Tag Archive for: Fraud

BREACHED! Customer Data from Quest Diagnostics & Lab Corp

Within just a few days of each other, both Quest Diagnostics and Lab Corp, two of the largest blood testing providers in the nation, warned that millions of their customers might have had information breached. In both cases, customers may have had personal, financial and medical information breached due to an issue with the American Medical Collection Agency (AMCA), a billing collections service provider used by both companies.

Between August 1, 2018, and March 30, 2019, someone had unauthorized access to the systems of AMCA. Quest reported that the affected system stored information on roughly 11.9 million of its patients. In addition, LabCorp numbers could be up to 7.7 million customers.

“(The) Information on AMCA’s affected system included financial information (e.g., credit card numbers and bank account information), medical information and other personal information (e.g., Social Security Numbers),” Quest said in a filing with securities regulators. AMCA did not have access to actual lab test results.

Change Your Behavior After the Breach

If you, like pretty much EVERYONE I know, have used either of these services, follow the steps below to protect yourself against future attacks.

  1. Assume that your identity has been compromised. If you have been a customer of either company, don’t take a chance that you are one of the very few customers that aren’t affected. It’s not time to panic; it’s time to act.
  2. Read the explanation of benefits statement from health insurers to confirm that your charges are correct.
  3. I recommend placing a verbal password on all of your bank accounts and credit cards so that criminals can’t use the information they have from the breach to socially engineer their way into your accounts. Call your banks and credit card companies and request to place a “call-in” password on your account.
  4. Begin monitoring your bank, credit card, and credit accounts regularly.
  5. Visit AnnualCreditReport.com to get your credit report from the three credit reporting bureaus to see if there are any newly established, fraudulent accounts set up. DON’T ONLY CHECK EQUIFAX, AS THE CRIMINALS HAVE ENOUGH OF YOUR DATA TO ABUSE YOUR CREDIT THROUGH ALL THREE BUREAUS.

Take Action on Your Accounts

  1. Change your passwords. We hear all the time about stupid things people do when it comes to creating passwords; the most commonly used passwords in the United States for the past several years include “123456”, “password” and some variation like “password1234”. The bottom line is it is nearly impossible to effectively create and remember all the passwords we need to function in our daily lives. It seems there are two ways people handle this. They continue to use the same (usually poor) passwords over and over, or they do what I highly recommend and use a password manager program.
  2. Enable two-step logins. Two-step logins are when two separate passcodes are required to log in to one of your online accounts. One of the most common and popular forms is called text verification, and I’m sure you’ve already experienced it. That’s where you log in to your online account with your regular username and password, and then a secondary passcode is sent to your phone by text or even better, through an App like Google Authenticator. Without that second passcode, no one gets into the account.
  3. Set up account alerts. To monitor accounts quickly and conveniently, sign up for automatic account alerts when any transaction occurs on your account. As a result, if you spend even a dollar at a store, you receive an email or text notifying you of the purchase. If you receive an email for an amount you didn’t spend – bingo – you’re probably a victim of fraud.
  4. MOST IMPORTANTLY, FREEZE YOUR CREDIT. Some websites and cybersecurity experts will tell you to place a fraud alert on your three credit profiles. I am telling you that this isn’t strong enough to protect your credit. Freezing your credit puts a password on your credit profile so that criminals can’t apply for credit in your name (unless they steal your password too). Here are the credit freeze websites and phone numbers for each bureau. Learn more about freezing your credit by watching the video here.

Contact Credit Companies

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742


John Sileo loves his role as an “energizer” for cyber security at conferences, corporate trainings, and industry events. He specializes in making security fun so that it sticks. His clients include the Pentagon, Schwab and many organizations so small (and security conscious) that you won’t have even heard of them. John has been featured on 60 Minutes, recently cooked meatballs with Rachel Ray and got started in cyber security when he lost everything, including his $2 million software business, to cybercrime. Call if you would like to bring John to speak to your members – 303.777.3221.

