Tag Archive for: data security

Data Breach Expert John Sileo on Fox & Friends – Target Data Breach

Data Breach Expert John Sileo goes on Fox & Friends to discuss the 110 million records breached at Target.

Higher Education Features Cyber Security Expert John Sileo

Universities perfect learning environment for data security

Higher Ed Organizations are among the highest risk groups to become victims of identity theft and data breach. Because students are relative “beginners” when it comes to personal finances, because university environments are predicated on trust and credibility, and because of the recent progress towards a mobile-centric, social-networking-dominated campus, higher education’s digital footprint is constantly exposed to manipulation.

"The most engaging speaker I've ever heard - period"

“The most engaging speaker I’ve ever heard – period.”  Debbie Bumpous, NSU Chief Information Technology Officer speaking about John Sileo

“John Sileo was the secret sauce in launching our cyber security awareness program” – University of Massachusetts Director of IT

Universities are 357X more likely to be affected by data breach than the average organization. High profile cases, some of which ended in class action lawsuits against the breached university include the University of Nebraska (650,000 breached records at an estimated cost of $92 million), UCLA, Auburn, Delaware, and Texas. Data theft is bad for students, time consuming for the administration and a public relations nightmare for the university. John Sileo knows their pain first hand, as he is generally the person contacted by universities after they have been breached. 

Video: watch John help a university prevent data theft before it happens

[youtube http://www.youtube.com/watch?v=0eveXtEku9M&rel=0]

Universities Have a Distinct Advantage in the Fight for Data Privacy

There is genuinely optimistic news amidst the gloom and doom. Because of their teaching facilities, their communication channels and their understanding of pedagogy, universities small and large are uniquely equipped to train campus wide on the simple steps to keep private data secure before it is breached. But it takes the right speaker to introduce security in such a way that it connects with a mixed audience–student and faculty, young and wise, technologically-oriented and digitally-challenged.

John Sileo sets the standard for presentations that get students, faculty and administrators to emotionally connect to the critical nature of privacy, security and identity protection. Using his own personal story of identity theft, John interacts with your audience to gain “buy in” to the increasing importance of securing identity in a mobile-driven, social-media-dominated world.

“If the presentation is boring or overly technical, the campus won’t listen, won’t learn. John is anything but boring…”

Video: Hear what university leaders have to say about John’s ability to make it personal

[youtube http://www.youtube.com/watch?v=eByEVFdF5pY&rel=0]

John has spoken extensively for other universities to increase awareness on privacy, security and identity. Unfortunately, he’s usually brought in AFTER THE BREACH and asked to sign confidentiality agreements that don’t allow him to disclose his work with the university. And if there is someone that respects his client’s right to privacy and confidentiality when requested, John is it. We can say that John has worked with top ranked universities in California, Colorado, Connecticut, Massachusetts, Maryland, South Dakota, Nebraska, Florida, New York, Pennsylvania , Washington D.C., Utah, Wyoming and Virginia. We hope that your university/fraternity/organization chooses to proactively address the problem like those public references listed below:

Listen to what Universities have to say about John’s presentations

Wellesley College“Your presentation had the audience engaged from the first moment you started speaking. Data security is so often such a dry topic that it can be very challenging to get our users to listen to anything we have to say (let alone to show up). Your personal stories were both heart wrenching and thought provoking, and they provided an important backdrop for the lessons you were teaching. And you did all of this with humility, and a wonderful sense of humor, that caputred the audience’s attention. When people were leaving the event, many told me it was the best presentation they had ever seen and it was unanimous that was time well spent.”

— Donna Volpe Strouse, Information Security Officer, Wellesley College


UMASS“John’s presentation was excellent. He has a unique and skilled way of connecting with the audience and relating personal security to university security initiatives.”

“Felt like a knowledgeable friend grabbed me by the shoulders, slowed me down and saved me from getting into trouble.”

Engaging and entertaining delivery of what is typically a dry topic – it makes the message stick.”

“Compelling, persuasive, intelligent, common sense and passionate presentation that opens your eyes. Funny too!”

