t fix a problem that you don’t know exists.

An evolution of questions. Analytics programs can create questions that the business owner never thought to wonder about. Analytics can reveal trends and make them visible under the business owner’s nose.

Once these questions and trends are out of the closet, decision makers in the organization can have a guideline and even come up with additional questions for how to reduce the risk of threats.

Connections between data sources. Kind of along the same concept described in the previous point, security analytics programs can bring forth associations between sources of data that the IT security team many not have unearthed by itself.

Think of data from different sources being poured into a big funnel, and then what comes out the other end are obvious patterns and associations between all that data, even though it was “poured” from differing sources. When “mixed” together, the data reveals connections among it.

Uncovering these associations is important so that businesses can have a better understanding of disparate segments of their network, various departmental information, etc.

Discovery of operational IT issues. Take the previous points a step further and you get a revelation of patterns and connections in the IT operations realm—associations that can help mitigate problems with workflow and efficiency.

In other words, an issue with IT operations could be something that’s causing a drain on productivity, or, something that’s not creating a problem per se, but can be improved to spark productivity.

Uncover policy violations. Analytics can turn up policy violations you had no idea were occurring. Not all violations are malicious, but once they’re uncovered, they cannot be covered up; the next step is to do something about it.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Devising a Data Security Strategy

Whether you are an individual who games, a work-at-home employee, a family of four that shops online, a road warrior or even a small business, chances are you have data to protect—and so this all pertains to you.

5DFundamentals:

Antivirus isn’t enough: A free antivirus package is good, but it might not update automatically—and you need your antivirus to be today’s version. Spend a couple bucks and get your antiphishing, antispyware and firewall protection.

Updated browsers: An old, outdated browser is a nightmare that is often riddled with holes for criminals to slither a bug through. Install the latest update ASAP, automatically or both.

Updated operating systems: Set your OS to automatically update, as manual updates are often forgotten and missed.

Disk encryption: Your device may come equipped with the ability to encrypt individual files, folders or the entire disk. There are many free third-party encryption programs that are excellent.

Backing up: You should have at least two local backups of all your data in case a device fails. I use external drives and GoodSync to keep it all backed up every hour. Also, invest in cloud-based storage that has encryption as well—all for under $100 annually.

Password management: It’s not OK to have one password for 30 accounts. You need 30 different passwords, and this can only be accomplished with a password manager.

Wireless WiFi protection: Having open WiFi so your neighbor can piggyback on your connection is a bad idea. Use WPA2 encryptions that are built into the router. Whenever using public free WiFi, use a virtual private network software such as Hotspot Shield VPN to encrypt all your data.

Mobile device security: Mobiles are small computers that store our data or have access to our cloud-based accounts. Mobiles need to be password protected and have antivirus protection, just like PCs do. Keep in mind that WiFi on a mobile is no different than on a laptop, so use a VPN on your mobile too.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Are You as Secure as a Fourth Grader? (Hint: No)

Security is the big picture. Security is in the finest details. Security is software and hardware. Security is awareness, intelligence and vigilance. Security is obvious, is obscure and is theater. Security is a journey and not a destination. It’s a path you take, but not a place you ever really arrive at. Security is an illusion; it’s elusive, attainable and impossible.

Ever have dialogue with a nine-year-old? Kids that age are pretty smart. Most can navigate through life with enough awareness to get themselves in and out of trouble and have the understanding of how things work like a 30-year-old might. They also possess a certain innocence and lack the fear of failure or of retribution due to the fact they’ve yet to be burned as much as a typical 30-year-old has.

It’s that carefree outlook and lack of concern with authority that allows mastermind criminals to walk all over those of us who follow the rules—and those who enforce them.

Which brings us to a nine-year-old Minneapolis boy who was able to get through security screening and onto a Vegas-bound plane at the Minneapolis-St. Paul International Airport without a ticket. The only reason he was even caught was because he was…well…a boy. His Delta flight was not full, and the flight crew became suspicious mid-flight because the boy was not on the list of unattended minors. The crew contacted Las Vegas police, who met them upon landing and transferred the boy to child protection services.

That’s not all. Our stowaway rode on the train to the airport (probably snuck on there too), stole a bag from a luggage carousel, and went to an airport restaurant, where he chewed and screwed (dined and dashed) the restaurant out of their money.

I’m not done telling his story. Two weeks prior to the airport incident, he snuck into a water park, stole a truck, smashed it, and was caught driving on a highway and pulled over. And that’s just what was reported when he was caught.