Check washing & check fraud can dirty your spring cleaning

Check washing is so simple, you must learn to prevent check fraud

Are check fraud and check washing still relevant in the age of digital payments? If you’re like the average person, chances are you don’t write too many checks anymore. With the convenience of online payment options, nearly universal acceptance of credit and debit cards, and the proliferation of ATMs offering you easy access to money at every turn, why resort to the archaic, labor-intensive method of writing a check?

The simple answer—sometimes we have no other choice!  Some places still don’t accept credit cards (Costco if you don’t have an American Express), or they charge an extra fee for them.  Some retailers don’t offer online payment options.  And frankly, sometimes it’s just an old habit and we haven’t made the effort to find a safer option because we’re stuck in the mindset of “it’s never happened to me” when thinking about check fraud.

Yet, according to a recent AFP Payments Fraud and Control Survey, checks remain the payment type most vulnerable to fraud attacks. In an American Bankers Association Deposit Account Fraud Survey, 73% of banks reported check fraud losses totaling approximately $893 million. And perhaps scariest of all, the imprisonment rate for check fraud is only 2% according to a statement made by the Department of Justice.  So although it’s not as glamorous or high tech as some other forms of fraud, check fraud is very tempting to criminals. It’s often as easy as taking an afternoon stroll down a street looking for vulnerable mailboxes, and then doing a little bit of “laundry”.

Check Washing Check Fraud

One form of check fraud that hits home for businesses and individuals alike is check washing.  It is the practice of removing legitimate check information, especially the “Pay To” name and the amount, and replacing it with data beneficial to the criminal (his own name or a larger amount) through chemical or electronic means. We conducted our own experiment to see just how easy it is to alter a check.  Take a look at our results in the video above.

What can you do to prevent this form of check fraud from happening to you?  There are many steps you can take:

  • Always use high security checks with multiple check fraud and check washing countermeasures
  • Use security gel-based pens with dark ink 
  • Don’t leave mail containing checks in an unattended or unlocked mailbox  (i.e. w/ red flag up)
  • Buy a locking mailbox (one large enough for a postal carrier to put mail through, but not large enough for a hand)
  • Shred voided checks
  • Check your bank statements regularly and immediately when you receive them.  You have a limited time in which to report check fraud.
  • Put clear tape over important fields when mailing a check
  • Do not leave blank spaces on payee or amount lines
  • Have new checks delivered to your bank if possible so they are not sitting in your unattended mailbox

Businesses are highly susceptible to massive check fraud via check washing, because the balances in their accounts tend to be higher and more vulnerable. This simple change from regular checks to high security checks can drastically reduce your risk of check washing and check fraud.

John Sileo is CEO of The Sileo Group, and a  keynote speaker on cyber security, identity theft and business fraud prevention. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Stop Check Fraud with Security Checks

How to Stop Check Fraud and Check Washing

Check washing, a highly common form of check fraud, is the practice of removing legitimate check information, especially the “Pay To” name and the amount, and replacing it with data beneficial to the criminal (his own name or a larger amount) through chemical or electronic means.  One of the many ways to protect yourself against check fraud is so important that it deserves its very own article.

A foolproof way to protect your checks from being altered, whether by washing or by electronic means, is to use security checks offered by most companies.

Here are some of the features to look for when you’re purchasing High Security Checks.  These features will safeguard you not only against check washing, but other high tech forms of check fraud as well:

  • Safety security paper (visible and invisible fluorescent fibers, chemical-sensitive)
  • Foil hologram (cannot be reproduced by copiers or scanners)
  • High resolution border elements (intricate design is difficult to reproduce)
  • True watermark (cannot be reproduced by copiers or scanners)
  • Toner adhesion  (damage is visible if toner is lifted or scraped)
  • Void element (the word void appears if photocopied or chemically altered)
  • False positive test area (instant authenticity test with black light or counterfeit pen)
  • Complex pantograph background pattern and high-security colors
  • Thermochromatic ink (reacts to heat to deter copying)
  • Original document backing (deters cut and paste alteration attempts)
  • Chemical wash detection area (shows chemical alteration attempts)
  • Security warning box (becomes visible when photocopied)
  • Padlock icon (signifies that checks meet industry standards)

One more vital tip to foil the check washers: use a dark ink, gel-based pen, preferably one that states it is a security pen. Take a look at the video to the left to see how easy it is to wash a check if you are not using a high security gel-based pen. 

