Cody Gredler

About Cody Gredler

Cody knows cyber security. As CSID’s Director of Marketing she has a keen understanding of what is going on both in the news and behind the scenes with the latest breaches, security threats and identity theft scams. Cody writes about the latest industry news, breaches, identity theft trends and often shares helpful security tips for both businesses and consumers.

The Real Cost of Identity Theft

By | September 9th, 2016|Identity Protection|

CSIDUnfortunately, identity theft can happen to anyone and has far-reaching consequences for its victims. According to the US Department of Justice (DOJ)’s most recent study, 17.6 million people in the US experience some form of identity theft each year. This includes activities such as fraudulent credit card transactions or personal information being used to open unauthorized accounts.

The most obvious consequence that identity theft victims encounter is financial loss, which comes in two forms: direct and indirect. Direct financial loss refers to the amount of money stolen or misused by the identity theft offender. Indirect financial loss includes any outside costs associated with identity theft, like legal fees or overdraft charges. The DOJ’s study found that victims experienced a combined average loss of $1,343. In total, identity theft victims lost a whopping $15.4 billion in 2014.

Beyond money lost, identity theft can negatively impact credit scores. While credit card companies detect a majority of credit card fraud cases, the rest can go undetected for extended periods of time. A criminal’s delinquent payments, cash loans, or even foreclosures slowly manifest into weakened credit scores. Victims often only discover the problem when they are denied for a loan or credit card application. Last year, CSID found that these types of fraud take the longest time to resolve.

Identity theft doesn’t just impact victims financially; it also often takes a significant emotional toll. A survey from the Identity Theft Research Center found that 69 percent felt fear for their personal financial security, and 65 percent felt rage or anger. And, almost 40 percent reported some sleep disruption. These feelings increased over time when victims were unable to settle the issue on their own, according to the report, which can result in problem as work or school, and add stress to relationships with friends and family.

Thankfully, consumers are getting smarter about the best ways to protect their information, like using monitoring services or following security best practices. How are you protecting yourself against identity theft? Join the conversation and stay up to date on the latest identity theft news by following CSID on FacebookTwitter or LinkedIn.

CSID Launches New Mobile App

By | September 7th, 2016|Company News|

CSIDAs a society, we are more mobile than ever before.

Between meetings and after-work commitments, social gatherings and kids’ play dates, we are using mobile apps to communicate with friends and family, field emails, stay up to date with the latest news, and so much more. In fact, mobile app usage has increased 90 percent in the past two years, according to comScore’s 2015 Mobile App Report. Apps are now the leading means of digital media consumption.

To keep pace with the modern mobile consumer, we are excited to introduce a new customizable, iOS and Android compatible app available for our partners, which will allow their subscribers to view their alerts and access their identity protection services conveniently from their mobile device while on the go.

In today’s digital world, identity theft is a fact of life. The Federal Trade Commission reported that identity theft complaints increased more than 47 percent from 2014. However, the sooner you become aware of a possible identity theft event, the sooner you can get ahead of it. Using the app, subscribers will receive a push notification if suspicious activity is detected, arming them with information and the ability to take control of their identity from the palm of their hand.

“CSID’s all-new app, designed with our partners in mind, extends convenience for users and immediate access to information with the touch of a button,” said Joe Ross, co-founder and president of CSID. “Our partners’ subscribers are empowered to feel confident about the security of their identity while on the move.”

The new app supports fingerprint authentication on supported devices and can be rapidly designed with the look and feel of our partner’s brands.

To learn more about providing this new mobile solution to your subscribers, contact your CSID account manager with questions.

As always, stay up to date with all CSID news on FacebookTwitter and LinkedIn.

To Post Or Not To Post: Back To School Pictures

By | August 26th, 2016|Online Safety|

CSIDIf you’ve logged on Facebook or Twitter in the past few days, chances are good your news feed is flooded with little faces holding colorful backpacks, bursting with supplies. Proud parents love the opportunity to share their children’s “back to school” photos with family and friends. This flurry of photos happens every fall, but a new trend is cause for alarm. Many parents now create and post creative signs, displaying their child’s name, school, and the grade they are entering.

While parents have the best intentions with these photos, they need to be aware they could be sharing sensitive information about their children. Sharing a child’s full name, school, and age, could potentially endanger a child and their identity. Aside from select family members and friends, most followers should not be privy to such details.

It’s better to err on the side of safety, especially with our children. If you still want to share your child’s photo on social, consider the following:

  • Examine your social media privacy settings. Make sure photos, posts, and your own identifying information are limited to close friends and family.
  • Avoid sharing your child’s full name and birth date. These details along with a home address could allow cyber criminals to create fraudulent accounts in your child’s name.
  • Consider sharing your photos in a shared smartphone album, or on an end-to-end encrypted platform like WhatsApp. Another option is to email or text the photos directly to family and friends.
  • What if grandma doesn’t use the latest apps? Print your photos and send them in the mail.
  • Enlist in an identity protection service that includes child monitoring. These types of services can alert you to potential compromises of your personal information (and your child’s) on the dark web.

