The main reason for the difference in effectiveness relied primarily on measuring each browser’s reputation-based blocking mechanism. According to an article in InfoSecurity Magazine, “the flaw is that since the block is based on reputation rather than known bad content, it is susceptible to false positives. To avoid blocking what might be a legitimate ‘clean’ URL, the user is given the option of accepting or overriding the block. There remains, noted the report, ‘the danger that social engineering attacks can deceive users into bypassing the file blocking and installing malicious software.’ The frequency with which users are allowed to override a block thus becomes an important issue.”

As malware continues to be an issue for both at-home PCs and mobile devices, a browser’s capacity to block malware is becoming increasingly important. “Malware downloads via Web browsers are the most common infection vector for cyber criminals seeking to swipe passwords, engage in financial or click fraud, or install bots on target machines. Any organization could be one malware download away from becoming the next victim of a complex APT attack, and relying on end-users to exercise necessary caution to protect their systems as they browse is an invitation for infection,” said Ted Samson, InfoWorld.

What browser do you use most at work? At home? After hearing this report, will you change the Internet browser you use daily to protect against malware? Let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

Unfortunately, these same conditions apply for children not in the foster care system. A child’s Social Security Number gets passed around quite a bit – schools, doctors, after care programs and often parents don’t even think about checking their child’s credit report for activity.

As occurrences of child ID theft increase, states are starting to take notice – just this week, legislation that would increase the penalty for identity theft committed against children is headed to the Pennsylvania Senate. In April, Florida passed a bill that requires the nation’s three consumer reporting agencies to allow Florida parents to open a credit report for their child – and then freeze it – a measure that would prevent others from opening a fraudulent account with the stolen information.

We expect to see similar bills being drawn up and passed in the coming year as more government officials, child advocates and parents become aware of this issue. In the meantime, take a minute to make sure you are taking the appropriate measure to protect your child against the threat of identity theft.

Have questions about how to protect your child’s identity, reach out to us on Twitter or Facebook.

Consider these key findings…

• 8 in 10 companies experienced Web-borne attacks in 2012
• Web-borne attacks are impacting businesses through increased help desk time, reduced employee productivity and disruption of business activities
• 88% of Web security administrators say Web browsing is a serious malware risk to their firm
• Phishing is the most prevalent Web-borne attack, affecting 55% of companies
• Companies that deploy a Web security solution are far less likely to be victims of password hacking, SQL injection attacks, social engineering attacks and Web site compromises

Read more about the “2013 Web Security Report” from Webroot.

Phishing Is The Most Prevalent Web-borne Attack
“Phishing represents one of the fastest-growing causes of breaches and data loss as cybercriminals become progressively adept at luring users into divulging sensitive corporate data. As a point in fact, more than half of companies’ surveyed experienced phishing attacks in 2012. Phishing is particularly challenging because cybercriminals launch new sites that masquerade as legitimate sites so quickly and for such a short period of time that most existing Web security fails to detect them.” – Webroot

Security breaches via the Web in 2012:

• Phishing Attack – 55%
• Keyloggers or Spyware – 43%
• Drive-by Download – 42%
• Web Site Compromised – 42%
• Hacked Passwords – 32%
• Social Engineering Attack – 23%
• SQL Injection Attack – 16%

None of the Above – 21%

How to protect yourself and your company
As an employee, you have a crucial role in the security of your company whether you realize it or not. A company cannot be secure without the help of every single employee. Below are some tips that you can follow in order to avoid Web-borne attacks, such as phishing scams:

• Only browse websites that are required to fulfill your job duties
• If something seems “shady” it probably is Do not submit confidential data on insecure HTTP websites
• Go directly to websites instead of being at the mercy of embedded URLs in emails
• Only open attachments that you are expecting and from senders that you recognize
• Pay attention to URLs – if you are unsure about one, be on the safe side and do not visit it
• Never email confidential information – pass this information on through telephone
• NEVER enter confidential information on a pop-up screen
• Pay attention to your web browser warnings
• Report suspicious activity to the Information Security Officer
• ALWAYS BE SUSPICIOUS

Be sure to check out our other blog posts on security. Share your tips for protecting your business with us on Facebook and Twitter.

Nathan Eddy of eWeek reported that security as a measure of success even outranked employee productivity. “Respondents fear a loss of company or client data, unauthorized access and malware infections, and many say they lack the resources necessary to address these security concerns,” he said.

The report also revealed that, “mandatory use of encryption was cited as a risk-control measure for mobile devices by 40 percent of respondents.”

In similar news, HIMSS Analytics recently conducted a focus group of seven senior health IT executives. They claimed that data security concerns, especially those related to BYOD policies, are among their top challenges.

