Posts

12 Days to a Safe Christmas!

As part of Checks Unlimited?s Fraud Prevention Education series we are privileged to provide important information to help reduce your risk of RFID and Identity Fraud. For a Limited Time, SAVE 30% OFF RFID Products! Use code: RFID

Checks Unlimited • PO Box 19000 • Colorado Springs, CO 80935-9000

Checks Unlimited values and respects your privacy. Visit www.ChecksUnlimited.com/Privacy.aspx to view our privacy policy. This is an automated message; replies will not be read. To contact Checks Unlimited Customer Service Department, please send an email to general@support.checksunlimited.com

CU5FRAUD14
Sileo.com Checks Unlimited Home Sileo.com Checks Unlimited Home Page Prevent Holiday Identity Theft It?s Beginning to Look a Lot Like Christmas- at the Mall! Stopping Hackers When You?re Shopping on Wi-Fi Holiday Shopping Quiz ? Is Credit or Debit Smarter? Don?t Tell Facebook You Won?t Be Home for the Holidays Don?t Let the Grinch Steal Your Party! It?s a Wonderful Life?Let?s Keep it That Way What to Give the Person Who has Everything (& Wants to Keep it!) I?m getting Nuttin? (But Scams) for Christmas Beware the Phony Santa Claus Comin? to Town  Is that Holiday Email Really a Lump of Coal? Holiday Security Tips All Wrapped up Together

 

12th Day: Holiday Security Tips All Wrapped up Together

Would you like to give the people you care about some peace on earth during this holiday season? Take a few minutes to pass on our 12 privacy tips that will help them protect their identities, social media, shopping and celebrating over the coming weeks. The more people that take the steps we’ve outlined in the 12 Days of Christmas, the safer we all become, collectively.

Have a wonderful holiday season, regardless of which tradition you celebrate. Now sing (and click) along with us one more time.  

On the 12th Day of Christmas, the experts gave to me: 12 Happy Holidays,

11 Private Emails,

10 Trusted Charities

9 Protected Packages

8 Scam Detectors

7 Fraud Alerts

6 Safe Celebrations

Fiiiiiiiiiiive Facebook Fixes

4 Pay Solutions

3 Stymied Hackers

2 Shopping Tips

And the Keys to Protect My Privacy

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Biometrics are Like Passwords You Leave EVERYWHERE

biometrics,jpgBiometrics are like passwords, but worse.

Biometrics are like passwords that you leave everywhere (fingerprints, facial recognition, voice patterns), except that unlike passwords, you can’t change them when they’re lost or stolen. It’s easy to change your password, a bit harder to get a new retina. Like passwords, risk goes up as they are stored globally (in the cloud) versus locally (on a physical device).

In addition to the biometrics mentioned above that most of us have come to accept as commonplace, there are many other methods in use or under exploration:

  • hand geometry
  • vascular pattern recognition (analyzing vein patterns)
  • iris scans
  • DNA
  • signature geometry (not just the look of the signature, but the pen pressure, signature speed, etc.)
  • gait analysis
  • heartbeat signatures

At the 2014 Annual International Consumer Electronics Show, inventors displayed dozens of devices using biometrics, some of which will become just as commonplace as fingerprints in the near future, some of which will not catch on and be replaced by something even more amazing.  Some of the hot biometrics items this year:

  • Tablets that measure pupil ­dilation to determine whether you’re in the mood to watch a horror movie or a comedy.
  • Headbands, socks and bras that analyze brain waves, heart rates and sweat levels to help detect early signs of disease or gauge a wearer’s level of concentration.
  • Cars that recognize their owner’s voice to start engines and direct turns and stops, all hands-free.

(Do a search for “current biometric uses” if you want to be entertained for a while!)