So if you think your government, the TSA, Homeland Security or the police can protect your personal security—or your bank, your credit card company or all the organizations that have your information on file can protect your identity—then you’re no smarter than a fourth grader.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Security Measures for the Wealthy vs. for the Rest of Us

“Wealthy,” by some standards, might mean being in the top one percent of earners today in the US, which is $370,000 a year. Otherwise, the “bottom” 95 percent is making less than $150,000 a year, and then 75 percent of the population makes less than $66,000 a year. Depressed? Sorry; the point of this post is to provide you with options that the wealthy might use for security vs. what everyone else considers affordable.

  • Home security: Alarm systems today can cost from under a hundred dollars to several thousand. Celebs and CEOs often invest heavily in all the bells and whistles, whereas all we of more modest means really need is a simple system to protect our doors and windows that also comes with a siren and is possibly connected to a monitoring station at the price of a dollar a day. Even cheapo stickers and signs on eBay offer a layer of protection.
  • Auto security: You could ride like Kanye West in an armored car costing several hundred thousand dollars…or you could install some tinted windows, take a defensive driving course and toss in a kill switch for a few bucks.
  • Personal security: If your name is Larry Ellison (CEO of Oracle), you might drop $1.7 million on bodyguards and everything else. Otherwise, take a self-defense course utilizing adrenal stress training.
  • Information security: Budgeting for information security is often relative to the amount and kind of data that needs protecting. So a big company should be spending big bucks, whereas for $49.95 you should be renewing your antivirus every year.
  • Identity theft security: For 10 bucks a month, anyone can protect his or her identity with identity theft protection. For almost free, everyone should get a credit freeze. I do both and recommend you do the same.
  • Wireless security: The beauty here is that protecting a wireless connection can be free via a free VPN service from Hotspot Shield. And for another few bucks, you can get a paid version that’s ad-free and faster—and you don’t need to be wealthy to afford it.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247

How NFC and Security Work Hand in Hand

NFC is an acronym for near field communication, a wireless technology that allows devices to talk to each other. In the case of a mobile wallet application, those devices would be a mobile phone and a point-of-sale device, such as a credit card reader at a checkout counter. NFC can be used in other ways beyond credit card transactions. It can integrate with hardware, such as your car, to lock or unlock a door.

Consumers perceive a lack of security with NFC, but in fact NFC is much more secure than having your data stored on a magnetically striped credit card, which can be more easily compromised. There are numerous layers of security in an NFC payment, including both hardware and software, and major payment networks such as MasterCard and Visa require certification before any payment application or hardware is let loose on the public.

There are important key features that reinforce mobile NFC security:

1) NFC SIM cards storing a consumer’s payment credentials and the payment applications are certified according to security standards. These standards are defined by financial services’ authorities and are comparable to CHIP-N-PIN security.

2) Consumers can choose to authenticate transactions by entering a PIN code on the payment application. Consumers can also request the PIN to be entered for all payments, even for small amounts—providing the end-user with complete control over protection features.

3) Secure over-the-air technology for remote management enables immediate remote blocking of the payment application. This works in a similar fashion to blocking a bank card in opposition mode.

Check out NFC and see if your device offers NFC here and definitely give it a try!

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

What’s a Wireless “Sniffer” and Why Should I Care?

A sniffer is a software program used by IT administrators to monitor network usage, investigate network problems, investigate network misuse and abuse, identify configuration issues and determine the state of a network’s security. Sniffers ultimately decode the data so it is readable in words, numbers and computer code.

Note that last part: “determine the state of a network’s security.” That is a big one. This is because while good-guy IT security professionals use sniffers to determine the security of a network, bad guys also use them to see your data as it travels from your device to the router communicating the wireless internet signal.

Unsecured, unprotected, unencrypted and sometimes shared wireless internet communications over Wi-Fi in your home, office or any publicly connected Wi-Fi (such as at a coffee shop, airport or hotel) are vulnerable to sniffers. A sniffer employed by a criminal can be used to spy on anything you communicate wirelessly. Criminals can steal your data, get your usernames and passwords, and potentially hijack your device…and your life.

The kind of data that is most vulnerable to sniffers is that which is unencrypted; this can include something as simple as files being copied and pasted or shared from one device to another. Any information coming through your browser that isn’t coming from or going to a website employing encryption designated HTTPS—the S means secure—is also vulnerable.

On wireless connections that aren’t properly secured—such as those public ones I mentioned earlier—your best line of defense is to use a virtual private network software that protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. Hotspot Shield VPN is a good one to use. It’s secure, free to you (supported by ads) and available for PC, Mac, iPhone and Android.

Robert Siciliano is an Identity Theft expert  consultant to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.