Cody Gredler

About Cody Gredler

Cody knows cyber security. As CSID’s Director of Marketing she has a keen understanding of what is going on both in the news and behind the scenes with the latest breaches, security threats and identity theft scams. Cody writes about the latest industry news, breaches, identity theft trends and often shares helpful security tips for both businesses and consumers.

Unlocking the Power of Data to Change the World

By | January 12th, 2017|Company News|

As part of the Experian family, we’re excited to participate in their #ExperianStories campaign with a story of our own.

For more than 10 years, we’ve had the immense privilege of developing innovative solutions to help businesses and consumers address growing threats related to breach and identity theft. We started in 2006 with four founders and now have more than 180 employees, offices in four different locations around the globe, and products spanning both credit and non-credit identity monitoring solutions.

We believe that harnessing the power of data plays a critical role in protecting consumers, businesses and society against growing cyber threats. The identity protection services we provide to businesses mine the dark web to alert consumers to instances where their identity may be at risk, empowering them to respond quickly and mitigate the impact of identity theft. Our access to this data and intelligence allows consumers to take a more proactive approach to protecting their identity.

Beyond the technology services we provide, we also believe in making the world a better place in other ways: through our culture and our people. We’ve maintained a long-standing tradition of giving back to and supporting the community in ways that make a positive impact. In fact, it’s been core to our culture since we started the company and remains a central part of our mission. We offer a variety of service opportunities for our employees throughout the year and encourage them to get involved in with organizations and causes for which they are most passionate.

Throughout the last 10 years, we have partnered with fantastic local organizations like Lifeworks, Operation Blue Santa, the Sustainable Food Center, and Girlstart. Just last month, we spent an afternoon sorting, bagging, and wrapping presents for families in need for Operation Blue Santa. It was an incredibly moving experience and we were glad to play a small role in spreading some holiday cheer. We look forward to deepening our relationships with these organizations, and volunteering with others, in the year ahead.

We’re fortunate to have a company where our people are moved by the power of data and technology to change the world – and are ready to volunteer their time to make the world a better place. You can find out more about why giving back goes hand-in-hand with CSID culture on our site.

Join in on the conversation by sharing your story and tagging #ExperianStories and follow along with all CSID news on Twitter, Facebook and LinkedIn.

Resolutions for a More Secure 2017

By | January 6th, 2017|Online Safety|

CSIDLast year is in our rearview mirror, and we’re moving full steam ahead into 2017. It’s around this time that people start focusing on their New Year’s resolutions. One resolution that should be on everyone’s list: improving personal online security. With the right resolutions, you can help minimize the risk of your information being compromised online.

Resolve to Use Strong Passwords and Update them Regularly
A quick look at the most common passwords from 2015 reveals a list that lacks complexity. The two most common are “123456” and “password,” with other easy-to-guess passwords like “football” and “abc123” high up on the list.

Yes, these passwords are easy to remember, but that also means they are easy to guess. Make a promise to yourself in 2017 that you won’t use your name (or a family member’s name, including pets) or birthday (or a family member’s birthday) in your passwords. Use long, strong, unique passwords with a mix of numbers, letters, and special characters. A technique that could help if you can’t think of anything is to start at a key on your keyboard and draw the shape of a letter. For instance, beginning at the “X” key, your password could be XdR5TgY&UjM, which makes the shape of the letter “M.” The end result is a password that’s difficult to crack but easy to remember.

Creating a strong password is the first step. To take your security even further, keep that password updated regularly – that means changing it every three to six months. Additionally, don’t reuse passwords across multiple apps and sites. Together, these steps will reduce the risk of your information being accessed.

Resolve to Think Before Clicking
Have you ever received an email or a link from a company or a person you knew, but something just seemed a little bit off? Maybe a word was misspelled, or the language just didn’t sound like it normally does. It’s possible the email was a phishing scam. Before you click on something that looks suspect, visit the sender’s website directly or give their customer service a call. And if the link was sent from a friend or colleague, pick up the phone and confirm they actually sent it themselves.

Resolve to Be More Proactive – And Make Your Devices Act Accordingly
Enabling two-factor authentication or setting up monitoring services can further bolster your protection. It’s always a good idea to keep an eye on your credit card and bank statements. If there’s a charge that looks unfamiliar, contact your credit card company or bank. Many credit card issuers give users the option of opting in to alerts if something seems out of the ordinary. It’s very easy to set these alerts up, and they’re incredibly helpful in keeping an eye on your data and sensitive information.

With these resolutions, you’ll be doing your part to make this year more secure. Another great resolution is to educate others: help a family member set up monitoring services, or encourage a friend to update their passwords. Together, we can help minimize the risk of cyber attacks.