Some less outlandish examples that are currently in place:

  • Barclays Bank in Britain utilizes a voice recognition system when customers call in.
  • Some A.T.M.s in Japan scan the vein pattern in a person’s palm before issuing money
  • World Disney World in Orlando, Fla., uses biometric identification technology to prevent ticket fraud or illegitimate resale as well as to avoid the time-consuming process of photo ID check.
  • Biometric passports contain a microchip with all the biometric information of holders as well as a digital photograph
  • Law enforcement agencies, from local police departments, to national agencies (e.g., the FBI) and international organizations (including Europol and Interpol) use biometrics for the identification of suspects. Evidence on crime scenes, such as fingerprints or closed-circuit camera footage, are compared against the organization’s database in search of a match.
  • Child care centers are increasingly requiring parents to use biometric identification when entering the facility to pick up their child.
  • And, of course, the most popular example has to be the use of fingerprint sensors on the iPhone 5s to unlock the devices.  It will also increasingly be linked to mobile payment services.

So, the million-dollar question is: Are Biometrics a Better Way to Protect Your Personal Identification?

The answer is yes…and no.

  • Biometrics are hard to forge: it’s hard to put a false fingerprint on your finger, or make your iris look like someone else’s.

BUT…

some biometrics are easy to steal.  Biometrics are unique identifiers, but they are not secrets. You leave your fingerprints on everything you touch, and your iris patterns can be observed anywhere you look.  If a biometric identifier is stolen, it can be very difficult to restore.  It’s not as if someone can issue you a new thumbprint as easily as resetting a new password or replacing a passport. Remember, even the most complex biometric is still stored as ones and zeros in a database (and is therefore imminently hackable). 

  • A biometric identifier creates an extra level of security above and beyond a password

BUT…

if they are used across many different systems (medical records, starting your car, getting into your child’s day care center), it actually decreases your level of security.

  • Biometrics are unique to you

BUT…

they are not fool-proof.  Imagine the frustration of being barred by a fingerprint mismatch from access to your smartphone or bank account.  Anil K. Jain, a professor and expert in biometrics at Michigan State University  says (emphasis mine), “Consumers shouldn’t expect that biometric technologies will work flawlessly… There could and will be situations where a person may be rejected or confused with someone else and there may be occasions when the device doesn’t recognize people and won’t let them in.”

The scariest part of the biometrics trend is how and where the data is stored.  If it is device specific (i.e. your fingerprint data is only on your iPhone), it’s not so bad.  But if the information is stored on a central server and unauthorized parties gain access to it, that’s where the risk increases.  A 2010 report from the National Research Council concluded that such systems are “inherently fallible” because they identify people within certain degrees of certainty and because biological markers are relatively easy to copy.

I also feel compelled to mention the inherently intrusive nature of biometrics.  While it’s true that using facial-recognition software can help law enforcement agencies spot and track dangerous criminals, we must remember that the same technology can just as easily be misused to target those who protest against the government or participate in controversial groups.  Facebook already uses facial recognition software to determine whether photos that users upload to the site contain the images of their friends.  Retailers could use such systems to snoop on their customers’ shopping behavior (much like they do when we shop online already) so that they could later target specific ads and offers to those customers.

How long before we have truly entered into Tom Cruises’s Minority Report world where we are recognized everywhere we go?   “Hello Mr. Yakamoto and welcome back to the GAP…”

John Sileo is an author and highly entertaining speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on Rachael Ray, 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Snapchat Hacked? Duh! Of Course It Was.

,

Snapchat Hacked! Is there any sense of wonder left when another Internet giant (or any corporation, for that matter) gets hacked and loses your private information? No, the mystery died years ago, which is why we’ve basically forgotten about Target already. Of course Snapchat.com was hacked. Here’s the recipe for how your corporation can be like theirs:

  1. Collect a ga-gillion pieces of user data all while…
  2. Paying lip service to privacy and security measures until…
  3. Your database is hacked, the press circles & customers revolt while…
  4. You pay expensive recovery costs and belatedly decide to…
  5. Implement security & privacy measures that could’ve saved you a ga-gillion.

