Will breach-proof internet eliminate need for data security training?

Although there is a great deal of excitement over the concept of a breach-proof internet, for now Data security training is the only foolproof protection businesses have against the Syrian Electronic Army, Chinese hackers and a host of other internet-based attackers.

Such attackers know that employees tend to be the first line of defense against hackers targeting businesses and they’ve been succesfully breaching sensitive data—financial records, trade secrets and personal information — in more and more high profile cases.

But what if the internet was “hacker-proof”?

Researchers at Los Alamos National Labs in New Mexico believe they have found a way to use quantum physics to cloak internet communications.  Businessweek explains that this method, which researchers call “network-centric quantum communications,” uses “digital keys, generated by a truly random set of numbers, theoretically [leaving] hackers with no way to figure out the key’s internal coding.”

As you might imagine, it’s a complicated process, and one that is not without its flaws:

  • Cost: The going rate for a quantum-secured, impenetrable defense plan for just one business is “tens of thousands of euros” per year. That’s considerably higher than your average corporate VPN or intranet service.
  • Scope: Quantum messages can only be sent between two parties. That means no “reply all” option or sharing folders of information with multiple recipients.
  • Distance: Has your email service provider ever stopped you from sending a message to a recipient more than 100 miles away? Quantum messages may be hack-proof, but they can only be sent about that distance before parts of the transmission fade away.

These aren’t just minor hang-ups. We’re accustomed to our online interactions being free (or at least limited to the cost of Wi-Fi), with no real limitations on the size or locations of the audiences with which we interact.

The internet is like the modern U.S. highway system. It’s (relatively) free to use and you can go wherever the open road takes you. Using the quantum-powered internet is the equivalent of riding a streetcar or trolley everyday after driving your whole life. There’s less risk of getting into an accident than when you get behind the wheel of your own car, but the tracks limit where you’re able to go and how fast you can get there.

Until a truly hack-proof, efficient internet exists, data security training is a drivers’ education course for those who need a refresher course on how to keep their personal and corporate information safe.

John Sileo is a data security training provider and in-demand speaker on digital reputation, identity theft and online privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Online identity nightmare: will Twitter meet the challenge? Will we?

The jaw-dropping attack on the Associated Press last week may finally cause Twitter to start safeguarding our online identity – and it may even jolt us out of our apathy.

We’ve seen serious Twitter breaches for months. Hackers have damaged the digital reputations of major corporations and cultural groups. But Tuesday, the whole world was jolted when hackers falsely sent an AP tweet reporting that there had been two explosions at the White House. Within seconds, investors unloaded $139 billion worth of stocks, as reported by AP. Not all those investors were human; many were computers on autopilot doing high-speed trading. But the consequences are just as real and far reaching.

The ease with which organizations like the Syrian Electronic Army or LulzSec can infiltrate a powerhouse like Associated Press alerts us as to how vulnerable our digital footprint is. The universality of this threat is very real. Don’t be lulled into complacency because you think you’re not as attractive a target as AP. Hackers will continue to test the limits of our online identity security, especially on a platform like Twitter where messages can easily be deceptive or misinterpreted. Anyone with an internet connection has something to lose.

Shortly after the AP breach, better user-authentication was demanded by users and Twitter finally took notice, declaring it would make passwords stronger. Twitter announced it will soon implement the two-step process of authentication similar to that used by Google and Facebook. I doubt anyone today is skeptical about how much damage can be caused by a mere 140 characters.

Another security measure is available to ensure that a user is the only one logging into their account. If an unregistered device (e.g., not your home computer) attempts to gain access, a verification code can be sent to a registered device like a smartphone, reducing the risk of an unauthorized user.

Twitter is not alone in protecting our online identity

Effective security checks don’t let us humans off the hook. All the security checks can swoosh down the drain with one click on a bad link. Though we’ve been hearing it since the days of AOL and dial-up, if you don’t recognize the sender or you feel even a slight suspicion of the link, don’t click on it.

Your online identity, or digital footprint, is a composite of everything you watch, post and link to. When it’s compromised, how you are seen by others can be forever changed. Twitter’s response to the breach acknowledges that national security is at stake and signals a desire to encourage security for its users. It’s your responsibility to stay alert and take every possible precaution to protect your digital footprint.