Do you have any other cybersecurity resolutions for 2017? Share your tips with us on LinkedIn, Facebook and Twitter.

How the Election May Affect Cybersecurity for Consumers

By | November 16th, 2016|Industry News|

CSIDRegardless of where you stand politically, one thing we can all agree on is that the topic of cybersecurity took a prominent role in this year’s presidential elections – from concerns around hacks at polling sites to alleged cyber-attacks against the candidates themselves. Now that the election period has come to a close, the outcome will undoubtedly have implications for consumers, as several cybersecurity policies and practices come under discussion and key legislative decisions are made.

In 2016, we saw key moves from the White House, including the introduction of the Cybersecurity National Action Plan (CNAP), a plan seven years in the making which takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, and empower Americans to take better control of their digital security. As cybersecurity continues to garner growing national attention, we can expect it to remain a popular topic of conversation and influence decisions being made in 2017 and beyond.

We’re still in the early stages of learning about President-elect Trump’s plans for cybersecurity beyond the vision expressed on his campaign website, which includes the establishment of a Cyber Review Team and Joint Task Forces. Trump’s 100 Day Action Plan, the roadmap of priorities for his incoming administration, also promises to work with Congress to establish a “Restoring National Security Act,” a provision of which would go towards protecting the country’s infrastructure from cyber attacks. Trump has also promised a federal hiring freeze and a new requirement that two federal regulations be eliminated for every new regulation. If enacted, both of these policies could potentially impact existing cybersecurity regulations like the CNAP.

On the financial side, consumers could also be impacted by his promised reforms to the Dodd-Frank Act. Part of that act established the Consumer Financial Protection Bureau, a government organization that educates consumers on financial risks including identity theft and fraud.

As we learn more, it’s imperative that consumers understand the role they play in staying secure, regardless of policy decisions made at the state and federal levels. It’s the responsibility of all consumers and businesses nationwide to keep cybersecurity top-of-mind and take the necessary proactive steps to help safeguard their personal information. Here are some steps you can take – in five minutes or less – to up your personal security:

  • Turn on two-factor authentication (2FA) on your online email and financial accounts: By making the login process harder and more complex through incorporating this additional step, 2FA provides an extra layer of security for you against attackers.
  • Create long, strong and unique passwords: Take a few minutes to ensure all of your passwords include a long and cryptic combination of upper and lowercase letters, numbers, and special characters. Also avoid using easy-to-guess passwords, like your name, birthday, or pet’s name, and be sure to use unique passwords across accounts.
  • Opt-in to automatic updates: Software updates almost always address security vulnerabilities. Keeping your system updated with the latest software means you have the latest patches to defend against threats.
  • Check your privacy settings on social: Social platforms are constantly updating their security and privacy policies, with new features like 2FA that can help keep your information secure. Stay up to date with these policies to make sure you’re taking advantage of all security features.

Have more tips to share? Weigh in with us on Facebook, Twitter and LinkedIn.

Friday’s Cyber Attack and Future Threats

By | October 24th, 2016|Industry News|

CSID

Photo by: DownDetector

Friday was an interesting one for Internet users in the U.S. A large-scale Distributed Denial of Service (DDoS) attack took down a number of sites including Twitter, Netflix, and Amazon for a large part of the day. Many of us were left with a newfound sense of how much we rely on web-based services in our day-to-day lives and a growing unease about how vulnerable these services are.

DDoS attacks are not new and are just one type of cyber attack in a growing arsenal. We’ve compiled a list of some of the types of cyber attacks that are seeing incredible growth, and a description of how each works. You’ll likely be hearing these terms more as these attacks continue to grow in prevalence and scope.

Distributed Denial of Service Attack: Friday’s Internet outage was caused by a DDoS attack on Dyn, a company that monitors and routes Internet traffic. While Friday’s attack did require a fair amount of sophistication (USA Today has a great summary of the details we know to date), most DDoS attacks are easy and inexpensive for hackers to execute. A DDoS attack occurs when a website’s servers are flooded with illegitimate page requests, preventing legitimate requests from getting through. This can often cause the website to crash. Cyber criminals can execute DDoS attacks for as little as $150 a day by purchasing botnets on the online black market. Botnets are a network of computers and connected devices infected by malware and controlled without the owner’s knowledge. Botnets are used to send the page requests, resulting in the overburdened servers. A recent study by CDN services company Akamai found that there has been a 125 percent increase in DDoS attacks year-over-year and a 35 percent increase in their duration.