Breach Happens, no matter how big or how small you are. But breach destroys only when you are unprepared.  When it comes to privacy, the most effective medicine is getting burned. Snapchat is lucky to have experienced it early in their lifetime. When will you get hacked? Will it disappear in 11 seconds…

John Sileo inspires corporations to give a darn about the data that drives their profits, before breach happens. 

Sileo Speaking at NAFCU Technology and Security Conference

Credit Union Members: A special thanks to NAFCU for having me back a second year to present at their Technology and Security Conference.  Join us in Vegas for some fun and really get into the nuts and bolts of cyber security.

Screen shot 2013-09-09 at 11.04.06 AM

 
 

How To Turn Off Facebook Graph Search

,

Do you want to know how to turn off Facebook Graph Search?

If you walk onto a used-car lot and brag to the salesman that you’re rich, who’s to blame: the salesman for exploiting that information to sell you a car for more than it’s worth, or you for naively sharing in the first place? Both! The same is true in the hacking of the Facebook Graph Search data; Facebook AND poorly informed users SHARE the responsibility for this latest breach.

In case you haven’t heard the latest, Brandon Copley, a mobile developer in Dallas, Texas, was able to exploit Facebook’s Graph Search to collect 2.5 million phone numbers of Facebook users.  Copley is not a malicious hacker; he was simply trying to show how vulnerable the information is that people leave “public” on Facebook.

In a note from Facebook to its users, Facebook acknowledged the “bug”.  They went on to explain how it happened and said they immediately disabled the tool in question until it was fixed.  They also issued a cease and desist letter to Copley stating, “You are unlawfully acquiring Facebook user data. It appears that you are accessing Facebook through automated means and stealing Facebook access tokens in order to scrape data from Facebook’s site without permission.”  Copley argued that, “Facebook is denying its users the right to privacy by allowing our phone numbers to be publicly searchable as the default setting.”

What is Facebook’s responsibility regarding Graph Search?

Facebook is at fault for allowing robo-harvesting of your personal data through Graph Search. They should plug this search engine hole immediately – we’ll see that soon. They also need to plug a series of related breaches.

What is our responsibility as users?

We have to remember that Facebook is a social network, a term that openly admits to the sharing of data, which is why Facebook DOESN’T HAVE a privacy policy, they have a Data Use Policy. And make no mistake; the Facebook Data Use Policy says that by default, they will share everything possible unless we tell them otherwise. In other words, we’re giving them a lot of our information for a pretty used car.

What steps can our viewers take right now? (See video)

  1. Share only what you want made public.  Remember, the default setting is to make everything public; it is your responsibility to go in and change your settings.
  2. Read & understand the Data Use Policy, otherwise, you have no way of knowing how Facebook is making your data available to others.
  3. Customize privacy settings to limit access. To do this well, it will take about 60 minutes of your time, but it will be well worth the effort.

John Sileo is a keynote speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security and businesses looking to protect the information that makes them profitable. Contact him directly on 800-258-8076.

 

WWBD? (What Would Bond Do?) Five Steps to Secure Your Business Data

, , ,

I finally got around to watching the latest 007 installment, Skyfall, and it appears even James Bond has entered into the world of Cyber Crime as he tries to protect a computer drive with a list of British agents from falling into the wrong hands.  And like the proverbial victims in a James Bond flick, you and your business data are under assault, even though it may not always be as obvious as getting thrown off a train.  Why?  Because your business data is profitable to would-be thieves. And for many of those thieves, that data is easy to get and the theft can be next to impossible to trace.

Sony PlayStation Network, Citigroup, Lockheed and several others have seen more than 100 million customer records breached, costing billions in recovery costs and reputation damage.  If it can happen to the big boys, it can happen to you.  If you don’t have Bond on your side fighting off the villains, take these steps to take to secure your business data:

Involve your employees. No one in your organization will care about data security until they understand what it has to do with them. So train them to be skeptical. When they’re asked for information, teach them to automatically assume the requestor is a spy. If they didn’t initiate the transfer of information (e.g., someone official approaches them for login credentials), have them stop and think before they share. Empower them to ask aggressive questions. Once employees understand data security from a personal standpoint, it’s a short leap to apply that to your customer databases, physical documents and intellectual property. Start with the personal and expand into the professional. It’s like allowing people to put on their own oxygen masks before taking responsibility for those next to them.

