Tag Archive for: John Sileo

Information Offense – How Google Plays

Google recently offered $20,000 to the first person who could hack their web browser, Chrome. Without question, a hacker will crack it and prove that their browser isn’t as mighty as they might think.

So why waste the money?

In that question, ‘why waste the money?’ lies one of the root causes of all data theft inside of organizations. Google’s $20,000 investment is far from a waste of money. Consider:

  1. The average breach inside of an organization costs $6.75 million in recover costs (Ponemon Study). $20,000 up front to define weak points is a minuscule investment.
  2. Chrome is at the center of Google’s strategic initiatives in search, cloud computing, Google Docs, Gmail, displacing Microsoft IE and mobile OS platforms – in other words, it is a very valuable asset, so Google is putting their money where their money is (protecting their profits).
  3. By offering up $20,000 to have it hacked IN ADVANCE of successful malicious attacks (which are certain to come), Google is spending very little to have the entire hacker community beta test the security of their product.

I would bet that there will be tens or hundreds of successful hacks into their browser, all of which will be fixed by the next time they commission a hack.

Anticipating the inevitable attacks and investing in advance to minimize the chances and resulting costs of a breach is a perfect example of Information Offense. Instead of waiting for your data to be compromised (defense), you take far less costly steps up front to deflate the risk. Only the most enlightened leaders I work with inside of corporations understand the value of spending a little bit on security now to reap huge benefits (in the form of avoided losses) down the road.

Too many leaders are so focused on the revenue side of the model (most of them are from a sales background) that they lack the depth of seeing the entire picture – the long-term health and profitability of the company. You know the saying… an ounce of prevention being worth a pound of cure. Just think of the ounce being loose change and the pound being solid gold.

Marshall Goldsmith, the executive coach, nails the behavior behind this phenomenon in his book, What Got You Here Won’t Get You There,

Avoiding mistakes is one of those unseen, unheralded achievements that are not allowed to take up our time and thought. And yet… many times, avoiding a bad deal can affect the bottom line more significantly than scoring a big sale… That’s the funny thing about stopping some behavior. It gets no attention, but it can be as crucial as everything else we do combined.”

Listen to Google and Mr. Goldsmith, and avoid the mistakes before you make them by asking yourself this simple question: How can I refocus my efforts and resources on playing offense rather than defense?

John Sileo’s motivational keynote speeches train organizations to play aggressive information offense before the attack, whether that is identity theft, data breach, cyber crime, social networking exposure or human fraud. Learn more at www.ThinkLikeASpy.com or call him directly on 800.258.8076.

Avoid Super Bowl Scam

With any big sporting event comes the opportunity for thieves to take advantage of desperate fans. This rings true with the upcoming Super Bowl match between the Packers and the Steelers (appropriately named, but incorrectly spelled for this post on theft). Whether you watch the game for the fun commercials or to root for your new favorite team (sorry, Broncos), we can all agree that Super Bowl Sunday is almost a national holiday. With any holiday comes predators looking to take advantage of distracted and unsuspecting fans.

Here are a few Super Bowl themed scams that you should be aware of:

Fake Tickets. According to the NFL, in recent years, between 100 and 250 football fans have shown up to Super Bowl games with bogus tickets. Before booking a hotel room and hopping on a plane to Dallas make sure that you have legitimate tickets to the big game.

Michelle Reinen, director of the Bureau of Consumer Protection says, “Actual Super Bowl tickets are printed on thick, heavy paper with bar-codes, holograms and raised ink. In addition, the NFL says the tickets include heat sensitive logos that disappear with the touch of a thumb.”

Phony Sweepstakes. Avoid clicking on Super Bowl sweepstakes offers, which may feature trips to the big game or other related prizes. These e-mails could be part of a larger scam to get you to fork over funds for a chance at tickets, or scammers could be enticing you to click on a link that will download malware or other viruses onto your computer.

Treat these emails as you would any suspicious email and delete it from your inbox. Never click on unknown links.