Zero Day Attacks: A Zero Day vulnerability refers to a hole in a businesses’ software that is unknown to the software provider. A Zero Day attack refers to an incident in which this hole is exploited by hackers before it is discovered and fixed. Because these vulnerabilities are unknown to the developer, cyber criminals can often exploit holes for months before anything is detected. According to Symantec, the number of Zero Day attacks also increased by 125 percent last year.

Domain Name System (DNS) Highjacking: The DNS is a naming system for any resource connected to the Internet that associates various information with domain names. For example, a DNS translates a user-friendly name, like CSID.com, to its corresponding IP address. DNS hijacking, or DNS redirection, is the practice of intercepting and changing the information associated with a DNS record for malicious reasons. The result is a user ends up on a site that has malicious malware or code instead of the site intended.

These are just a few of the cyber attacks we’ll be reading more about in the coming years, especially as the skill set and resources needed to execute them continues to lessen. For businesses, it means strengthening security on their sites and focusing on security against web-based attacks. For consumers, it is about staying informed.

Were you affected by Friday’s DDoS attack? Share your experience with us on social media. Follow CSID on FacebookTwitter or LinkedIn.

 

Industry News Recap: National Cyber Security Awareness Month

By | October 7th, 2016|Online Safety|

CSIDNational Cyber Security Awareness Month (NCSAM) kicked off this month and as a result, more eyes than ever are on cybersecurity. This week, we’re spotlighting a few recent national stories we expect to be a key part of the conversation among those participating with us in the month-long celebration.

Cybersecurity and the 2016 Election
For the first time in history, cybersecurity has emerged as a major topic in the 2016 general election. In the first presidential debate, both candidates talked about cybersecurity, especially in regard to alleged recent state sponsored cyber attacks. Both candidates agreed that the US should have strong cybersecurity capabilities to combat such threats.

National cybersecurity will continue to be in the news as Election Day itself approaches. Politico recently reported that hackers have probed voter registration systems in more than 20 states. In the wake of this news, more and more voters are becoming concerned as they prepare to head to the polls. Fortunately, many states are now working diligently with the Department of Homeland Security to ensure that their voting systems are properly secured for Election Day.

IoT Breaches On The Rise
The Internet of Things (IoT) continues to grow steadily, and organizations of all kinds are learning to adapt to the new technology ecosystem. However, security flaws in the IoT remain as a concern that has not been adequately addressed. Powerful DDOS, or “distributed denial of service” attacks via IoT devices have made headlines in recent weeks. DDOS attacks are a tried and true type of threat, but what we’re beginning to see is cyber criminals using compromised IoT devices to augment the size of an attack.

As part of NCSAM, the Online Trust Alliance released a checklist of steps for ensuring the security of IoT devices. Just as for most online risk mitigation, consumers should regularly update privacy settings on home and wearable devices in order to remain secure. Additionally, users should create long and strong passwords for all of their devices, and update them regularly.

Security Skills Gap
As we discussed a few weeks ago, the shortage in trained cybersecurity professionals is a problem. New reports show that the problem is continuing to grow. More than 209,000 U.S.-based cybersecurity jobs remained unfilled, a figure that is up 74 percent since 2011. Overall, the state of the cybersecurity skills shortage continues to pose a threat to the industry.

In spite of these issues, 79% of current cybersecurity professionals say that they are happy in their career path. It’s a fulfilling career, especially for today’s tech savvy population. Additionally, more and more schools globally are establishing programs and scholarships that directly address the cybersecurity skills gap by sparking curiosity and inspiring younger generations to get involved in the field.

To stay up to date with all the industry news shaping up during NCSAM, be sure to follow us on FacebookTwitter and LinkedIn

How Companies Can Stay Secure When Introducing BYOD Policies

By | September 23rd, 2016|Business Security|

CSIDBring your own device (BYOD) policies continue to grow in popularity. Employees and employers alike are enjoying the flexibility of using their own devices for work, so much so that we’re starting to see the workplace itself evolve. While we’ve seen many benefits to these policies (productivity, cost savings), it’s important to note that creating a BYOD policy without security in mind may put company data at risk.

BYOD policies may mean an increased risk for employee error. For example, a recent survey found around 40 percent of respondents said they never change their passwords on devices except when prompted to do so. Forty percent also said they use the same passwords across multiple websites. Such poor employee password habits can leave the door wide open for criminals, as we demonstrated last year, when hackers were able to infiltrate our fictional small business, Jomoco, in less than an hour.

