Tag Archive for: Data Protection

When Encryption Isn’t Enough: How Human Error Undermines Even the Best Security Tools

In the realm of cybersecurity, we often focus intensely on technical solutions—better encryption, stronger firewalls, and more sophisticated intrusion detection. Yet, time and again, the most significant security breaches don’t come from technical failures but from something far more difficult to patch: human behavior.

The Signal Incident: A Case Study in Human Error

The Trump administration recently provided a perfect example. Top officials, including Vice President JD Vance and Defense Secretary Pete Hegseth, used Signal—an encrypted messaging app widely considered highly secure—to discuss detailed plans for airstrikes against Yemen’s Houthi militants. Then, they accidentally added a journalist from The Atlantic to the chat.

These weren’t junior staff discussing lunch plans. These were high-ranking officials planning military operations using an app on their personal devices—compromising that information through a simple mistake. President Trump later acknowledged the issue, stating, “Generally speaking, I think we probably won’t be using it very much.” An understatement, to say the least.

Encryption ≠ Security

Signal was doing exactly what it was designed to do—providing end-to-end encryption that ensures messages are scrambled on one device and can only be unscrambled by the recipient. However, as this incident highlights, encryption alone does not equal security.

National security experts pointed out that discussing classified information on consumer apps is a major security breach, regardless of how secure the app is. Conversations about military operations should take place in Secure Compartmented Information Facilities (SCIFs), where cell phones are banned. The government’s secure communication tools have strict access controls, preventing unauthorized users from being added to conversations.

The Convenience vs. Security Tradeoff

Why would top officials bypass these secure systems in favor of a consumer app? The answer lies in a challenge familiar to every security professional: secure solutions are often less convenient. Government-approved communication tools are likely clunkier and more restrictive than sleek consumer apps like Signal. However, that inconvenience is often the price of true security.

Shadow IT: A Persistent Risk

The Signal incident highlights a broader problem in organizations: shadow IT. Employees often turn to unauthorized tools because official solutions feel cumbersome. This creates significant security vulnerabilities, regardless of how secure these shadow tools claim to be.

Building a Culture of Security

Technical solutions alone won’t fix human error. Organizations must:

  1. Make security personal—showing employees how breaches affect them directly.
  2. Design for human behavior—implementing user-friendly security measures.
  3. Train on real scenarios—using case studies and hands-on exercises.
  4. Make security visible—rewarding security-conscious behavior.
  5. Lead by example—ensuring executives follow security protocols.

At the end of the day, even the best encryption can’t protect against human mistakes. True security requires a cultural shift—one where individuals take personal responsibility for safeguarding sensitive information.

With two decades of experience helping organizations build security-focused cultures, John Sileo is passionate about empowering people to take ownership of data security, both personally and professionally. His approach bridges the gap between technical controls and human behavior to create security systems that actually work in the real world. Call 303.777.3222 or contact us to inquire about booking John for your next meeting or event.

Identity Theft for Businesses: Mobile Data Breach

Mobile Data Theft

Technology is the focal point of data breach and workplace identity theft because corporations create, transmit, and store so many pieces of information digitally that it becomes a highly attractive target. This book is not intended to address the complex maze that larger organizations face in protecting their technological and digital assets. Rather, the purpose of this book is to begin to familiarize business employees, executives, and vendors with the various security issues facing them.
The task, then, is to develop a capable team (internal and external) to address these issues. In my experience, the following technology-related issues pose the greatest data-loss threats inside organizations:

  • Laptop Theft: According to the Ponemon Institute, 36 percent of reported breaches are due to a lost or stolen laptop.
  • Mobile Data Theft: Thumb drives, CDs, DVDs, tape backups, smart phones
  • Malware: Software that infects corporate systems, allowing criminals inside these networks
  • Hacking: Breaking into your computer system from the outside, using networks, wireless connections, remote access, and your Internet pipeline
  • Wireless Theft: Wireless connections to the Internet in airports, hotels, cafes, and conferences
  • Insider Theft: When someone in the IT department (or elsewhere) decides to make extra money by selling your data

According to the Ponemon Institute, ‘‘Thirty-six percent of all cases in this year’s study involved lost or stolen laptop computers or other mobile data-bearing devices. Data breaches concerning lost, missing, or stolen laptop computers are more expensive than other incidents. Specifically, in this year’s study, the per-victim cost for a data breach involving a lost or stolen laptop was just under $225, over $30 more than if a laptop or mobile device was not involved.’’ Continue Reading….

The post above is an excerpt from John’s latest book Privacy Means Profit. To learn more and to purchase the book, visit our website www.ThinkLikeASpy.com.

Privacy Means Profit

Prevent Identity Theft and Secure You and Your Bottom Line

This book builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

In Privacy Means Profit, John Sileo demonstrates how to keep data theft from destroying your bottom line, both personally and professionally. In addition to sharing his gripping tale of losing $300,000 and his business to data breach, John writes about the risks posed by social media, travel theft, workplace identity theft, and how to keep it from happening to you and your business.

Identity Theft of H&R Block Customers | Sileo Group

The number of identity theft victims rose 22% last year! Although it’s important to always protect your identity, tax season makes people more vulnerable to this crime and you should be especially cautious.

H&R Block identity Theft

A recent article in the New York Times uncovers an H&R Block office in the Bronx that was infiltrated by identity thieves (apparently it was not the only office affected).

Last year, Kevin Johns, a construction worker in the Bronx, did his taxes at the H&R Block store on Riverdale Avenue that he had used for the past 20 years or so. The next day, though, he got a call from the tax preparer: his return was rejected because he had already filed. Or at least, someone had filed in his name. That someone helped himself or herself to a $8,499 refund.

Sharon Hawa, a disaster-relief coordinator with the Red Cross and another longtime customer at the same office, had a similar experience. Ms. Hawa said she went to have her taxes done, only to be told that someone had already e-filed her taxes and collected $6,145.

Both Ms. Hawa and Mr. Johns said they were told by police detectives investigating their cases that at least 20 customers of the branch and possibly many more had been robbed by identity thieves who were very likely H&R Block employees. Both said the fraudulent filers used their previous year’s adjusted gross incomes as proof of identity.

Top Tips for Tax Time Identity Theft Protection Safe Preparation

Your greatest risk of identity theft during tax season comes from your tax preparer. In this case it was because they are dishonest, but sometimes it is because they are careless with your sensitive documents. Just ask yourself how easy it would be for your tax preparer or anyone in their office to walk off with a few client folders containing mounds of profitable identity. Here are a few effective solutions:

Choose your preparer wisely

How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Do they have an established record and are they recommended by the Better Business Bureau? Don’t be afraid to ask for references.

Interview your preparer before you turn over sensitive information. Ask them exactly how they protect your privacy (do they have a strong privacy policy?). Are they meeting with you in a room full of client files, or do they take you to a neutral, data-free, conference room or office? Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the next section?

Asking professional tax preparers these questions sends them a message that you are watching. Identity thieves tend to stay away from people they know are actively monitoring for fraud. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood. When it comes to the case with H&R Block it causes a huge loss of clients due to a damaged reputation.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

[youtube https://www.youtube.com/watch?v=A0fcQyqBtfQ&rel=0]