Yes, you may spend a few extra dollars for security checks and pens, but compared to the staggering cost of recovering from check-washing schemes (small businesses lose more than 7%  of their annual revenue to check fraud  – over $600 billion), it’s a drop in the bucket!  Your peace of mind and saved recovery time are worth it.

Checks Unlimited provides personal Securiguard checks with 7 advanced security features including chemical protective paper, microprint signature lines, and a 2 dimensional holographic foil that is irreproducible on copiers or scanners.  Their Security Center also offers fraud prevention tips and security products!

John Sileo is CEO of The Sileo Group, and a  keynote speaker on cyber security, identity theft and business fraud prevention. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

 

Fighting Friendly Fraud (Webinar): 5 Insider Theft Secrets to Protect You

Do you know what’s behind the masks your employees may wear? A staggering number of businesses falter and even fail because someone on the inside – an employee, vendor or even a partner – steals money, goods, data or intellectual property from the organization. Will yours be one of them? Not if you learn about the warning signs of fraudsters and the weaknesses in your current hiring procedures.

The strongest indicator that your business is at risk? Denial. If you have ever said to yourself, “My people would never do that,” or “were too small to be worth a fraudster’s time”, you are caught in a cycle of self-delusional naiveté. Most inside theft happens at the hands of a “trusted” team member. In fact, insider theft and fraud aren’t generally committed by experienced criminals.

In John Sileo’s webinar (video above), he shares his own history of experiencing a fraudulent case of insider theft that destroyed his small business, cost him nearly $300,000 and almost landed him in jail. His story will serve as the framework for five insider secrets that will help you and your business avoid his fate.

In Fighting Friendly Fraud, you will learn:

  • 10 Fraud Early Warning Signs
  • What goes on inside the mind of a friendly fraudster
  • Why good employees sometimes make bad choices
  • 5 Universal truths that underlie most types of fraud
  • Simple, inexpensive controls you can put in place to discourage fraud
  • Deterrence tactics to discourage the most devious inside spies

If you learn these five lessons, it will save you from learning others the hard way!

Protect Your Packages this Holiday Season!

Almost 20 billion packages will be delivered through the mail this holiday season. Even at $5 per package, that’s more than $100 Billion in value going through the mail–a scale too large and tempting for criminals to ignore.

Why do thieves target us during the holidays? In addition to the volume and value of holiday mail, criminals are taking advantage of the perfect winter storm:

  • Trucks are overloaded, mail & UPS carriers are overworked and shoppers are overwhelmed, which makes theft easy and attractive
  • Thieves take advantage not just of our good nature during the holidays, but of how distracted we are
  • Criminals see our generosity of giving as a goldmine waiting to be exploited

But picking packages off of your doorstep isn’t the only type of crime that skyrockets during December. Thieves don’t just want to steal the gifts inside your packages, they want the identity information that goes along with them: credit card numbers, bank accounts, invoices, even the checks that grandma sends in a holiday card. Check washers want to soak your checks in acetone, erase the Pay To field and replacing it with the word CASH.

How do we protect our mail and packages during the holidays, or any day?

  • Install a locking mailbox at your home and retrieve your mail early in the day, before criminals have a chance to steal it
  • Get a PO box during heavy mailing times and use that address for packages, sensitive documents or payments
  • Instead of putting outbound packages in your mailbox, drop them directly at the post office. Even the blue USPS boxes are commonly emptied by thieves at night.
  • Tell Grandma to stop sending cash! It’s too easy to steal and impossible to trace.
  • If you must send a physical payment through the mail, use high security checks like those provided by Deluxe.
  • Use UPS or FedEx to ship packages so that you can track their progress, insure the contents and require a signature at the other end.
  • If you generally aren’t at home when packages are delivered, have them shipped to your work so that they don’t sit on your porch for hours.
  • Check out our 12 Days to a Safe Christmas for more tips on protecting yourself against cyber crime, party crashers and Facebook stalkers during the season.

