Posts

12 Days to a Safe Christmas: Day 12 – Holiday Security Tips All Wrapped up Together

Would you like to give the people you care about some peace on earth during this holiday season? Take a few minutes to pass on our 12 privacy tips that will help them protect their identities, social media, shopping and celebrating over the coming weeks. The more people that take the steps we’ve outlined in the 12 Days of Christmas, the safer we all become, collectively.

Have a wonderful holiday season, regardless of which tradition you celebrate. Now sing (and click) along with us one more time.  

On the 12th Day of Christmas, the experts gave to me: 

12 Happy Holidays,

11 Private Emails,

10 Trusted Charities

9 Protected Packages

8 Scam Detectors

7 Fraud Alerts

6 Safe Celebrations

Fiiiiiiiiiiive Facebook Fixes

4 Pay Solutions

3 Stymied Hackers

2 Shopping Tips

And the Keys to Protect My Privacy

 


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on technology, cybersecurity, and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab, and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.

US Companies Face Cyber Attacks; Live in a State of Cyberseige

When JP Morgan was recently asked about reported cyber attacks, their spokesperson replied that they were “closely safeguarding information and would notify anyone affected” and went on to add that companies of its size experience cyber attacks “nearly every day”.  It seems a rather casual reply for an event that may have resulted in the theft of multiple gigabytes of sensitive data!

Yet that is the reality today.  In fact, the financial industry, and most of the business world, has been described as being in a state of almost perpetual cybersiege.  Cyber attacks have become so commonplace that most businesses have almost come to expect it.

Which is why we have stopped paying attention, because breach is so normal. And breach is so normal because corporations don’t train their employees correctly on how to avoid it. 

In the case of the attacks on financial institutions this week, however, officials briefed on the attack said there had been multiple, very sophisticated, intrusions.  They are thought to have been “far beyond” the capability of normal hackers and seem to be part of an international wave of nationalist cybercrime campaigns against financial institutions.

It is expensive to battle a cyberseige.  JPMorgan Chase said in its 2013 annual report that it planned to spend more than $250 million and devote about 1,000 people to cybersecurity in 2014.  According to a report on cyber security and the banking sector released by the New York State Department of Financial Services in May, more than three-quarters of financial institutions expect their information technology security budgets to rise over the next three years. That might be the silver lining in what is a cloudy outlook for corporate security.

John Sileo is an an award-winning author and keynote speaker on data breach. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Sileo Speaking at NAFCU Technology and Security Conference

Credit Union Members: A special thanks to NAFCU for having me back a second year to present at their Technology and Security Conference.  Join us in Vegas for some fun and really get into the nuts and bolts of cyber security.

Screen shot 2013-09-09 at 11.04.06 AM

 
 

WWBD? (What Would Bond Do?) Five Steps to Secure Your Business Data

I finally got around to watching the latest 007 installment, Skyfall, and it appears even James Bond has entered into the world of Cyber Crime as he tries to protect a computer drive with a list of British agents from falling into the wrong hands.  And like the proverbial victims in a James Bond flick, you and your business data are under assault, even though it may not always be as obvious as getting thrown off a train.  Why?  Because your business data is profitable to would-be thieves. And for many of those thieves, that data is easy to get and the theft can be next to impossible to trace.

Sony PlayStation Network, Citigroup, Lockheed and several others have seen more than 100 million customer records breached, costing billions in recovery costs and reputation damage.  If it can happen to the big boys, it can happen to you.  If you don’t have Bond on your side fighting off the villains, take these steps to take to secure your business data:

Involve your employees. No one in your organization will care about data security until they understand what it has to do with them. So train them to be skeptical. When they’re asked for information, teach them to automatically assume the requestor is a spy. If they didn’t initiate the transfer of information (e.g., someone official approaches them for login credentials), have them stop and think before they share. Empower them to ask aggressive questions. Once employees understand data security from a personal standpoint, it’s a short leap to apply that to your customer databases, physical documents and intellectual property. Start with the personal and expand into the professional. It’s like allowing people to put on their own oxygen masks before taking responsibility for those next to them.