— Various CIO Coordinators and Attendees at the Six University of Massachusetts Campuses


Seal_of_Northern_State_UniversityThe most engaging speaker I’ve ever heard – period. As part of a campus-wide cyber-security awareness program, Northern State University hosted John Sileo on our campus. John’s presentation was the culmination of a month-long awareness campaign for faculty, staff and students and part of the National Cyber-Security Awareness Month. The presentation itself was of the highest caliber. John personally catered the content of his presentation to our unique and diverse audience members. John is an incredibly motivational presenter that can speak directly to any audience, of any age. Throughout his presentation, he actively engaged members of the audience, capturing and holding their attention. This engagement brought a personal touch to the presentation and underscored the importance of his message. I would highly recommend John Sileo as a presenter or guest speaker. His expertise, friendliness, and professionalism are exemplary.”

— Debbi Bumpous, Chief Information Technology Officer, Northern State University


Foundation_LogoThe Delta Gamma Foundation is the heart of the Delta Gamma Fraternity… One of the most successful programs we offer our collegiate and alumnae members is our Lectureship in Values and Ethics. Now present on 15 campuses throughout the United States (with 4 more Delta Gamma chapters in the process of completing their lectureship), our lectureship series has featured such nationally acclaimed speakers as Colin Powell, Queen Noir, Maya Angelou, Barbara Bush, Gerald Ford, Jeff Probst and many more.

On June 18, 2010, at our 64th biennial Convention in Denver, CO, the Delta Gamma Foundation sponsored our Convention Lectureship in Values and Ethics. This lectureship is very special because it is presented to the entire Convention body. Our guest speaker was John D. Sileo who spoke on identity theft prevention… John captivated an audience of 900 ranging in age from 19 to 90 telling his personal story of theft identity and educating all of us to intellectually understand the importance of one’s privacy. John is a story teller who tells a compelling story with humor, intrigue and ongoing audience interaction. The presentation was outstanding.

Delta Gamma continues to receive positive feedback on John’s presentation and performance. On behalf of the Delta Gamma Foundation, we would strongly recommend John for any audience of any age. His story needs to be told and shared.

— Roxanne LaMuth, Delta Gamma Foundation


CSC Wordmark 208- 2006John Sileo is the real deal. He speaks because he has something to say, but also because he is interested in his audience! If you host speakers, do yourself a favor and hire John… he will remind you of all that is good about offering a speaker to an audience.

Loree MacNeill, Chadron State College



WWBD? (What Would Bond Do?) Five Steps to Secure Your Business Data

I finally got around to watching the latest 007 installment, Skyfall, and it appears even James Bond has entered into the world of Cyber Crime as he tries to protect a computer drive with a list of British agents from falling into the wrong hands.  And like the proverbial victims in a James Bond flick, you and your business data are under assault, even though it may not always be as obvious as getting thrown off a train.  Why?  Because your business data is profitable to would-be thieves. And for many of those thieves, that data is easy to get and the theft can be next to impossible to trace.

Sony PlayStation Network, Citigroup, Lockheed and several others have seen more than 100 million customer records breached, costing billions in recovery costs and reputation damage.  If it can happen to the big boys, it can happen to you.  If you don’t have Bond on your side fighting off the villains, take these steps to take to secure your business data:

Involve your employees. No one in your organization will care about data security until they understand what it has to do with them. So train them to be skeptical. When they’re asked for information, teach them to automatically assume the requestor is a spy. If they didn’t initiate the transfer of information (e.g., someone official approaches them for login credentials), have them stop and think before they share. Empower them to ask aggressive questions. Once employees understand data security from a personal standpoint, it’s a short leap to apply that to your customer databases, physical documents and intellectual property. Start with the personal and expand into the professional. It’s like allowing people to put on their own oxygen masks before taking responsibility for those next to them.

Stop broadcasting your digital data. Wireless data leaks two ways: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Have a security pro configure the wireless router in your office for WPA-2 encryption or better and perform a thorough security audit of your network. To protect your data on the road, set up wireless tethering with your mobile phone provider and stop using other people’s hot spots.