Ken Terry of InformationWeek reported, “Although the focus group was small, what the participants said reflected the IT infrastructure priorities of the industry, as represented in a recent survey by the Health Information Management and Systems Society (HIMSS), according to a report on the focus group.” According to Ken, participants pointed out that the proliferation of personal devices in hospitals leads to insecure data exchanges. He says, “Providers tend to find workarounds that can jeopardize data security.”

As an employee, executive or business owner, how do you feel about BYOD policies? What security practices does your organization have in place, if any? Let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

CSID at ID360
Being headquartered near the University of Texas gave us the opportunity to participate in ID360, an annual conference put on by UT’s Center for Identity. This year, three CSID members spoke at the conference, including CSID vice president Bryan Hjelm with a talk on the future of identity, development director Joel Lang on the importance of credentials when it comes to malware, and president Joe Ross on the impact of social and mobile Big Data on identity and privacy. See more details about our participation in ID360.

Community Fun: Texas Round-Up + The Austin Cup
We laced up our running shoes and hit the pavement to participate in Texas Round-Up, a local 5K promoting healthy, fit lifestyles. The proceeds went to Texas public elementary schools in Texas to improve youth participation in sports and fitness. After the 5K, we headed to the The Austin Cup, a bowling tournament supporting the Center for Child Protection. Catch photos from both events on our Facebook page.

ISSA Chapter Event
CSID sponsored ISSA’s chapter meeting where HGMB Inc. CEO David Smith spoke about the future of cloud computing and Big Data, and how these changes will impact security. He touched on new strategies on how to manage the risks associated with cloud computing across many devices.

What we’re looking forward to moving in May – a big move!
We’re growing our team and office space in May! CSID has outgrown our current office and is moving to a new location this May. Be sure to check out open job opportunities for more information on how to join our ever-growing team.

“Our Annual State of the Net Report revealed that home computers are no safer than they were last year,” said Jeff Fox, technology editor for Consumer Reports.

Consumers had different ways of identifying malware on their PC. In the report, “people whose computers had been infected by malware were asked how they verify such problems. Sixty-two percent relied on antivirus software to notify them, 17 percent felt they were savvy enough to verify it themselves, and 15 percent relied on someone else with computer expertise,” said Dark Reading.

According to Consumer Affairs, even the best anti-virus software can miss malware detections. “If you find that your browser is taking you to a different site than the one you selected from your bookmarks, or a search engine gives you odd, unpredictable results, it’s a sure sign your computer is infected with malware. After all, the main purpose of malware is to give someone else control over your machine,” Consumer Affairs reported. Our development director Joel Lang recently spoke to this topic at the UT Center for Identity ID360 Conference.

In addition to a high number of home PC malware cases, it appears that malware is on the rise for small businesses and mobile devices as well.

What methods do you use to identify malware on your home or business PC? What are some ways you can prevent malware from getting onto your PC on the first place? Take a look at the three types of malware to be aware of and let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

With the rise in social networks and the increasing desire to share personal data in public forums, it’s no surprise identity thieves are targeting Facebook, LinkedIn, and Twitter to steal your identity.

What are they after?
Your Facebook page and Twitter profile page will show your name, email address, your current employer and friends. Most don’t use the proper privacy settings and provide access to date of birth, phone number, and current address. Those in the professional world have a LinkedIn profile with your primary college, where your first job was, and your colleagues. Soon the identity thief can piece together your personal life; your childhood nickname, your favorite childhood friend, where you were born, the make and model of your first car.

What can they do with your identity?
Identity thieves that successfully gather enough information about you can gain access to your bank accounts, email accounts, and even open new accounts since your bank, credit card company, and your email accounts all have security questions designed on your personal life (your childhood nickname, your mother’s maiden name, etc.). In addition, an identity thief can call your bank acting as you and have the password reset over the phone, free to gather any information needed to drain your accounts.

An individual’s email inbox contains a treasure trove of information such as old passwords for bank accounts and e-commerce accounts like Amazon or eBay, bank and credit card account numbers, and even tax return information including, your SSN. So, you can imagine an identity thief’s desire to get into your email inbox.

What are safe social network practices?

1. Maintain you Privacy settings: There are privacy and security settings on social networks which help keep your information private and out of public view. Each social network website has a section outlining the necessary steps to utilize these settings.
2. Limit personal information: It is important to be careful how much personal information you share on social networking sites. The more information you post, the easier it is for a hacker to access your data and piece together your identity for malicious use. Avoid listing the following information publicly: date of birth, hometown, address, education, and primary email address. Also avoid information that could be used as a security question: your mother’s maiden name, the make and model of your first car, etc.
3. Stay away from surveys: Survey scams are typically found on social networking sites like Facebook. They come in the form of wall posts with a link. They use clever social engineering techniques like mentioning popular news items about celebrities, or political issues. Another popular hook is mentioning a contest or prize giveaway. By hooking survey scams with effective social engineering lures, users are likely to click the links or follow the instructions included in the posts. Once the link is followed, malware can be attached to the computer where your personal information can easily be collected.
4. Be aware of whom you friend: The easiest way for identity thieves to get into your personal life is by friending you. This gives the identity thief access to any public or private information you or a friend posts about you. Only invite people to your network that you know or have met, as opposed to friends of friends and strangers.