Stop broadcasting your digital data. Wireless data leaks two ways: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Have a security pro configure the wireless router in your office for WPA-2 encryption or better and perform a thorough security audit of your network. To protect your data on the road, set up wireless tethering with your mobile phone provider and stop using other people’s hot spots.

Eliminate the inside spy. Perform serious background checks before hiring new employees. The number one predictor of future theft by an employee is past theft. Follow up on the prospect’s references and ask for some that aren’t on the application. Letting prospective hires know in advance that you will be performing a comprehensive background check will discourage them from malfeasance.

Don’t let your mobile data walk away. Up to 50 percent of all major data breach originates with the loss of a laptop, tablet or mobile phone. Either carry these on your person (making sure not to set them down in airports, cafes, conferences, etc.), store them in the hotel room safe, or lock them in an office or private room when not using them. Physical security is the most overlooked, most effective form of protection. Also, have the security pro mentioned earlier implement strong passwords, whole disk encryption and remote data-wiping capabilities. Set your screen saver to engage after five minutes of inactivity and check the box that requires you to enter your password upon re-entry.

Spend a day in your dumpster. You may have a shredder, but the problem is no one uses it consistently. Pretend you are your fiercest competitor and sort through outgoing trash for old invoices, credit card receipts, bank statements, customer lists and trade secrets. If employees know you conduct occasional dumpster audits, they’ll think twice about failing to shred the next document.

Take these steps and you begin the process of starving data thieves of the information they literally take to the bank.  It will be a lot easier to sit back and relax- maybe even have a shaken martini- when you know your business is secure.

James Bond martini

John Sileo is an anti-fraud training expert and in-demand speaker on digital reputation, identity theft and online privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

 

 

 

 

 

 

Cyber Monday Cyber Security in 60 Seconds

Cyber Thieves are officially out today to steal your credit card information or any other private personal information they can intercept as you shop online during Cyber Monday (and for the rest of the holiday season). In less that 60 seconds, you can know what they are up to and what to watch out for. Only 50 seconds left, so here they are (note: some of the “for more info” links will only become live over the next few weeks in our 12 Days of Christmas series, so please check back):

  1. Be extremely careful when using free Wi-Fi hotspots to shop online, as you are being watched by data sniffers.
  2. Only shop on secure, reputable websites that: A. You know via other means (the press; you shop at their store) B. Look for “https” in the URL, C. The website has a small padlock icon in the bottom right corner of your browser or the URL turns green, signaling a “safe” site.
  3. Shop, online or in person, with a credit card and not a debit card, because debit cards are riskier.
  4. Never offer more personal information to online stores than absolutely necessary (e.g., Social Security numbers, bank account numbers, passwords, PINs)
  5. Never use the same password across multiple websites, and do not use your name, pet’s name, birthdate, dictionary word or other easily guessed attribute as a password. Use a combination of letters, symbols and numbers and vary upper and lower case.
  6. Leave suspicious websites immediately (they ask for more information than normal, require you to double enter information or trigger your BS meter).
  7. Log out of your online accounts when you are not actively shopping, and password protect your smartphone, iPad and laptop in case they do go missing.
  8. Use automated account alerts to effortlessly monitor your credit card charges and bank balances, allowing you to catch fraud immediately.
  9. Only cyber shop on a non-public (e.g., not in a library) computer with a secure internet connection, updated anti-virus software and up-to-date operating system.
  10. Only donate to known charities and only when you have initiated the gift. Never send money (via check, cash or electronically) based solely on a wall post, email or phone call.  Respond to such correspondence by contacting the charity on a reputable phone number or website.
  11. (Bonus Tip #1) Resist your curiosity to see that adorable elf dance in an email, wall post or tweet; only open attachments from trusted friends and family. If you don’t recognize the sender, don’t open the holiday greetings, as it is probably malware trying to intercept your shopping credentials.
  12. (Bonus Tip #2) Check out our 12 Days to a Safe Christmas: Prevent Holiday Identity Theft for day by day tips on preventing identity theft while shopping.

If you take these 10 tips to heart, you will not only save yourself the stress of shopping in person, you won’t have to think twice about doing your holiday buying online.

When John Sileo isn’t shopping online for holiday gifts, he’s off speaking at conferences who are looking for highly relevant content delivered with humorous audience interaction. See video clips of John on stage and in the media.