However, a thorough understanding of the strengths, preferences and limitations of the average employee can address these security gaps. Here are best practices and recommended tools to implement effective BYOD security measures for your company:

BYOD best practices:

  • Develop a BYOD policy in partnership with IT, risk management, and legal counsel. Keep an open line of communication with IT so they can quickly communicate new and emerging threats of which employees should be aware of.
  • Educate employees on BYOD security best practices regularly. It should never be assumed that your employees understand all the guidelines spelled out in your policy.
  • Require your employees to create long, strong and unique passwords, and encourage employees to take advantage of two-factor authentication wherever possible.
  • Require that employees password protect their mobile device if it hosts company information.
  • Require your employees to update their software on devices when prompted. These updates typically address security vulnerabilities.
  • Require that employees quickly report any lost or stolen devices. Swift response allows you to mitigate the risk of sensitive information falling into the wrong hands.

BYOD tools:

  • Use a secure alternative to open Wi-Fi networks. Provide employees with access to a VPN or hotspot.
  • Create and provide standard antivirus, anti-malware protection for all types of devices.
  • Consider enlisting the support of a proactive monitoring service for your company. By proactively monitoring for employee credentials on the dark web, businesses can determine when an employee’s personal information may have been compromised.

As a closing thought, always keep in mind that threats are constantly evolving, so a good BYOD policy is never complete. Just like any business process, BYOD polices should be reviewed and updated on a regular basis.

To stay up to date with all business security news, be sure to follow us on FacebookTwitter and LinkedIn.

 

Cybersecurity Tips for Working Remotely

By | September 16th, 2016|Business Security|

CSIDFor 3.7 million Americans, waking up and logging onto a computer from the comfort of their home marks the start to their workday. According to Global Workplace Analytics’ 2016 study, 50 percent of the US workforce is now permitted the luxury to partially telework during the workweek. This trend continues to edge toward the norm. In fact, the ability to work remotely, for the greater, non-self-employed population, has grown 103 percent since 2005.

While more opportunities to work remotely may reflect the emerging modern workplace, there are several factors employers and employees should weigh and discuss to ensure security is top of mind.

If your job allows employees to work remotely, consider the following:

Employees: Protect Your Home

  • Use strong, cryptic passwords on all of your work and personal accounts. Resist the urge to duplicate passwords.
  • Use two-factor authentication whenever offered for both work and personal accounts.
  • Personal and work devices should be equipped with the latest antivirus software, web filtering, firewalls, and encryption. Always make sure your devices and software have the most up-to-date versions to help safeguard information.
  • Work with your company’s IT department to set up a virtual private network, or VPN, to add another layer of security to your home’s internet.

Employees: Working Elsewhere

  • Employees should keep personal and work devices password protected in the event they are stolen or misplaced.
  • Avoid accessing sensitive company accounts on public Wi-Fi or unsecured networks. Public Wi-Fi can increase the risks of signal sniffing and compromise personal accounts, as well as professional networks. Many hackers set up accounts that mimic the names of frequented locations, hoping to steal from unknowing users. Consider using a VPN to access company data, or using your cell phone as a hotspot.
  • Be aware of your surroundings. Consider a screen protector and make sure sensitive calls are made in private.

Employers: Create a Cybersecurity Policy for All Employees
To help foster a conversation and environment committed to cybersecurity, organizations should create a cybersecurity policy and make staff training and security education a priority. In a recent episode of Firewall Chats, Michael Kaiser, executive director at the National Cyber Security Alliance, discussed creating a culture of cybersecurity at work.

“[Policies need] to be reinforced,” Kaiser said. “It can’t be a one and done kind of thing. It has to really be periodic. … Reminding people of the value of the information that an organization holds and the responsibility they have to protect it. When people give you their information, they expect you to protect it.”

To create a cybersecurity policy:

  • First, identify the security risks and threats that may affect your business
  • Develop clear policies and procedures for all employees, whether on-site or off-site
  • Train all employees on your new (or existing) cybersecurity policies
  • Create and maintain a process to help reward policy followers and address offenders
  • Define and address third party and vendor risks
  • Work closely with your IT department to detect and address unauthorized activity

Creating a culture of cybersecurity will help safeguard employees and company data, regardless of where they work. Employees, do you have the ability to work remotely? Are you aware of the security steps needed to help keep your company safe? Share your experiences on Facebook, Twitter and LinkedIn.

 

The Real Cost of Identity Theft

By | September 9th, 2016|Identity Protection|

CSIDUnfortunately, identity theft can happen to anyone and has far-reaching consequences for its victims. According to the US Department of Justice (DOJ)’s most recent study, 17.6 million people in the US experience some form of identity theft each year. This includes activities such as fraudulent credit card transactions or personal information being used to open unauthorized accounts.