Stop broadcasting your digital data. Wireless data leaks two ways: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Have a security pro configure the wireless router in your office for WPA-2 encryption or better and perform a thorough security audit of your network. To protect your data on the road, set up wireless tethering with your mobile phone provider and stop using other people’s hot spots.

Eliminate the inside spy. Perform serious background checks before hiring new employees. The number one predictor of future theft by an employee is past theft. Follow up on the prospect’s references and ask for some that aren’t on the application. Letting prospective hires know in advance that you will be performing a comprehensive background check will discourage them from malfeasance.

Don’t let your mobile data walk away. Up to 50 percent of all major data breach originates with the loss of a laptop, tablet or mobile phone. Either carry these on your person (making sure not to set them down in airports, cafes, conferences, etc.), store them in the hotel room safe, or lock them in an office or private room when not using them. Physical security is the most overlooked, most effective form of protection. Also, have the security pro mentioned earlier implement strong passwords, whole disk encryption and remote data-wiping capabilities. Set your screen saver to engage after five minutes of inactivity and check the box that requires you to enter your password upon re-entry.

Spend a day in your dumpster. You may have a shredder, but the problem is no one uses it consistently. Pretend you are your fiercest competitor and sort through outgoing trash for old invoices, credit card receipts, bank statements, customer lists and trade secrets. If employees know you conduct occasional dumpster audits, they’ll think twice about failing to shred the next document.

Take these steps and you begin the process of starving data thieves of the information they literally take to the bank.  It will be a lot easier to sit back and relax- maybe even have a shaken martini- when you know your business is secure.

James Bond martini

John Sileo is an anti-fraud training expert and in-demand speaker on digital reputation, identity theft and online privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

 

 

 

 

 

 

Is There a Good Side to Facebook?

, ,

AskSileo Episode 5: Is there a good side to Facebook?

There are absolutely good sides to Facebook and social networking. They engage people in ways that they aren’t engaged otherwise. As your children experience that moment of euphoria that comes from these new connections, use their enthusiasm to start a conversation about what is appropriate online and what isn’t. The more you get involved, the safer they will be.

What are your questions? Let me know if the comments box below. Who knows, your question might appear next on AskSileo!
For more tips on privacy, identity and reputation control, subscribe to the AskSileo video series or to the Sileo Blog.

Does Facebook Chemically Addict My Child?

, ,

AskSileo Episode 4: Does Facebook Chemically Addict My Child?

When we talk about ourselves, it is scientifically proven that we get mini hits of a natural drug called dopamine. It makes us feel better and because of that, it is addictive. Facebook, and social media are all about talking about ourselves. Why does Facebook have 1 Billion users? Because they have an addictive business model, and we are it’s test subjects.

What are your questions? Let me know if the comments box below. Who knows, your question might appear next on AskSileo!
For more tips on privacy, identity and reputation control, subscribe to the AskSileo video series or to the Sileo Blog.

How Long Does it Take to Secure Facebook?

, ,

AskSileo Episode 3: How long should I spend setting up Facebook’s privacy and security settings?

If you haven’t spent at least 90 minutes with your child setting up their Facebook account, you can be pretty certain that they are not as protected as they should be. Here are the three most important security steps that will make your child much safer on social media:

  • Read through and customize each Privacy Setting in Facebook
  • Do the same for the Security Settings
  • If your child is old enough (if they are following the 13 and older rule, they are old enough) have them read through Facebook’s Data Use Policy, taking notes on what they learn. There is nothing like reading it for themselves to get them to care about what they are exposing to the world.
What are your questions? Let me know if the comments box below. Who knows, your question might appear next on AskSileo!
For more tips on privacy, identity and reputation control, subscribe to the AskSileo video series or to the Sileo Blog.