Take these simple tips when sending gifts and cards and you won’t lose your valuable data and goods to the identity theft Grinches.

 

I Left My Credit Card @ The Restaurant, Now What?! – Privacy Project Episode #8

So I’m out to dinner with a professional speaker whose name I’ll drop so that you’ll be impressed. Larry Winget. Larry is the Pitbull of Personal Development and he’ll probably kill me for not putting a trademark after that title, because he owns it. If you have somebody in your life (kid, employee, boss) that doesn’t take responsibility for the life they lead and the work they’re supposed to do, Larry’s your man. Google his name and find out, or go to LarryWinget.com.

But back to my story. I treated Larry to dinner in Phoenix because I owe him a thousand meals for the coaching he gives me and we’re leaving the table when his wife (who is much nicer than Larry) asks if I’ve taken my credit card out of the folder. Nope. God I hate when that happens! Small oversight for someone who lives and breathes security and privacy. I left my card in the folder, on the table and was fully prepared to leave the restaurant!

Anyway, this brings up a good point. Now matter how much you know, no matter how hard you work at protecting your identity,sometimes you will slip up and be your own worst enemy. There are just simply times when identity is out of our control. But you don’t have to stress about it. A quick response solves a lost credit card without much pain. Take a look at the video for steps on what to do if you lose or misplace your card.

Identity Thieves Score Billions from the IRS and Taxpayers

Every dollar counts, now more than ever, as the government searches for ways to wisely spend our money. It’s dismaying to learn that an audit report from the Treasury Inspector General for Tax Administration (TIGTA) has found that the impact of identity theft on tax administration is significantly greater than the amount the IRS detects and prevents. Even worse, the “IRS uses little of the data from identity theft cases…to detect and prevent future tax refund fraud” according to Mike Godfrey, Tax-News.

  • The IRS is detecting far fewer fake tax returns than are actually falsely filed. 938,700 were detected in 2011. On the other hand, TIGTA identified 1.5M additional undetected tax returns in 2011 with potentially fraudulent tax refunds totaling in excess of $5.2B.
  • The study predicted that the IRS stands to lose $21B in revenue over the next 5 years with new fraud controls, or $26B without the new controls.
  • Key victims include the deceased, children, or someone who would not normally file a return such as lower income individuals that are not legally required to file.
  • A Postal Inspector in Florida uncovered a tax refund scheme whereby refunds were going into debit-card accounts via thieves using the social security numbers (SSN) of dead people. Direct deposit is preferred as it doesn’t require a mailing address, photo ID, name or a trip to the bank.
  • The IRS allows multiple direct deposits to the same bank account. A key finding in the report showed hundreds of tax returns were filed from a single address. In one case, 2,137 returns resulted in $3.3M in refunds to a home in Lansing, Michigan, and 518 returns resulted in $1.8M in refunds to a home in Tampa, Florida.
  • The IRS lacks access to 3rd party information to verify returns and root out fraud. It is issuing refunds in January before it can verify data from employers and financial institutions in March. This gap provides a huge window of opportunity for thieves.
  • The IRS is not gathering enough information to prevent fraud; i.e., how the return is filed, income information on the W-2, the amount of the refund and where the refund is sent.
  • New screening filters that can identify false tax returns before they are processed have the potential to diminish the number of fraud cases as well as other ongoing anti-fraud procedures employed by the IRS. It is placing a unique identity theft indicator on the accounts of the deceased. As of March, 2012, 164,000 accounts were locked, possibly preventing $1.8M in fraud.

Charles Boustany, the US House of Representatives Oversight Subcommitte Chairman, who sent a letter to the IRS demanding a full accounting for the agency’s continued inability to stop tax fraud related to identity theft, declared that “this report raises serious questions regarding the IRS’s ability to detect tax fraud…”. The lost federal money is extremely troubling but there’s another loss to consider – the potential to erode taxpayer confidence in our system of tax administration.