Eliminate the inside spy. Perform serious background checks before hiring new employees. The number one predictor of future theft by an employee is past theft. Follow up on the prospect’s references and ask for some that aren’t on the application. Letting prospective hires know in advance that you will be performing a comprehensive background check will discourage them from malfeasance.

Don’t let your mobile data walk away. Up to 50 percent of all major data breach originates with the loss of a laptop, tablet or mobile phone. Either carry these on your person (making sure not to set them down in airports, cafes, conferences, etc.), store them in the hotel room safe, or lock them in an office or private room when not using them. Physical security is the most overlooked, most effective form of protection. Also, have the security pro mentioned earlier implement strong passwords, whole disk encryption and remote data-wiping capabilities. Set your screen saver to engage after five minutes of inactivity and check the box that requires you to enter your password upon re-entry.

Spend a day in your dumpster. You may have a shredder, but the problem is no one uses it consistently. Pretend you are your fiercest competitor and sort through outgoing trash for old invoices, credit card receipts, bank statements, customer lists and trade secrets. If employees know you conduct occasional dumpster audits, they’ll think twice about failing to shred the next document.

Take these steps and you begin the process of starving data thieves of the information they literally take to the bank.  It will be a lot easier to sit back and relax- maybe even have a shaken martini- when you know your business is secure.

James Bond martini

John Sileo is an anti-fraud training expert and in-demand speaker on digital reputation, identity theft and online privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.







Your Online Data Security may be in Danger if you use Skype

Skype is often praised for being free to use, but your online data security may be the real price you pay.

A recent experiment conducted by Ars Technica, with the help of independent security researcher Ashkan Soltani, proved that Skype operator, Microsoft, just can’t keep its nose out of private messages.  Soltani and Ars Technica sent through four test links and discovered that two of them were clicked on.  Even though snooping is technically within its right due to the terms of use customers agree to, the Skype encryption assurance states:

“All Skype-to-Skype voice, video, and instant message conversations are encrypted.  This protects you from potential eavesdropping by malicious users.”

I guess they consider themselves exempt. Of course, Skype reserves the right to see personal details in order to delete viruses and protect against fraud. In other words, they intend to use this ability for your own good.

What makes this particular case tricky is Skype’s popularity in the business world as a platform for meetings and video conferences. Though this test only focused on private messages, it’s not a stretch to think that important business calls are also monitored, or could be.

Everyone should always consider the possible consequences of sending information over the Internet, and realize that even giants like Microsoft are not protecting your online data security.  There’s only one foolproof way to ensure your information is protected, and that’s to do it yourself, or seek out an expert to show you how. 

John Sileo is a social online data security expert and professional speaker on building digital trust. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Data breach sees millions violated in LivingSocial hack

Do you use the discount site LivingSocial? If so, your email and password could now be a little more “social” than you wanted thanks to a new data breach that occurred on April 26.

A data breach has punctured LivingSocial and resulted in the exposure of the personal information of at least 50 million users. The leaked information includes names, birthdays and email addresses – very useful pieces of data if you’re an identity thief trying to figure out a way to get into someone’s profile or make a profit selling that same information. But what makes this attack even more devastating is that hackers were also able to get a hold of encrypted passwords.  Even though the passwords were encrypted through processes called hashing and salting, it likely will not take hackers long to figure out the original passwords.

LivingSocial sent an email to its affected “LivingSocialites” shortly after the data breach informing them of the damage done and provided a direct URL to use for changing passwords.  They also reassured customers that payment information did not appear to have been compromised. Even so, this is a hugely significant event for anyone concerned about the often fragile state of data security.