Do you post about the first day of school? Join the conversation and stay up to date on the latest tips and cybersecurity news by following CSID on Facebook, Twitter or LinkedIn.

News Recap: Millennials and Cybersecurity

By | August 11th, 2016|Industry News|

cybersecurityThis week, we’re talking about one of the most important topics in cybersecurity: the global cybersecurity professional gap and how computer-savvy millennials can help to fill it. Here’s a quick recap of the news surrounding this important issue, including research from our friends over at the National Cyber Security Alliance (NCSA).

The Cybersecurity Professional Gap
Today’s interconnected world creates greater opportunities for cyber attacks. As a result, the demand for cybersecurity professionals has grown enormously. Unfortunately, there are not enough qualified professionals to meet that demand. A study from Raytheon found that 79% of businesses in the U.S. experienced a recent cybersecurity incident, but 82% are unable to fill their open IT jobs. The study also found that while there are only 65,362 Certified Information Security Professionals (CISSP) in the U.S., companies posted almost 50,000 job requests for CISSP holders.

The consequences of this gap are already being felt. NCSA explains that without the proper security team, organizations are exposed to a greater risk for loss in profitability, brand reputation and intellectual property. According to a report from Intel Security, 71% of those who participated say they are already seeing quantifiable damage to their organizations. Current cybersecurity professionals are more likely to experience burnout, and their limited time is often spent responding to pressing cyber incidents rather than defending against them in the first place.

Can Millennials Fill The Gap?
Organizations and governmental task forces globally are hoping millennials can start to fill the deficit. However, lack of awareness is still a huge barrier. The Raytheon study found that 52% of millennial women and 39% of millennial men say they were never made aware of computer science programs in school. Additionally, 77% of young women in the U.S. say no high school guidance or career counselor talked about cybersecurity as a career, and 67% of men said the same.

Fortunately, it’s not too late for the millennial generation to correct the problem. The same Raytheon study also found that 40% of survey respondents were interested in learning more about careers in security. While millennials already in the workforce may have a more difficult time switching career fields, helpful Quora users have shared some tips on how people can begin to educate themselves. Additionally, the current pool of late millennials and college students are great candidates to begin training in the cybersecurity market.

Join the conversation and stay up to date on cybersecurity news by following CSID on FacebookTwitter or LinkedIn.

Pokemon Privacy: Catching Them All, Safely

By | July 18th, 2016|Industry News, Malware and Scams, Online Safety|

CSIDOn July 6, Niantic launched Pokemon Go — a free, augmented reality game for iOS and Android devices. The world went wild. Pokemon Go grabbed 26 million users in the U.S. alone, surpassing both Google Maps and Twitter in daily active users.

It’s been hard to escape the colorful news over the past week. Articles continue to surface on where to find the best Pokemon, how to catch them, and (most importantly) how to stay safe while doing so. In addition to warning users to be aware of their physical surroundings, many headlines warn of the cybersecurity risks involved with the game.

Full Google Account Access
One of the main concerns was Pokemon Go’s access to iOS users’ full Google Accounts. Although the app was vague on what this entailed, many privacy experts and users were concerned the game could access everything from Gmail to Google Drive.

Niantic was quick to respond to the alarm, claiming this was an error. “Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected,” Niantic said in a joint statement with The Pokemon Company.

The statement also clarified that no additional information has been received or accessed within Google. Instead of potentially accessing your entire Google footprint, the app can now only access your Google user ID and email address.

Take Action: iOS players should take care to update the app from the App Store and re-login to accept this updated privacy policy.

Malware Threats
Pokemon Go is only currently available in the United States, Australia, New Zealand, and United Kingdom, though it will soon be available in Italy, Spain and Portugal. While other regions wait for their chance to build their Pokedexes, many over-eager gamers are downloading versions from third-party sites.

“When it comes to malware, you really don’t want to catch ’em all,” Tim Erlin, Director, Security and IT Risk Strategist at Tripwire told InformationSecurityBuzz.com. “Cybercriminals are after any angle that helps them gain a foothold on your devices. A popular app that’s not available in some places is a near-perfect target for crafting a malware delivery strategy. … Installing software from third-party markets and unknown sources increases your risk of malware. Period.”

The security firm Proofpoint claims to have found a third-party version of the game which included a RAT, or remote access tool, called Droidjack. While Proofpoint has not observed the malicious tool “in the wild,” Droidjack has the potential to give a cybercriminal full control over a victim’s phone.

