Posts

Data Breach Expert John Sileo on Fox & Friends – Target Data Breach

Data Breach Expert John Sileo goes on Fox & Friends to discuss the 110 million records breached at Target.

Higher Education Features Cyber Security Expert John Sileo

Universities perfect learning environment for data security

Higher Ed Organizations are among the highest risk groups to become victims of identity theft and data breach. Because students are relative “beginners” when it comes to personal finances, because university environments are predicated on trust and credibility, and because of the recent progress towards a mobile-centric, social-networking-dominated campus, higher education’s digital footprint is constantly exposed to manipulation.

"The most engaging speaker I've ever heard - period"

“The most engaging speaker I’ve ever heard – period.”  Debbie Bumpous, NSU Chief Information Technology Officer speaking about John Sileo

“John Sileo was the secret sauce in launching our cyber security awareness program” – University of Massachusetts Director of IT

Universities are 357X more likely to be affected by data breach than the average organization. High profile cases, some of which ended in class action lawsuits against the breached university include the University of Nebraska (650,000 breached records at an estimated cost of $92 million), UCLA, Auburn, Delaware, and Texas. Data theft is bad for students, time consuming for the administration and a public relations nightmare for the university. John Sileo knows their pain first hand, as he is generally the person contacted by universities after they have been breached. 

Video: watch John help a university prevent data theft before it happens

Universities Have a Distinct Advantage in the Fight for Data Privacy

There is genuinely optimistic news amidst the gloom and doom. Because of their teaching facilities, their communication channels and their understanding of pedagogy, universities small and large are uniquely equipped to train campus wide on the simple steps to keep private data secure before it is breached. But it takes the right speaker to introduce security in such a way that it connects with a mixed audience–student and faculty, young and wise, technologically-oriented and digitally-challenged.

John Sileo sets the standard for presentations that get students, faculty and administrators to emotionally connect to the critical nature of privacy, security and identity protection. Using his own personal story of identity theft, John interacts with your audience to gain “buy in” to the increasing importance of securing identity in a mobile-driven, social-media-dominated world.

“If the presentation is boring or overly technical, the campus won’t listen, won’t learn. John is anything but boring…”

Video: Hear what university leaders have to say about John’s ability to make it personal

John has spoken extensively for other universities to increase awareness on privacy, security and identity. Unfortunately, he’s usually brought in AFTER THE BREACH and asked to sign confidentiality agreements that don’t allow him to disclose his work with the university. And if there is someone that respects his client’s right to privacy and confidentiality when requested, John is it. We can say that John has worked with top ranked universities in California, Colorado, Connecticut, Massachusetts, Maryland, South Dakota, Nebraska, Florida, New York, Pennsylvania , Washington D.C., Utah, Wyoming and Virginia. We hope that your university/fraternity/organization chooses to proactively address the problem like those public references listed below:

Listen to what Universities have to say about John’s presentations

Wellesley College“Your presentation had the audience engaged from the first moment you started speaking. Data security is so often such a dry topic that it can be very challenging to get our users to listen to anything we have to say (let alone to show up). Your personal stories were both heart wrenching and thought provoking, and they provided an important backdrop for the lessons you were teaching. And you did all of this with humility, and a wonderful sense of humor, that caputred the audience’s attention. When people were leaving the event, many told me it was the best presentation they had ever seen and it was unanimous that was time well spent.”

— Donna Volpe Strouse, Information Security Officer, Wellesley College


 

UMASS“John’s presentation was excellent. He has a unique and skilled way of connecting with the audience and relating personal security to university security initiatives.”

“Felt like a knowledgeable friend grabbed me by the shoulders, slowed me down and saved me from getting into trouble.”

Engaging and entertaining delivery of what is typically a dry topic – it makes the message stick.”

“Compelling, persuasive, intelligent, common sense and passionate presentation that opens your eyes. Funny too!”