The most obvious consequence that identity theft victims encounter is financial loss, which comes in two forms: direct and indirect. Direct financial loss refers to the amount of money stolen or misused by the identity theft offender. Indirect financial loss includes any outside costs associated with identity theft, like legal fees or overdraft charges. The DOJ’s study found that victims experienced a combined average loss of $1,343. In total, identity theft victims lost a whopping $15.4 billion in 2014.

Beyond money lost, identity theft can negatively impact credit scores. While credit card companies detect a majority of credit card fraud cases, the rest can go undetected for extended periods of time. A criminal’s delinquent payments, cash loans, or even foreclosures slowly manifest into weakened credit scores. Victims often only discover the problem when they are denied for a loan or credit card application. Last year, CSID found that these types of fraud take the longest time to resolve.

Identity theft doesn’t just impact victims financially; it also often takes a significant emotional toll. A survey from the Identity Theft Research Center found that 69 percent felt fear for their personal financial security, and 65 percent felt rage or anger. And, almost 40 percent reported some sleep disruption. These feelings increased over time when victims were unable to settle the issue on their own, according to the report, which can result in problem as work or school, and add stress to relationships with friends and family.

Thankfully, consumers are getting smarter about the best ways to protect their information, like using monitoring services or following security best practices. How are you protecting yourself against identity theft? Join the conversation and stay up to date on the latest identity theft news by following CSID on FacebookTwitter or LinkedIn.

CSID Launches New Mobile App

By | September 7th, 2016|Company News|

CSIDAs a society, we are more mobile than ever before.

Between meetings and after-work commitments, social gatherings and kids’ play dates, we are using mobile apps to communicate with friends and family, field emails, stay up to date with the latest news, and so much more. In fact, mobile app usage has increased 90 percent in the past two years, according to comScore’s 2015 Mobile App Report. Apps are now the leading means of digital media consumption.

To keep pace with the modern mobile consumer, we are excited to introduce a new customizable, iOS and Android compatible app available for our partners, which will allow their subscribers to view their alerts and access their identity protection services conveniently from their mobile device while on the go.

In today’s digital world, identity theft is a fact of life. The Federal Trade Commission reported that identity theft complaints increased more than 47 percent from 2014. However, the sooner you become aware of a possible identity theft event, the sooner you can get ahead of it. Using the app, subscribers will receive a push notification if suspicious activity is detected, arming them with information and the ability to take control of their identity from the palm of their hand.

“CSID’s all-new app, designed with our partners in mind, extends convenience for users and immediate access to information with the touch of a button,” said Joe Ross, co-founder and president of CSID. “Our partners’ subscribers are empowered to feel confident about the security of their identity while on the move.”

The new app supports fingerprint authentication on supported devices and can be rapidly designed with the look and feel of our partner’s brands.

To learn more about providing this new mobile solution to your subscribers, contact your CSID account manager with questions.

As always, stay up to date with all CSID news on FacebookTwitter and LinkedIn.

To Post Or Not To Post: Back To School Pictures

By | August 26th, 2016|Online Safety|

CSIDIf you’ve logged on Facebook or Twitter in the past few days, chances are good your news feed is flooded with little faces holding colorful backpacks, bursting with supplies. Proud parents love the opportunity to share their children’s “back to school” photos with family and friends. This flurry of photos happens every fall, but a new trend is cause for alarm. Many parents now create and post creative signs, displaying their child’s name, school, and the grade they are entering.

While parents have the best intentions with these photos, they need to be aware they could be sharing sensitive information about their children. Sharing a child’s full name, school, and age, could potentially endanger a child and their identity. Aside from select family members and friends, most followers should not be privy to such details.

It’s better to err on the side of safety, especially with our children. If you still want to share your child’s photo on social, consider the following:

  • Examine your social media privacy settings. Make sure photos, posts, and your own identifying information are limited to close friends and family.
  • Avoid sharing your child’s full name and birth date. These details along with a home address could allow cyber criminals to create fraudulent accounts in your child’s name.
  • Consider sharing your photos in a shared smartphone album, or on an end-to-end encrypted platform like WhatsApp. Another option is to email or text the photos directly to family and friends.
  • What if grandma doesn’t use the latest apps? Print your photos and send them in the mail.
  • Enlist in an identity protection service that includes child monitoring. These types of services can alert you to potential compromises of your personal information (and your child’s) on the dark web.

Do you post about the first day of school? Join the conversation and stay up to date on the latest tips and cybersecurity news by following CSID on Facebook, Twitter or LinkedIn.

Load More Posts