Take Action: If Pokemon Go is not currently available in your area, be patient. Do not risk infecting your phone and devices with malware. Android users should also take care to download the app from App Store.

Watch Where You Work
The cybersecurity risks around Pokemon Go give employers a great opportunity to create a conversation around BYOD security (and time management) in the workplace. Companies and employees should be aware that a device infected with malware could affect the entire network’s security.

Take Action: Brush up on our best practices for protecting your business.

Create a Conversation with Kids
While apps – and Pokemon – are meant for fun, it’s important to examine the privacy policies of all your apps to ensure you are not over-sharing data. This can help lead into a conversation with your family, and especially your kids, about privacy and security.

Discuss what types of information should be kept private, both online and in person. Discuss concerns over connecting devices to public Wi-Fi, and how to recognize a scam. Creating a conversation now can lead to better cybersecurity habits later.

Take Action: We discuss more tips for talking to your kids about privacy.

Are you playing Pokemon Go? Let us know your experience with the app and how you’re protecting your information. Join in the conversation on Facebook, Twitter or LinkedIn!

Cybersecurity in 2016: Reflections on the First Half of 2016

By | June 30th, 2016|Data Breaches, Industry News|

CSIDWith July just around the corner, it’s hard to believe we’re already halfway through 2016. Throughout the last six months we’ve seen some major cyber security incidents make headlines. According to the Identity Theft Resource Center, since January 1, 2016, there have been a staggering 500 breaches, with over 12.8 million records exposed. The breaches span the verticals of financial services, business, education, government/military, and government/healthcare. If things continue tracking this way, we may very well surpass last year’s total of 780 breaches.

The heaviest hit sector this year was the business sector, coming in at 46.5% of all breaches. Some of the bigger breaches in this category were caused by phishing attacks. In one case, a scammer impersonated the company’s chief executive officer and asked for employee payroll information. The email was not recognized as a scam and as a result, personal information about some current and former employees was disclosed.

This underscores something we have stressed time and time again on this blog: the importance of education at the business and consumer levels. While cyber criminals continue to develop new skills, we’re seeing the same techniques being used in attacks. According to Gartner’s recently-released security predictions, “through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.”

The good news about this is that protecting our identities is largely in our hands. By creating long, strong and unique passwords across accounts, being careful about what and where we click, keeping an eye on any suspicious activity, and enlisting the help of a third-party monitoring service, we can stay one step ahead of cyber criminals.

When it comes to reversing the trend of growing breaches, we all play a role. How are you committing to safe cyber practices for the rest of 2016? Share with us on FacebookTwitter and LinkedIn.

Passwords Going the Way of the Dinosaur?

By | June 3rd, 2016|Industry News, Online Safety|

CSIDWe have discussed passwords many times on this blog and how poor password habits, such as easy-to-guess logins and reusing passwords across multiple accounts, can easily lead to identity theft and fraud. Password management can be difficult – we get it – and so does Google.

At this year’s Google I/O conference, the company announced Trust API, a new feature that will be available to Android developers by the end of the year that uses a combination of biometrics to create a “Trust Score.” The API uses biometrics such as your location, typing cadence, and facial recognition to determine if you are who you really say you are. If the Trust Score is over a certain number, the device will automatically log you in – no password or pin needed. If the Trust Score falls below a certain threshold, a password and two-factor authentication may be required.

Consumers often use easy-to-guess passwords and reuse them across multiple sites because they simply don’t want to remember multiple passwords. The same goes for two-factor authentication. Most consumers don’t turn on two-factor authentication because they want to access sites quickly, without the added step of entering a pin or answering a question. People want ease of use. We explored the issue in a 2012 survey that found that 61 percent of respondents reused passwords across multiple sites and 44 percent changed their passwords once a year or less. Despite the many high profile breaches over the past four years, it doesn’t seem like password habits have improved. Identity and access management firm, Gigya, conducted a similar survey last month and found that 56 percent of respondents used passwords such as names and birthdates, and only 16 percent created a unique password for each of their online accounts.

But are consumers ready to embrace biometrics such as location tracking and typing cadence? We’ll have to wait and see. The fact remains that our current password system has a lot of flaws and it is going to take a combination of consumer education and new technologies to reduce the impact of stolen and hacked passwords on consumers and businesses.

What are your thoughts on Google’s Trust API? Share with us on our social – on Facebook, Twitter and LinkedIn.

CSID Launches Small Business Monitoring Product to Mitigate Risk of Cyber Threats

By | May 5th, 2016|Business Security, Company News|

Cyber criminals are targeting attacks towards small businesses more than ever before. In fact, Symantec reported over 43% of spear phishing attacks and 60% of all attacks in 2014 were directed towards small and midsize companies in its 2015 Internet Security Threat Report.