— Various CIO Coordinators and Attendees at the Six University of Massachusetts Campuses


 

Seal_of_Northern_State_UniversityThe most engaging speaker I’ve ever heard – period. As part of a campus-wide cyber-security awareness program, Northern State University hosted John Sileo on our campus. John’s presentation was the culmination of a month-long awareness campaign for faculty, staff and students and part of the National Cyber-Security Awareness Month. The presentation itself was of the highest caliber. John personally catered the content of his presentation to our unique and diverse audience members. John is an incredibly motivational presenter that can speak directly to any audience, of any age. Throughout his presentation, he actively engaged members of the audience, capturing and holding their attention. This engagement brought a personal touch to the presentation and underscored the importance of his message. I would highly recommend John Sileo as a presenter or guest speaker. His expertise, friendliness, and professionalism are exemplary.”

— Debbi Bumpous, Chief Information Technology Officer, Northern State University


 

Foundation_LogoThe Delta Gamma Foundation is the heart of the Delta Gamma Fraternity… One of the most successful programs we offer our collegiate and alumnae members is our Lectureship in Values and Ethics. Now present on 15 campuses throughout the United States (with 4 more Delta Gamma chapters in the process of completing their lectureship), our lectureship series has featured such nationally acclaimed speakers as Colin Powell, Queen Noir, Maya Angelou, Barbara Bush, Gerald Ford, Jeff Probst and many more.

On June 18, 2010, at our 64th biennial Convention in Denver, CO, the Delta Gamma Foundation sponsored our Convention Lectureship in Values and Ethics. This lectureship is very special because it is presented to the entire Convention body. Our guest speaker was John D. Sileo who spoke on identity theft prevention… John captivated an audience of 900 ranging in age from 19 to 90 telling his personal story of theft identity and educating all of us to intellectually understand the importance of one’s privacy. John is a story teller who tells a compelling story with humor, intrigue and ongoing audience interaction. The presentation was outstanding.

Delta Gamma continues to receive positive feedback on John’s presentation and performance. On behalf of the Delta Gamma Foundation, we would strongly recommend John for any audience of any age. His story needs to be told and shared.

— Roxanne LaMuth, Delta Gamma Foundation


 

CSC Wordmark 208- 2006John Sileo is the real deal. He speaks because he has something to say, but also because he is interested in his audience! If you host speakers, do yourself a favor and hire John… he will remind you of all that is good about offering a speaker to an audience.

Loree MacNeill, Chadron State College

 

 

WWBD? (What Would Bond Do?) Five Steps to Secure Your Business Data

I finally got around to watching the latest 007 installment, Skyfall, and it appears even James Bond has entered into the world of Cyber Crime as he tries to protect a computer drive with a list of British agents from falling into the wrong hands.  And like the proverbial victims in a James Bond flick, you and your business data are under assault, even though it may not always be as obvious as getting thrown off a train.  Why?  Because your business data is profitable to would-be thieves. And for many of those thieves, that data is easy to get and the theft can be next to impossible to trace.

Sony PlayStation Network, Citigroup, Lockheed and several others have seen more than 100 million customer records breached, costing billions in recovery costs and reputation damage.  If it can happen to the big boys, it can happen to you.  If you don’t have Bond on your side fighting off the villains, take these steps to take to secure your business data:

Involve your employees. No one in your organization will care about data security until they understand what it has to do with them. So train them to be skeptical. When they’re asked for information, teach them to automatically assume the requestor is a spy. If they didn’t initiate the transfer of information (e.g., someone official approaches them for login credentials), have them stop and think before they share. Empower them to ask aggressive questions. Once employees understand data security from a personal standpoint, it’s a short leap to apply that to your customer databases, physical documents and intellectual property. Start with the personal and expand into the professional. It’s like allowing people to put on their own oxygen masks before taking responsibility for those next to them.

Stop broadcasting your digital data. Wireless data leaks two ways: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Have a security pro configure the wireless router in your office for WPA-2 encryption or better and perform a thorough security audit of your network. To protect your data on the road, set up wireless tethering with your mobile phone provider and stop using other people’s hot spots.

Eliminate the inside spy. Perform serious background checks before hiring new employees. The number one predictor of future theft by an employee is past theft. Follow up on the prospect’s references and ask for some that aren’t on the application. Letting prospective hires know in advance that you will be performing a comprehensive background check will discourage them from malfeasance.