John Sileo is an online identity expert and keynote speaker on digital security, reputation protection and social media privacy. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Once you go hack, you’ll never go back: Facebook scheme wreaking havoc on digital reputation

Facebook identity thefts are nothing new. The social media site has been the vehicle for all sorts of fake links and bots in years past. But a new trick that could threaten your digital reputation is proving particularly insidious. 

If you get a message to “Experience Facebook Black” sometime soon, you’d be advised to turn it down, unless you’re OK with your digital reputation being hijacked. This latest hack could spread malicious software without you or your Facebook friends even knowing until it’s too late.

The scam allegedly works by offering users the chance to change the color of the Facebook background to black – and then asks for users to respond to a series of questions by giving out information. Of course, the promised color conversion is a lie: play into the hands of this fraud and you’ll just wind up as a means of spreading it further, with your information used to make a dummy page to trick your connections.

It appears to be yet another example of an attack that exploits Javascript, and it has proven pervasive enough to get attention from Google, seeing as its browser Chrome can also be affected.

Social media exposure is a larger problem that demands the focus of big companies and anti-spyware professionals. But much of the prevention boils down to basic user habits. Specifically: don’t trust suspicious links, don’t click on something you don’t trust, and don’t sign up for apps that direct you to an outside source. Your information can make other people money, and if you’ve put it on the web, then it’s ripe for the taking. Making use of an online reputation consultant can help companies learn how to safeguard their personal data – before someone else paints it black.

John Sileo is an online reputation consultant and keynote speaker on identity, privacy and digital reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

InsightOne20 Small Business Conference in Los Angeles

Those interested in how to prevent identity theft can attend the InsightOne20 conference on March 16, where John Sileo will be presenting along with Seth Godin. Guests can register for the event on the InsightOne20 website.

The presentation, entitled “Spies, Hackers and Facebook Attackers: Bulletproofing Your Privacy & Profits in the Digital Age,” will contain information and instruction on how best to avoid the pitfalls of digital privacy and social media. The conference is hosted by City National Bank, and is considered a premiere event for small businesses. It will take place at the LA Convention Center.

Businesses of all sizes have many risks to consider when it comes to the stakes of modern commerce. Social media and even basic online browsing bring with them a host of dangers that concern your digital reputation. But the risk is especially palpable for startups and growing companies that may not yet have a strong security network in place. All data is valuable, and this presentation will seek to impart some wisdom about the best way to keep your information secure while promoting healthy online habits.

The internet isn’t going away, and there’s no use denying the importance social media and online privacy has in both our personal and professional lives. That’s why it’s now even more necessary to take the proper steps to control your digital reputation then ever before. The recent glut of attacks on corporate titans has made this a crucial part of the national conversation – don’t be left out of the loop.

Guests can register for the event on the InsightOne20 website.

John Sileo is a digital reputation expert and keynote speaker on privacy, identity and social media. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business. 

CEOs taking notice of online privacy threats?

Threats to online security have been coming thick and fast. But a new study shows that CEO's may finally be taking notice. Is that enough?

If there's an upside to the recent rash of hacks and digital subterfuge, it may be that businesses are beginning to see the ugly reality of online privacy exposure. According to the Wall Street Journal, a study by analysts at AIG recently showed that more executives are concerned about breaches than harm to their property. Eighty-five percent of executives polled placed more emphasis on their information and digital reputation than their physical holdings. 

Awareness is one thing, but are these executives putting their money where their mouth is?

It appears so. Studies show that there has been a corresponding increase in the amount of money recently spent by retail companies on cyber security measures and experienced anti-fraud experts. It's remarkable what a little bad press (hacking of the New York Times, Wall Street Journal, Twitter, Evernote) will do to motivate previously complacent companies.

As precious as your material property may be, it's not being targeted at all times like your data, which is under automated 24/7 attacks by hackers in their pajamas. Breaking into a house carries a great deal of risk, but hacking your email or bank account can be done from anywhere, anonymously, and with little chance of being caught. Unlike burglars, the cyber thieves that steal your personal information aren't very likely to leave behind a trail.

While it's good that executives appear to be getting the message, there's no substitute for proper cyber security training. Behind all of the technology and at the source of every data breach is a human being (generally, a poorly trained human being). Security isn't a department, it's a system of beliefs that must be instilled in your people. And when those people take protecting your data as seriously as they do their homes, then you've made progress.

John Sileo is a cyber security expert and keynote speaker on privacy, identity and reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.