Travel Scams. Looking to score big on a Super Bowl travel package? Be careful, because scam artists love to dream up new tricks for major sporting events. People traveling to Dallas for the game should book their travel accommodations carefully. When big games are in the works, people will often find offers that charge hidden fees for items, like tickets, that they thought were included. They may also not be booking you into the exact hotel you think you are getting. Instead of staying at the Lowes Arlington, you find yourself at their sister property in Amarillo. Book hotels directly through the hotel, or if you go through Hotels.com, Travelocity, Hotwire or Expedia, call the hotel after the reservation is made to verify what you are getting.

My biggest tip to avoid becoming the victim of a scam is to Be Skeptical. If an offer seems to good to be true, it probably is. Question everything and get verification to make sure that your Super Bowl Plans go as smooth as possible.

John Sileo is the award-winning author of the fraud prevention book Privacy Means Profit and speaks on information offense, identity theft prevention and data breach avoidance. His clients include the Department of Defense, Pfizer and the FDIC. To learn more, contact him directly on 800.258.8076.

How to Hide Yourself on Facebook (Hide on Facebook)

While delivering an internet privacy keynote presentation for a large organization that was very interested in best practices for business, I was asked a very interesting question:

Can I use Facebook to log in to other sites and to keep track of friends without allowing the social network to share my information the other direction?

In reality, it’s difficult to just up and quit Facebook completely, but it’s not that difficult to hide on Facebook. Many users want to mine the social network like the proverbial fly on the wall. They want to watch what is going on in other people’s lives without them seeing or commenting on what is going on in yours. You might use your Facebook login credentials to centralize access to other sites (e.g., log in to Twitter with your Facebook credentials). Or you may want to keep it open so that your username isn’t made available to someone else. So how do you drop off of the Facebook radar without completely closing your account? The steps below are the closest approximation we’ve come up with to going underground.

  1. First go to Facebook.com and log in.  Click the padlock symbol containing your “Privacy Shortcuts” in the top-right corner.  You will see three main options, plus a chance to “See More Settings”.
  2. Start with “Who Can See My Stuff?”, which has three subcategories.  Depending on how much you want to hide, you can select Friends or Only Me or even customize it to very specific groups.  Change by clicking on the tab next to your current setting.  This section also allows you to review old posts and things you’re tagged in and to see how others view your timeline based on the privileges you’ve set. The more items you restrict to Only Me, the less visible you become to the outside world. Please realize that Facebook reserves the right to publish certain items about you no matter how tightly you restrict your settings. Visit their Data Use Policy for details.
  3. The second category is “Who can contact me?”  You can choose basic filtering (which Facebook recommends, but won’t keep your profile very private) or strict filtering.  Here is where you also select who can send you friend requests (everyone or friends of friends).
  4. The final category is “How do I stop someone from bothering me?”  (This is the infamous “unfriend” section.)  This gives you an option to put in a specific name or email address.  This will prevent them from writing to you or from seeing anything you post.
  5. When you click on “See more settings”, you will notice some duplicate sections.  The important area here is the last one, “Who can look me up?”  It allows you to choose who can contact you with your email or phone number as well as allowing search engines to link to your timeline.

That should do it to hide on Facebook in most situations.  Remember, this is a social network, so to some degree, you will always be sharing your information with someone. To get even more in depth in creating your privacy settings, click on the arrow pointing down in the top right hand corner of your page and select “Settings”.  From here you can review everything from timelines and tagging to management of apps.  It’s fairly user friendly; just click on a category and then the bolded words or “edit” options and you’ll get a complete explanation of your options with clear-cut directions.

If you really do want to delete your Facebook account completely, here’s how.

Internet Privacy Expert John Sileo Demonstrates Why Most Keynotes Fail: Boredom

[youtube https://www.youtube.com/watch?v=VgwQPhpRPd0&rel=0]

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael RayAnderson Cooper & Fox Business. Contact him directly on 800.258.8076.

How To Control Your Privacy Online

Identity theft is all about control. Who has control over your personal and financial information? Is it you, or the criminal on the other end of your computer using your information to apply for a credit card?  Losing control of your personal information can be all too easy online. But by taking some precautions, you can maintain privacy while safely surfing the internet.