Patching up the tear: a data breach recovery crash course

So, what can you do when you get a message like that in your inbox? The basic rule is to minimize the chance that the thieves will be able to use any of the information they’ve absconded with by doing the following:

  • Immediately log in directly to the site and change both your password and username.
  • Change your username and password on all other accounts that share the same data, such as your bank’s online login or your Facebook profile. Research shows that 65 percent of us use the same password for different applications!  (And hackers know that – guess what they’re going to go after?!)
  • Be on the lookout for scam emails that appear to be from LivingSocial and want you to click on a link. Don’t click on any links that ask you to reset your password. Visit the URL directly instead.
  • In general, be careful of what you click on. If in doubt, delete it out.

Leaving your accounts vulnerable after a data breach isn’t a risk worth taking. Proper measures are required anytime a situation like this occurs to make sure your assets don’t plummet to the ground and take your bottom line with it.

John Sileo is a data security expert and keynote speaker. His clients have included the Department of Defense, Visa, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Social media privacy? Facebook snoops even when you're not logged in

Despite its claim to being aware of social media privacy, Facebook continues to mine user activity for ad data. Now, it’s expanding beyond the boundaries of its site – and even your browser.

Though it claims to respect user privacy and keep its targets protected, Facebook is offering advertisers on its site a new way to narrow its audience through demographics based on specific purchases called “Partner Categories.” Beware of the rather innocuous official announcement which says that a local business could use it to find customers who may be willing to give them their business, according to recent purchases. The feature would accomplish this using third party data collection companies like Acxiom to build predictions based on what you have bought.

Previously, advertisers showed ads to us based on the interests we expressed on Facebook. Now, they have the added ammunition of knowing every product and brand we’ve purchased through our desktop or mobile.

Even if all of our secrets aren’t being revealed to these outside sources, this is still a breach of privacy. And what kind of slippery slope could this be sending us down?

It’s yet another area where anyone with a credit card can be observed without their knowledge. True, it’s hard to imagine a world without omnipresent advertising, and Facebook says this sort of technique has existed for a while. However, bringing it into the realm of online personal networking raises social media privacy concerns.

Advertisers now have even more specific ways to know what we’ve been buying and how that will affect our decisions in the future. It’s a chilling thought to those who would rather keep our shopping history private.

Social media risk management can get overlooked in the face of new developments. But as companies like this find more ways into our lives, it’s important to remember how much of our activity is being watched – and what we can do to protect ourselves. 

John Sileo is a social media privacy expert and keynote speaker on data security, fraud and reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Embarrassing hack has movie studio turning fifty shades of red

A hack doesn't always target your personal secrets or your bank account. If you're a celebrity, sometimes a rumor does enough damage on its own.

Ever since the naughty bestseller "Fifty Shades of Grey" arrived on the scene, the public has been wondering about the inevitable film adaptation. A recent announcement that former Harry Potter star Emma Watson would be the film's heroine must have come as a shock to many…including Watson herself. Because she hasn't actually been cast.

The news comes courtesy not of an official press release but a data security breach into German studio Constantin films that resulted in the leaking of documents, among them one confirming Watson's involvement. But the studio has denied that this is true, claiming that the compromised information is outdated.

Watson herself took to Twitter to address the incident, saying "Who here actually thinks I would do 50 Shades of Grey as a movie? Like really. For real. In real life." At least she's still got her social media reputation intact.  

These days, a studio has to be as concerned about its data security as its casting choices. It's just a good thing they figured this out before the wrong movie got made.    

John Sileo is a cyber security expert and keynote speaker on privacy, identity and reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.  

Why LifeLock might not be the identity theft monitoring service for you

Do you trust LifeLock to help protect your identity? The answer to that question can be just as crucial as the measures you take to monitor your identity on your own. 

With online theft as active as it is, many are trying to cash in by offering protection against hackers. But you’ve got to have a keen eye to pick the ones that are actually going to help you out. LifeLock is one of the most widely-seen internet security companies in the country – but then again, LifeLock has a record that makes its viability somewhat questionable.

Oakland news station KTVU recently reported the local story of a woman whose identity was stolen after signing up with LifeLock. An outside source managed to apply for a loan in her name without so much as an alert going to the woman in question. I’m sure that person is going to be more cautious with the identity theft monitoring service they choose next time.