John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Roommate Identity Theft? Beware and Be Wise

It’s time for young adults to head off to college or move away from home for the first time. This is by far the highest risk group for identity theft for several reasons.  When these kids leave the nest, it’s the first time they are getting true financial independence, which they might never have been trained to handle.  They have access to credit cards, new bank accounts, and they’re managing it themselves.  That may be a huge red flag that there’s going to be trouble.  Secondly, they’re going into an environment where their stuff is not particularly protected.  They’re in a dorm room or apartment, they’ve got roommates that may need extra cash; they know they can take advantage of them.  So it’s a high risk environment.  The third reason is because they do so much online.  There’s so much social media interaction and that’s where tons of information is stolen. Take the steps listed below and talk to your newly-independent kids about implementing them.  It will help them out not just this year but will also help them build their financial future going forward.  Your identity is pretty much everything in terms of your net worth. You’ve got to take care of it now.

  • Secure Your Information: invest in a safe box and lock up any documents that contain private information such as bills, bank statements, checks, and credit card info.
  • Be Wise with the Information You Share: it’s our nature to trust our friends, family and roommates but they’re often the very people who assume your identity and wreak havoc with your financial future. Don’t make reference to any information that might be used as part of a password such as your mother’s maiden name, a childhood pet’s name, or the street on which you were born. That could be just the key that unlocks a private account.
  • Use Secure Passwords and Don’t Share Them: It’s vital to create secure passwords using upper and lower case letters, numbers and symbols. Be careful when logging in to inadvertently share your password with others (shoulder surfers).
  • User Paperless Billing or Get a P.O. Box: you’ll be sure to keep bills, bank statements and other personal information private if your roommate has no access to them.
  • Be Careful When Conducting Personal Business: wait until you are alone to call your bank to resolve an account issue or log into your student loan website.
  • Log Out of Accounts: if you share a computer, protect your personal accounts with passwords and always close your session by logging out. Though it might be convenient, don’t let your computer store user names or passwords. Keep personal computers locked and password protected when they aren’t in use.
  • Beware of Friends of Friends: roommates aren’t your only risk when living with others; remember that although you may have chosen your roommate, you haven’t chosen their friends and you can’t vouch for their integrity. If your roommate has no access to your private information, neither will their friends.

Your credit rating, your financial future, ability to borrow, job opportunities, even a criminal record can all be affected by identity theft. Why take the risk? Do everything in your power to protect your most valuable asset, your identity. Don’t become a victim of “friendly fraud.”

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

$10 Buys Thieves Access To A Dead Person's Identity

You may think your deceased loved ones are safe from having their identities stolen. Not true! The Death Master File contains data about millions of deceased people including the full name, Social Security number and other personal information. Though you’d think this would be carefully guarded, the Social Security Administration provides the file to the Department of Commerce’s National Technical Information Service (NTIS). NTIS, in turn, distributes it to more than 450 entities including state and local governments, hospitals, universities, financial institutions, insurance companies and genealogy services. Even worse, anyone can access the information through the NTIS website. The cost? $10 for one person or an annual subscription with unlimited access to all of the files of deceased individuals costs $995.

The Social Security Administration created the file to help financial institutions and businesses prevent identity theft by using the file to cross-reference applicants and customers to verify they’re not using a dead person’s identity. According to CNN Money, Senator Bob Casey, Democrat, Pennsylvania, said the agency is “inadvertently facilitating tax fraud” and has called for restrictions to be placed on access to the Death Master File. The IRS has been adding protections but it’s struggling to keep up with a surge in tax fraud. The Treasury Inspector General said in May that the IRS could end up doling out $26 billion in fraudulent refunds over the next five years. In a congressional hearing in May, IRS deputy commissioner Steven Miller said that as of mid-April, his agency had already flagged 91,000 tax returns that were filed under the names of recently deceased individuals.

About 2.4 million deceased Americans each year get their identities stolen according to ID Analytics. Besides taking revenue from the government, thieves steal the personal information to apply for credit cards, cell phones and anything that requires a credit check. And think of the toll it takes on the families that have just lost a loved one. Their grief is compounded by having to rescue that person’s identity. 