Here are 5 tips to protect your privacy online:

1. Adjust social-network privacy settings

Facebook has been working to simplify their privacy settings, but they can still be confusing to the average users. Spend about 10 minutes a month making sure that your privacy settings are what they should be and are actually protecting your privacy.

To get there, log in to Facebook, in the top right of your screen it should say “Account” when you scroll over or click on that tab you can see you Privacy Settings. Click here for a step by step process of how to adjust your privacy settings.

Twitter, another popular social network, also lets you lock your account from public view. In settings, there’s a feature called “protect my tweets.” They have had breaches before, so it is always good to take every precaution you can to protect your information.

2. Frequently Change Passwords

It is good to rotate passwords on sites you use often. Especially sites that hold your financial information. Every 6 months or so you should change your passwords just in case someone has access to your online profile. A good way to keep track of these passwords is with a password keeper such as 1password. This way you can store your passwords to all sites in one place and use a master password to gain access.

3. Opt-out of ad tracking

Online ad networks often install a small file on the computers of people who visit certain websites. These so-called cookies can log your surfing habits, allowing advertisers to tailor ads to your interests.

If you are trying to keep some online privacy then you should opt out. In the settings panel of your web browser make sure that disable cookies from third party websites. Most advertising companies use this information to directly target you with ads of products that you use. They know what items you purchase because they see where you go on line and keep a record.

4. Use a secure Internet Connection

Don’t browse private sites and look at personal or financial information while on a public wifi connection. Never shop online at your local coffee shop because you never know who may be spying on you with that very same open internet connection. If you are making an online purchase, looking at your online banking, emailing a personal story or photo, ONLY do so on a secure password protected internet connection.

5. Think before you post

While this may seem like an obvious suggestion, many people don’t do it. Posting that you are at your local watering hole at 3pm on a Thursday after you called in sick could get you in more trouble than you planned on. Uploading an embarrassing photo of yourself may cost you a future job. I know of a company that didn’t hire a candidate for a position because when they checked out her Facebook profile her status was “I just need a job – ANY Job!”. That made her less appealing to hire than other candidates that were less vocal on their pages.

Use your brain. Posts are public, permanent and exploitable.

To learn more and begin to build your own good privacy habits order your copy of my latest book Privacy Means Profit Today!

Wiley & Sons has just announced my latest book, Privacy Means Profit, will be available in stores and online August 9, 2010.  This book builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

Click Here for More Information

Opening Pandora's Privacy Box

I am a huge fan and frequent user of Pandora, the internet radio station that plays songs based on learned music preferences (if you like the Avett Brothers, it knows you will probably also like Dave Matthews, etc.). Pandora is an overwhelmingly popular online radio network app for computers, smart phones and the iTouch. It provides listeners with an informed collection of songs and play-lists based on a comprehensive analysis of over 400 qualities of a song that make it specifically appealing to you. While the financial cost to users appears at first site to be nothing (if you don’t mind the occasional ad), the privacy cost can be exponentially high with Pandora selling your web-surfing habits to advertisers.

Pandora clearly states in its FAQ that they are sharing information such as your age and gender with advertisers.

“…the free version of Pandora is mostly supported by advertisements, and we want to be able to show the most relevant ads to our listeners… Since this means that you’re more likely to see an ad that’s relevant to you, we hope it’s a good thing for our listeners as well as for our advertisers, and therefore also for Pandora as a whole.”

So are they sharing more sensitive identity information? While Pandora admits that they share your age and gender, a recent Wall Street Journal Article says they are sharing more. They state that Pandora shares age, gender, location, and phone ID information with marketing firms on both its iPhone and Android mobile versions. So while advertisers won’t have your name and email address, they’ll get their hands on a lot of info about your mobile phone behavior.

Just remember when you log into Pandora and stream your free music play list, there is a cost. When you are getting something for “FREE”, there is always a cost, and it’s often your personal information. While you may not be able to immediately understand the financial impact of this, just know that your privacy is slowly flowing out of your control – one song at a time.

To increase your privacy on Pandora, visit www.pandora.com/privacysettings and restrict access as much as possible.