But it’s not that surprising this happened, given that the company has what you may call “a checkered past.” Several years ago, LifeLock’s CEO Todd Davis infamously began a shocking ad campaign that made his Social Security number public. The idea was that LifeLock’s system was so secure that there was nothing anyone would be able to do with it and the information would be “useless to a criminal.” There was also a $1 million dollar “guarantee” that clients would be safe.

Want to guess what happened?

Davis was jabbed a reported total of 13 times by thieves who had a field day, opening new accounts left and right. On top of that, the company was fined by the Federal Trade Commission for $12 million dollars in 2010 for false advertising.

The lesson is pretty clear. Don’t trust big promises: look for real know-how instead.  Visit my identity theft monitoring service review here.

John Sileo is an identity theft expert and keynote speaker on privacy, identity and reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Last year there were 20 identity thefts per minute

Here's a pop quiz: how many incidents of identity theft do you think happened in 2012? How often do you think they occurred?

Maybe you're aware of threats to your personal information. Maybe you've already taken steps to prevent identity theft. But do you really know how common it is?

Ok, I know I kind of gave it away in the title of this post, but take a guess anyway.  A hundred thousand? Maybe a couple million?

The answer may shock you: there were 12.6 million cases last year, according to the 2012 Identity Theft Report by Javelin Strategy & Research. That breaks down to a new incident every three seconds, and it's higher than the year before. The total amount of money stolen through hacks and compromises was over $21 billion, and many victims of identity theft were targeted through their Social Security numbers. 

The consequences of a trend like this are devastating and affect all of us, not just the victims. The same article reported that 15 percent of those who had their information stolen stopped making purchases through smaller online companies for fear that their data would be insecure. Well, wouldn't you?

You don't have to be Nate Silver to see the big picture here: it's hard to rebuild the economy and improve your business when consumers are afraid to spend their money. When you lose your customers' data, you lose their trust first and their business, second.

Like a lot of unseen dangers, there's a tendency among people to ignore threats to online security until it happens to them. You might see a story about it on the news and feel bad for a moment, but it doesn't seem that urgent, and soon you're thinking about something else. This is a fatal misconception. Data security breaches are not isolated incidents that pop up once in a while: they're a constant stream of attacks, going on round the clock, seven days a week. The sooner we understand that, the sooner we might finally take steps to keep our assets safe, so next year's number isn't even higher.  

John Sileo is an online privacy expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.

Major cyber attack likely to happen this year, experts say

It's no secret that the U.S. is currently vulnerable to a debilitating online attack. But many top IT security professionals have predicted that something catastrophic is coming – and it could happen in 2013. 

"Spear phishing." 

It sounds kind of silly – the sort of phrase used to make these dramatic events even more sensational. But it's a real threat, and it skewered our gas pipeline systems repeatedly last year, as infiltrators scoured for information and wreaked all sorts of structural havoc. And that could be just the beginning.

Before the parade of high-profile hacks of the last few weeks, industry experts were already foreseeing a huge cyber security disaster. In January, the conference of the Information Systems Security Association sent a survey to IT gurus asking about the current strength of American online safety. Without specifying exactly which kind of disaster would occur, members of the conference were asked if they thought a major act of cyberterrorism could happen soon. The results were chilling, though unsurprising for anyone who's been paying attention: 79 percent of those surveyed said that a significant attack on our infrastructure will occur this year, and nearly 60 percent believed the government should step up and make more of an effort to keep Americans safe.

Polled members were a little more divided on where they thought the attack was most likely to strike. Some said it would target a financial organization, while others said things like oil, or even the sewage systems, could be commandeered. But the majority chose electricity, saying that our power grid is particularly vulnerable (better hope the hackers don't read Ars Technica).

Threats to our cyber security could come in all sorts of forms: power shutoffs, bank closings, air traffic control interference or something we haven't even considered. The world is slowly starting to wake up to the danger posed by such data security breaches, but we have a long way to go if we hope to keep a grip on our information – not to mention our basic utilities.  

John Sileo is a data security expert and keynote speaker on social media privacy and risk management. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.