Don’t let your mobile data walk away. Up to 50 percent of all major data breach originates with the loss of a laptop, tablet or mobile phone. Either carry these on your person (making sure not to set them down in airports, cafes, conferences, etc.), store them in the hotel room safe, or lock them in an office or private room when not using them. Physical security is the most overlooked, most effective form of protection. Also, have the security pro mentioned earlier implement strong passwords, whole disk encryption and remote data-wiping capabilities. Set your screen saver to engage after five minutes of inactivity and check the box that requires you to enter your password upon re-entry.

Spend a day in your dumpster. You may have a shredder, but the problem is no one uses it consistently. Pretend you are your fiercest competitor and sort through outgoing trash for old invoices, credit card receipts, bank statements, customer lists and trade secrets. If employees know you conduct occasional dumpster audits, they’ll think twice about failing to shred the next document.

Take these steps and you begin the process of starving data thieves of the information they literally take to the bank.  It will be a lot easier to sit back and relax- maybe even have a shaken martini- when you know your business is secure.

James Bond martini

John Sileo is an anti-fraud training expert and in-demand speaker on digital reputation, identity theft and online privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

 

 

 

 

 

 

Your Online Data Security may be in Danger if you use Skype

Skype is often praised for being free to use, but your online data security may be the real price you pay.

A recent experiment conducted by Ars Technica, with the help of independent security researcher Ashkan Soltani, proved that Skype operator, Microsoft, just can’t keep its nose out of private messages.  Soltani and Ars Technica sent through four test links and discovered that two of them were clicked on.  Even though snooping is technically within its right due to the terms of use customers agree to, the Skype encryption assurance states:

“All Skype-to-Skype voice, video, and instant message conversations are encrypted.  This protects you from potential eavesdropping by malicious users.”

I guess they consider themselves exempt. Of course, Skype reserves the right to see personal details in order to delete viruses and protect against fraud. In other words, they intend to use this ability for your own good.

What makes this particular case tricky is Skype’s popularity in the business world as a platform for meetings and video conferences. Though this test only focused on private messages, it’s not a stretch to think that important business calls are also monitored, or could be.

Everyone should always consider the possible consequences of sending information over the Internet, and realize that even giants like Microsoft are not protecting your online data security.  There’s only one foolproof way to ensure your information is protected, and that’s to do it yourself, or seek out an expert to show you how. 

John Sileo is a social online data security expert and professional speaker on building digital trust. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Data breach sees millions violated in LivingSocial hack

Do you use the discount site LivingSocial? If so, your email and password could now be a little more “social” than you wanted thanks to a new data breach that occurred on April 26.

A data breach has punctured LivingSocial and resulted in the exposure of the personal information of at least 50 million users. The leaked information includes names, birthdays and email addresses – very useful pieces of data if you’re an identity thief trying to figure out a way to get into someone’s profile or make a profit selling that same information. But what makes this attack even more devastating is that hackers were also able to get a hold of encrypted passwords.  Even though the passwords were encrypted through processes called hashing and salting, it likely will not take hackers long to figure out the original passwords.

LivingSocial sent an email to its affected “LivingSocialites” shortly after the data breach informing them of the damage done and provided a direct URL to use for changing passwords.  They also reassured customers that payment information did not appear to have been compromised. Even so, this is a hugely significant event for anyone concerned about the often fragile state of data security.

Patching up the tear: a data breach recovery crash course

So, what can you do when you get a message like that in your inbox? The basic rule is to minimize the chance that the thieves will be able to use any of the information they’ve absconded with by doing the following:

  • Immediately log in directly to the site and change both your password and username.
  • Change your username and password on all other accounts that share the same data, such as your bank’s online login or your Facebook profile. Research shows that 65 percent of us use the same password for different applications!  (And hackers know that – guess what they’re going to go after?!)
  • Be on the lookout for scam emails that appear to be from LivingSocial and want you to click on a link. Don’t click on any links that ask you to reset your password. Visit the URL directly instead.
  • In general, be careful of what you click on. If in doubt, delete it out.

Leaving your accounts vulnerable after a data breach isn’t a risk worth taking. Proper measures are required anytime a situation like this occurs to make sure your assets don’t plummet to the ground and take your bottom line with it.

John Sileo is a data security expert and keynote speaker. His clients have included the Department of Defense, Visa, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.