Is your organization trying to stem the flow of information leakage via identity theft, corporate espionage, data breach and social networking exposure? Contact keynote speaker John Sileo to inspire your audience to change their poor privacy habits from the inside out.

Facebook Reveals the End of Your Privacy | Sileo

The many changes that Facebook has been making recently have users nervous. Nervous because they are lacking the control that they once had over their privacy on the social networking site. While Facebook has never been the mecca of privacy, the recent and swift changes they are making has created more of an issue for users. One by one they are voicing their concerns with the new features and why they feel Facebook is slowly revealing the end of your privacy.

Facebook and privacy issues go hand in hand.

Here are a few of the new features; although they are snazzy, they have many users concerned.

User IDs 

With only your email address on hand, data miners can easily match it with the new user ID that has been issued to you. Basically, the ID provides your name and profile picture no matter how your privacy settings are set. This can also include your hometown, photos, friends, and more depending on how strict your settings are. This gives companies the ability to advertise to you. If you are a young female living in Austin, Texas, there are literally thousands of products that can be marketed to you just using that information alone.

Face Match or Tag Suggestions

When you are uploading photos to Facebook (as shown above), they will make “tag suggestions” of who should be tagged in your photo album. In other words, Facebook has the ability to know what you look like. This feature will be gradually rolled out over the next few weeks. In order to disable your “tagability”, you need to adjust your privacy settings. Just click ‘Customize Settings’ and de-select ‘Suggest photos of me to friends.’ Your name will no longer be suggested in photo tags, though friends can still tag you manually.

Switch Account

In a recent and unintentional Facebook leak, many users reported seeing a switch account tab. This feature gives you the ability to go back and forth between different accounts without having to log in and out. While this is easy for people who are administrators for certain pages, it is a privacy issue for users who want to have many pages in order to play out a scam.

Facebook Privacy Concerns

Facebook was built on the idea that users connect and share personal information with each other. It is up to the users to decide how much and to whom. The more you share, the stronger Facebook becomes and the easier it is to share that information with friends, strangers and advertisers.

While Facebook is consistently rolling out more features, users are having to update their privacy settings.  With so much personal information sharing, the real cost to our privacy is still unknown.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

[youtube https://www.youtube.com/watch?v=VgwQPhpRPd0&rel=0]

Cyber-Bullying and Social Networking Identity Theft

With the meteoric rise in cyber-bullying, parents are desperate to find a way to shield their children. Unfortunately, most parents are far behind their child’s proficiency with technology. Many don’t text, aren’t on Facebook, and are oblivious to the many ways in which kids can taunt each other with technological ease. Although children may be quick and nimble with technology, they lack the maturity to understand its consequences.

A recent article in the New York Times on Digital Bullying (read the MSN version here) addressed these very issues and gave true and heart-wrenching accounts of how parents were left helpless at the hands of their children’s online bullies. “I’m not seeing signs that parents are getting more savvy with technology,” said Russell A. Sabella, former president of the American School Counselor Association. “They’re not taking the time and effort to educate themselves, and as a result, they’ve made it another responsibility for schools.”

Kids have a great deal of anonymity on the internet if they want it, and can easily impersonate another child or steal their identity. This modified form of identity theft (character theft, I tend to call it), allows the bully to hide behind his or her computer with no real consequences for what they are saying. A scathing remark made in passing by one child can haunt another child for the rest of their lives.

In a recent case, a young boy was taunted at school by classmates that claimed he was in turn bullying them on Facebook. He quickly became socially withdrawn until his mother looked on Facebook to see that someone with his name and picture was in fact taunting other students online. Except, of course, that it wasn’t him. Some fellow classmates had stolen his Social Networking Identity and set up a false Facebook account as if they were him. The bullies then berated other kids, attracting negative attention to the victim. The victim’s mother found out that it’s not so easy to stop this cycle.

For one thing, Facebook doesn’t make it easy to reclaim one’s identity. In the previous case, the mother had to contact police, who went through a process to subpoena both Facebook and the internet service provide to uncover the bullies’ identities. Only then were they able to shut down the account, but the damage to the victims reputation had already been done.