Because of the Freedom of Information Act, it’ll take legislation to restrict access to the file unless the Office of Management and Budget finds a way to limit access and cut down tax fraud. The best action you can take to protect your private information while you’re alive (and that will carry over in death) is to freeze your credit. A credit freeze is simply an agreement you make with the three main credit reporting bureaus (Experian, Equifax and TransUnion – listed below) that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time. Yes, freezing your credit takes a bit of time (maybe an hour of work), can be a little inconvenient when you want to set up a new account (that said, let’s face it, businesses want to make it as easy as possible to unfreeze your credit because they benefit when you set up new accounts and spend more money) and it can cost a few dollars (generally about $10 to unfreeze, a small price compared to the recovery costs of identity theft). And it is worth it! It’s like putting locks on your doors.

Since all states don’t allow you, by law, to freeze your credit, the three credit reporting bureaus have begun to offer credit freezes on a national basis. This is a major step forward in the prevention of identity theft, even if they are offering it for profit reasons (they make money every time you freeze/unfreeze your credit). If your state does not currently offer credit freezes by law, you can now apply with each credit reporting bureau individually. Regardless of where you live, freeze your credit today.A credit freeze doesn’t affect your existing credit – it doesn’t freeze credit cards, bank accounts or loans you already have. It only freezes access to your account unless someone has a password to get in. It’s like having a PIN number on your ATM card. It also doesn’t lower (or raise) your credit score.

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742

Yahoo Hacker Wake-up Call WILL FAIL (Data Breach)

Yahoo BreachA hacking group known as D33Ds Company leaked about 453,000 hacked email addresses and passwords of Yahoo Voices users in order to send a “wake up call” about poor data security practices at Yahoo. The information posted online was NOT restricted to YahooMail login credentials, but included Gmail, Hotmail, Aol and Yahoo user information. In the past few weeks, there have been similar breaches at LinkedIn, eHarmony, Formspring, Nvidia, and AndroidForum. Whazzzup?

Corporations are clearly ignoring warnings that are now commonplace from privacy and security experts: protect your customer data or lose stock value, subscribers and ultimately, your brand reputation.

The average business will NOT take responsibility for preventing a similar breach of their data until AFTER THEY GET HIT. Which is why 95% of companies will hit the snooze button on the wake-up call.

Here is a short list of the mistakes made by Yahoo (and lessons learned) that your company should implement (unfortunately, only 5% of forwarding-thinking companies will do something about):

  • The credentials file (which contained the usernames and passwords for Yahoo sites as well as Microsoft, Google and others) was stored in both an encrypted (good) and unencrypted (bad), text format. Translation: Yahoo started to take steps to protect themselves but didn’t finish the job of applying a secret code to the sensitive parts. Lesson: Intention isn’t good enough in business, you must have follow-through and accountability built into your culture of privacy. 
  • Yahoo didn’t adequately protect against one of the most damaging and common types of attacks (known as a SQL injection attack), which suggests that they didn’t have all of their operating system and security software up to date. Lesson: New year, same old story. For years, businesses have been skipping the simplest of anti-hack fixes – update your software.
  • Yahoo failed to require their users to implement strong passwords (hey, that’s our fault as users, too – we have a responsibility to use strong passwords). In this case, it would have done nothing to protect the end users, but in most cases it does. Lesson: Force strong passwords on your users. They’ll get over the pain and will thank you when they don’t get breached. 
  • Yahoo didn’t salt the passwords as part of their protection. Lesson: Don’t even ask what salting is, just have your tech team implement it as part of your encryption.
  • Yahoo was counting on a third-party to provide security software for their assets. Remember, no one cares about your data like you do, and that doesn’t mean you shouldn’t get the right help when you need it. Lesson: If you use a third party, make sure that you perform the correct due diligence when choosing the vendor and implement proper oversight to make sure they’re doing their job.

If you don’t hand this article to your techies and ask them to prevent the same from happening to you, you will have missed the wake-up call just like everyone else.

John Sileo is an award-winning author and keynote speaker on data security, breach and online privacy. He is CEO of The Sileo Group, which helps raise the PrivacyIQ of organizations of all sizes. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentations or watch him on Anderson Cooper, 60 Minutes or Fox Business.