Have additional tips for safe social network practices? Share your thoughts with us on Facebook and Twitter.

CSID Vice President Bryan Hjelm kicked off Tuesday morning with a presentation on the future of identity. The identity protection industry started with credit-monitoring techniques like monitoring our credit reports for fraud. We then moved toward identity monitoring for personal information like email addresses and passwords. Now we’re taking it a step further, toward identity management. As an industry, we now focus on non-credit monitoring, child identity monitoring, small business monitoring and two-factor authentication. See Bryan’s poster below, next to a poster from CSID’s Joel Lang.

Later that afternoon, CSID president Joe Ross joined a panel of security leaders to discuss the impact of social and mobile Big Data on identity and privacy. A key takeaway from the discussion was that with so much social and mobile data out there, we, as individuals and businesses, have a real version of the once-fictitious “permanent record.” Once your information is posted on the Internet, it’s out there for good. It can be found by potential employers or predators years later. Joe also talked to the global aspect of such data, pointing out challenges we face in finding globally universal identifiers, as Social Security numbers are give only to U.S. citizens.

Lastly, CSID development director Joel Lang presented on the nature of malware and the importance of credentials. Just one piece of malware or one compromised credential can easily lead to an entirely infected or breached network.

For a more in-depth look at the conference, see the Twitter discussions. Also, be sure to keep an eye on the Resources section of our website for copies of Bryan and Joel’s topic papers and presentations.

Did you attend ID360 this year or last? What messages resonated most with you? As always, let us know on Facebook or Twitter.

“Typically what we see in our data set are financially motivated breaches, so the targets usually include retail organizations, restaurants, food-service-type firms, banks and financial institutions,” said Jay Jacobs, senior analyst with the Verizon RISK team, in PC World. “When we looked at the espionage cases, those industries suddenly dropped down to the bottom of the list and we saw mostly targets with a large amount of intellectual property like organizations from the manufacturing and professional services industries, computer and engineering consultancies, and so on.”

The types of industries affected are widespread. Principal author of the report Wade Baker believes “the bottom line is that unfortunately, no organization is immune to a data breach in this day and age. We have the tools today to combat cybercrime, but it’s really all about selecting the right ones and using them in the right way. In other words, understand your adversary – know their motives and methods, and prepare your defenses accordingly and always keep your guard up.”

What are some ways your business prepares for a potential security breach? Does your business need to protect itself from financially motivated cybercriminals, those looking for intellectual property or both? Download the full report or get a quick look at the security landscape with the executive summary and let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

This post comes to us from Anne Livingston,

When I talk to my kids about what not to post online, I focus primarily on information that would allow a stranger to contact them. Their information is also valuable to identity thieves. Thieves search kids’ social media accounts looking for personal information. They use their information to open fraudulent accounts or attain pieces of ID such as a driver’s license. With a child’s information, they often can impersonate them for years without being detected. According to a study by CyLab at Carnegie Mellon, identity theft is 51 times more likely with children than adults. Recently, CSID conducted a survey to find out what parents know about child identity theft. The survey found that most parents do talk to their kids about sharing information online and, like me, they do so because of concern about their child sharing information online with strangers. Only 18% of parents were concerned with identity theft, however, and although concerned, most (52%) are not taking action to protect their children’s information. The survey found that when parents are aware of the issue they want to take action, but don’t know what to do or where to begin.

CSID brought together a panel of child safety experts to discuss what parents can do to protect their kids’ information. The first step is talking with our kids about what information identity thieves want. For example, most websites ask for a date of birth during sign up, and birthdays are routinely added to social media profiles. What parents and kids may not realize is their birthdate is a key piece of information for identity thieves.

It is important for parents to teach kids to protect their information from thieves. Here are 5 key pieces of information kids should not share publicly online – in social media profiles as well as chat rooms, forums or blogs.

1. Full Name
2. Date of Birth
3. Place of Birth
4. Address
5. Pictures of anything with identifying information (new driver’s license, first credit card, etc.)

Besides these 5 key pieces, kids should also avoid sharing information that thieves could use to guess their passwords or verify accounts. For example, if your child is using the dog’s name as their password, they should not post the name on their profile. Same goes for information used to verify accounts. If their social network asks for their mobile number to verify their account, kids should not publicly post their phone number. Finally, one of the best privacy settings is to keep sharing between real world friends and family. Remember, a friend of a friend could be an identity thief.

For more information on children and identify theft, see the CSID paper on Child Identity Theft: A Parenting Blind Spot and Child Identity Theft by the FTC.