Some parents prefer to resolve the issue privately, by contacting the bully’s family. Although psychologists do not recommend that approach with schoolyard bullying, with cyber-bullying, a parent’s proof of cruel online exchanges can change that difficult conversation. So what do you say?

Approaching another parent can be awkward. Most parents see their children’s actions as a direct reflection of their ability to raise their child. This means they can easily become defensive and almost submissive of the actions. As quoted in the Times article, experts recommend you follow a script like:

“I need to show you what your son typed to my daughter online. He may have meant it as a joke. But my daughter was really devastated. A lot of kids type things online that they would never dream of saying in person. And it can all be easily misinterpreted.”

In most situations, the reporting parents should be willing to acknowledge that their child may have played a role in the dispute. To ease tension, suggests Dr. Englander, an expert on aggression reduction, offer the cyber-bully’s parent a face-saving explanation (like that it was probably meant as a joke). If they are willing to accept what happened, they are more likely to take action.

Parents need to be mindful that their children might be victims of cyber-bullying, and they need to be just as aware that their kids might be the cyber-bullies. Here are some steps to get you started down the right track with your kids:

  • Have short, frequent coversations over dinner about what it means to be cyber bullied
  • Establish a no-tolerance stance on your child bullying anyone, in person or on line
  • Friend your child and if possible, your child’s friends to keep tabs on the dialogue taking place. Let them know that you are interested and observant by communicating with them using social networking. If you are more fond of the stick approach, post a sticky note on your monitor (like another parent in the article did) that says “Don’t Forget That Mom Sees Everything You Do Online.”
  • Be open and honest with your child. Communicate the real issues of cyber-bullying and how in some cases this leads to very negative consequences, like suicide
  • Encourage your children to talk with you if they have any concerns about their online life
  • For more answers and background on keeping yourself and your kids safe, take a look at the Facebook Safety Survival Guide below.

Facebook Safety Survival Guide
Includes the Parents’ Guide to Online Safety

This Survival Guide is an evolving document that I started writing for my young daughters and my employees, and is an attempt to give you a snapshot of some of the safety and privacy issues as they exist right now.

Social networking, texting, instant messaging, video messaging, blogging – these are all amazing tools that our kids and employees use natively, as part of their everyday lives. In fact, they probably understand social networking better than most adults and executives. But they don’t necessarily have the life experiences to recognize the risks.

I’d like to make their online vigilance and discretion just as native, so that they learn to protect the personal information they put on the web before it becomes a problem. Social networking is immensely powerful and is here for the long run, but we must learn to harness and control it.

Electronic Pickpocketing Hype Banks on Your Fear!

Electronic Pickpocketing is Possible, but Over-Hyped.

There is a new wave of hi-tech identity theft that allows thieves to steal your credit card information using inexpensive technology to intercept credit card (and sometimes even passport) information without even touching your wallet. Watch the video to the left or read our Electronic Pickpocket post to learn the basics.

And make sure you pay attention to the fact that the person they are interviewing for the news piece in the video MAKES MONEY FROM YOUR FEAR OF ELECTRONIC PICKPOCKETING! The gentleman they interview runs a company that makes shields for your credit cards and passports to stop electronic pickpocketing. I’m not saying that the products don’t work or aren’t somewhat valid; I’m saying that you have to take this gentleman’s perspective into consideration before buying the hype. He benefits from your fear, so do a little more research before you go gettin’ all paranoid.

The amount of hype this old form of theft is receiving (yes, this has been possible for years, despite all of the attention it’s getting now) is a bit overblown. Here are just a few reasons why:

  • The person being interviewed in the video benefits from your fear of electronic pickpocketing.
  • When a thief steals this information from you, they generally get your credit card number, expiration date and quite possibly your name. They DO NOT get your 3-digit security code or address. This is the same amount of information that the average waiter or retail clerk gets simply by looking at your card.
  • Because they don’t get your 3-digit security code or address, it is much more difficult for them to use the credit card number to make purchases on the internet, as most sites require some form of address verification or 3-digit security confirmation.
  • Only a fraction of cards utilize the RFID/Contactless Swipe technology, lowering your chances significantly.
  • As long as you catch your card being used fraudulently (see the protection suggestions below), you will not be held liable for the losses, the business that accepted the illegal card will. Even if your information is used to make a new card, if you are monitoring your identity properly, your out of pocket will be minimal.
  • Most cards only transmit 2-3 inches, which means that someone has to get a laptop-sized bag within two inches of your purse or wallet. This isn’t impossible, but it takes a fair amount of time and skill (notice how the news report doesn’t show them doing it without asking the people first). In most cases, this amount of work is too time intensive for the identity thief – it’s more lucrative to hack into a system that contains hundreds of thousands of credit card numbers (and other information) all in one place.
  • Fraud departments in credit card companies have come a long way. Most credit card companies are able to detect fraud on your card faster that you can. More secure credit card companies will call to confirm suspicious purchases or purchasing patterns.
  • If you want to get technical, which you probably don’t, credit card theft isn’t actually identity theft. They don’t have access to the personal items they need to actually steal your identity.

But it can happen, and it’s worth preventing. Which is simple:

  • First, check to see if you even have credit cards with the ability to beam your information to an RFID receiver (look for the circled symbol in the photo to the right). If not, stop worrying and just monitor any future cards you receive.
  • Second there are sleeves and wallets built to protect your cards and make them unable to scan and be lifted. Several companies, like Checks Unlimited make RFID wallets & products that shield the electromagnetic energy necessary to power and communicate with contactless smart cards, passports, and enhanced drivers licenses.
  • Next, set up account alerts and monitor your statements to cover yourself in the small chance that it happens to you. That way if your credit card is compromised, you can detect it immediately and take the necessary steps to contact the bank, report the fraud, and cancel the card.
  • If you are worried about having a credit card that can transmit your personal information, call your credit card company and ask them to send you a card that doesn’t transmit or have RFID capabilities (you know it transmits if it has the small broadcast or sonar icon circled to the left). Get rid of the source of the fraud!
  • Never leave your purse or wallet in an easy to scan place. Get rid of all of the excess credit cards that you don’t use and lower the chances that one of them will be compromised.
  • For added protection, especially for your Passport (which carries a much higher volume of very sensitive information), consider purchasing a sleeve or shield that makes RFID scanning less likely.  Checks Unlimited offers a wide variety of these types of RFID blocking sleeves & cases.”

But whatever you do, don’t buy into the hype and paranoia just because a video has gone viral on YouTube.

John Sileo is the award-winning author of two identity theft prevention books, Stolen Lives and Privacy Means Profit (Wiley, August 2010) and America’s top Identity Theft Speaker. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.

Identity Theft Expert John Sileo on 60 Minutes


Achilles, an ancient Greek superhero — half human, half god — was in the business of war. His only human quality (and therefore his only exploitable weakness) was his heel, which when pierced by a Trojan arrow brought Achilles to the ground, defeated. From this Greek myth, the Achilles’ Heel has come to symbolize a deadly weakness in spite of overall strength; a weakness that can potentially lead to downfall. As I formulated my thoughts in regard to New Zealand, I realized that the same weaknesses are almost universal — applying equally well to nations, corporations and individuals.During a recent 60 Minutes interview, I was asked off camera to name the Achilles’ heel of an entire country’s data security perspective; what exactly were the country’s greatest weaknesses. The country happened to be New Zealand, a forward-thinking nation smart enough to take preventative steps to avoid the identity theft problems we face in the States. The question was revealing, as was the metaphor they applied to the discussion.

For starters, let’s assume your business is strong, maybe even profitable in these tough economic times. In the spirit of Sun Tzu and The Art of War, you’ve dug in your forces, preparing for a lengthy battle: you’ve reduced costs, maximized your workforce, and focused on your most profitable strategies. As your competitors suffocate under market pressure, you breathe stronger as a result of the exercise. But like Achilles, your survival through adversity blinds you and even conditions you to ignore pending threats. You begin to think that your overall strength translates into an absence of weaknesses; and in general, you might be right. But Achilles didn’t die because of his overall strength, which was significant; he died because he ignored critical details. What details are you and your company ignoring?

Information, like Achilles himself, is power. And maintaining control and ownership of your information is quite possibly the most threatening Achilles’ heel any data-reliant business faces. Companies that don’t actively take control of their data are prime targets for identity theft, social engineering, data breach, corporate espionage, and social media exploitation. Regardless of your title, you have a great deal to learn from Achilles’ mistakes, and a significant opportunity to protect your own corporate heel.

Achilles 3 Fatal Mistakes and How to Avoid Them

Admit Your Vulnerabilities. Achilles forgot that he was human, failing to take inventory of his weakness in spite of superior strength. Though his faults were limited — a small tendon at the base of his foot — his failure to protect himself in the right spots proved fatal. When protecting data, it is imperative to understand that your greatest vulnerabilities lie with the people inside of your company. No matter how secure your computer systems, no matter how much physical security you deploy, humans will always be your weakest link. The more technological security you implement, the quicker data thieves will be to attempt to socially engineer those inside your company (or pose as an insider) to capture your data. Admitting vulnerabilities doesn’t have to be a public, embarrassing act. It can be as simple as a quiet conversation with yourself and key players about where your business is ignoring risk.

The three greatest human vulnerabilities tend to be: 1. Unawareness of the risks posed by data loss, 2. Lack of emotional connection to the importance of data privacy (personally in professionally) and it’s affect on profitability, and 3. Misunderstanding that in a world where information is power, it’s no longer about whom you trust, but how you trust. These symptoms suggest that your privacy training has either been non-existent or dry, overly technical, policy related and lacking a strong “what’s-in-it-for-me” link between the individuals in your organization and the data they protect every day.

If this is true inside of your business, rethink your training from this perspective: Your audience members (employees) are individuals with their own identity concerns, not just assets of the company who can be forced to follow a privacy policy that they don’t even pretend to understand. By tapping into their personal vulnerabilities regarding private information (protecting their own Social Security Number, etc.), you can develop a framework and a language for training them to protect sensitive corporate information. Like in martial arts, where you channel your opponent’s energy to your favor, use your employee’s humanness to your advantage. Pinpoint these vulnerabilities and shine the light of education on them.

Fight Prevention Paralysis. One of the most unfortunate and destructive character traits among humans is our hesitation to prevent problems. It is human nature to invest time to prevent tragedy only after we’ve experienced the pain that results from inaction. We hop on the treadmill and order from the healthy menu only after our heart screams for attention. We install a home security system only after we’ve been robbed. Pain motivates action, but the damage is usually done. You can bet that had he the chance to do it all over again, Achilles would slap a piece of armor around his heel (just like TJMAXX would encrypt their wireless networks and AT&T would secure their iPad data).

Prevention doesn’t get the proper attention because its connection to the bottom line is initially harder to see. You are, in essence, eliminating a cost to your business that doesn’t yet exist (the costs of a future data breach: restoring and monitoring customer credit, brand damage, stock depreciation, legal costs, etc.). This seems counterintuitive when you could be eliminating costs that already exist. But here is the flaw in that method of thinking: the cost of prevention is a tiny fraction of the cost of recovery. When you prevent disaster, you get a huge return on your investment (should a breach ever occur). Statistics say that a breach will occur inside of your organization, which means that by failing to invest in prevention you are consciously denying your organization a highly profitable investment. Why would you insure your business against low percentage risks (fire), but turn the other way when confronted with a risk that has already affected 80% of businesses (data breach) and has an almost guaranteed double digit ROI? It is your responsibility to demonstrate how the numbers work; spend small amounts of money preventing, or vast sums of time and money recovering.

Harden the Riskiest Targets. Once you have admitted to and cataloged your vulnerabilities and allocated the resources to protect them, it is time to focus on those solutions with the greatest return on your investment. A constant problem in business is knowing how to see clearly through information overexposure and pick the right projects. Just think of how much stronger Achilles would have been had he placed armor over his heel (which was human) rather than his chest (which was immortal). There is no financially responsible way to lower your risk to zero, so you have to make the right choices. Most businesses will gain the greatest security by focusing on the following targets first:

  1. Bulletproof Your People. Most fraud is still committed the old fashioned way – by manipulating trusting, unsuspecting people inside of your organization. Train your people for what they are: the first line of defense against fraud. Begin by preventing identity theft among your staff and then bridge this personal knowledge into the world of professional data privacy.
  2. Protect Your Mobile Data. Laptops, smart phones and portable drives are the most common sources of severe data theft. The solution to this very powerful and ubiquitous form of computing is a quilt-work of security including password strengthening, data transport limitations,  access-level privileges, whole disk and wireless encryption, VPN and firewall configuration, physical locking and human decision making (e.g., don’t leave it unattended the next time you get coffee at your corporate conference).
  3. Prevent Insider Theft: Perform thorough background checks, reference verification and personality assessment to weed out dishonest employees before they join your organization. Implement an ongoing “honesty meter” for your employees that ensures they haven’t picked up bad or illegal habits since joining your company.
  4. Classify Your Data. Develop a system of classification that includes public, internal, confidential and top secret levels, along with secure destruction and storage guidelines.
  5. Anticipate the Clouds. Cloud computing (when you store your data on other people’s servers), is quickly becoming a major threat to the security of organizational data. Whether an employee is posting sensitive corporate info on their Facebook page (which Facebook has the right to distribute as they see fit) or you are storing customer data in a poorly protected, non-compliant server farm, you will ultimately be held responsible when that data is breached. You must be aware of who owns that data, today and in the future, when your storage company is bought out or goes bankrupt.

We have much to learn from the foresight of New Zealand; they are an excellent example of how organizations should defend their Achilles’ heel. To begin with, they have begun to acknowledge their vulnerabilities in advance of the problem (in fact, their chief vulnerability is that dangerous form of innocence that comes from having very few data theft issues, so far). In addition, they are taking steps to proactively prevent the expansion of identity theft and data breach in their domain (as evidenced by the corresponding educational story on 60 Minutes). Finally, they are targeting solutions that cost less and deliver more value. I was in New Zealand to instruct them on data security. Ironically, I gained as much knowledge on my area of expertise from them as I believe they did from me.

John Sileo speaks professionally on identity theft, data breach and social networking safety. His clients include the Department of Defense, the FDIC, FTC, Pfizer and the Federal Reserve Bank. Learn more about bringing him in to motivate your organization to better protect information assets.

Google Maps Street View: Removing Your House

https://vimeo.com/248003552′ format=’16-9′ width=’16’ height=’9′ av_uid=’av-2aeoki’

According to Google CEO Eric Schmidt, if you are looking for more privacy, then you should move.

His callous remark came during a discussion on Google Maps Street View cars, which were found to be illegally collecting e-mails, passwords and surfing habits while photographing your neighborhood. Appearing on CNN’s Parker Spitzer a week ago, Schmidt made a bold statement that was eventually edited out of the broadcast. He said that said individuals who did not want the Street View cars to snap photos of their homes should “just move.” Schmidt then told The Hollywood Reporter, “As you can see from the unedited interview, my comments were made during a fairly long back and forth on privacy. I clearly misspoke. If you are worried about Street View and want your house removed please contact Google and we will remove it.” You can have your house removed from Google Maps Street View. Here’s how (see video):

  1. Go to www.google.com/maps
  2. Locate your house by typing its address into the search box and pressing Enter.
  3. Click on the small picture of your house that says Street View.
  4. Adjust Google Maps Street View by clicking the left and right arrows on the Street View image until you see your house.
  5. Click the Report a Problem link at the bottom-right corner of the Street View image or, depending on the device you are using, clic k on the three dots in the upper right-hand corner.
  6.  It will take you to a page to Report Inappropriate Street View.  Here you can ask to have any number of things blurred, including the picture of your house.
  7.  You will need to provide your email address and submit a CAPTCHA.

An investigation into Google’s accidental practice of collecting identity information has been opened in France, Germany,  Spain, as well as in the U.S. Google claims that it will delete the sensitive information as soon as possible, but in the meantime, victims remain helpless. John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076. [youtube https://www.youtube.com/watch?v=VgwQPhpRPd0&rel=0]