To combat this growing trend, we’re excited to today announce the launch of CSID’s Small Business Monitoring product, a new white-labeled service that will include full-scale protection and restoration for small businesses in the United States and across the globe. The service, hosted on our IMC platform, will include dark web surveillance of compromised business information and business identity restoration services.

Features of the Small Business Monitoring product include:

  • Defense: CyberAgent, CSID’s proprietary dark web surveillance technology monitors the depths of the web  for compromised business information, and alerts businesses to employee credentials and the appearance of company URL’s and domains.
  • Restoration: Users will have access to CSID specialists who can help them to determine if data found to be compromised has resulted in an identity theft event, and guide them through any necessary restoration activities. CSID’s case workers can assist with restoration activities for a wide range of identity theft types, and are CITRMS, FCRA, and FACTA certified.

Here’s what CSID Vice President of Product and Marketing, Bryan Hjelm, had to say about the news:

“Small businesses are an especially vulnerable population; they have more money, accounts, activity and risk than individuals, but less ability to defend themselves than enterprises. Small Business Monitoring will provide the vital, full suite of services small businesses need to help protect their assets from the risk of cyber attacks, and help them if something happens.”

We recently conducted a survey that found a significant disconnect between small businesses’ concern around cyber security, and action taken for risk mitigation. For a summary of those findings and our whitepaper visit www.csid.com/sbsurvey.

For more information on the small business product, visit csid.com/sb.

To stay up to date with all CSID news, be sure to follow us on Facebook, Twitter and LinkedIn.

All Eyes on Encryption: WhatsApp Takes a Stand

By | April 11th, 2016|Industry News|

CSIDIn the wake of the San Bernadino tragedy back in February, the FBI asked Apple to build a new, custom version of its iOS to help unlock one of the shooters’ phones. They very publicly declined, issuing an open letter to their customers that quickly sparked a massive national debate around consumer privacy and international security.

It seems that since that time, we’ve seen a heightened awareness around encryption. The most recent example is last week’s major news that WhatsApp, the online instant messaging service owned by Facebook with more than one billion global users, rolled out end-to-end encryption for all of its users.

What exactly does this mean? According to a blog post written by WhatsApp CEO Jan Koum, this latest software update has ensured that every conversation on the messaging service – whether private or a group chat – will have full, end-to-end encryption, meaning that only the recipient is able to see the message. “No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us,” said Koum.

While many privacy advocates have hailed this move from WhatsApp as a hallmark victory, others have expressed concern.

The FBI’s top attorney, General Counsel James Baker, spoke out during an event hosted by the International Association of Privacy Professionals (IAPP): “If the public does nothing, encryption like that will continue to roll out,” he said. “It has public safety costs. Folks have to understand that, and figure out how they are going to deal with that. Do they want the public to bear those costs? Do they want the victims of terrorism to bear those costs?”

Other opponents of encryption include Senators Dianne Feinstein of California and Richard Burr of North Carolina, who made headlines last Friday for introducing a bill intended to “tackle the rising use of strong encryption technology that cannot be decrypted by anyone without the correct key – including law enforcement and the companies responsible for creating it.

Regardless of where you stand in the consumer privacy versus national security debate, one thing is certain, we’ll continue to see moves from the public and private sector in the next few months shaking up headlines. What do you think about end-to-end encryption? Weigh in with us on Facebook, Twitter and LinkedIn.

Cybersecurity Took Center Stage at SXSW 2016

By | March 24th, 2016|Industry News|

SXSWWe’re just about a quarter of the way through 2016, and we’ve already seen some cybersecurity trends taking shape. We presented at South by Southwest Interactive earlier this month, participating in and engaging with some of the biggest technology conversations from around the world. If you missed any of our panels, be sure to check out our recent recap.

While we were excited to present, we were just as excited to attend some of the other sessions diving into the latest in this space at SXSW. The conference further stressed what we already know: There are plenty of things to keep an eye out for as we continue into 2016 and beyond.

The Balance of National Security and Consumer Privacy
Apple made headlines earlier this year in the wake of the San Bernardino tragedy, declining to build a new, custom version of its iOS to help unlock one of the shooters’ phones. This triggered a debate on consumer privacy in the name of national security, and during his SXSW Interactive keynote speech, President Barack Obama addressed the fine line between the two.

He wasn’t the only one. Passcode participated in a number of panels on the subject. In fact, cryptologist Matt Blaze suggested it’s a lot more complex than just security versus privacy. Encryption simply isn’t widespread enough – and isn’t 100 percent foolproof – to ensure complete consumer privacy. “We are in what can only be described charitably as a cybersecurity crisis,” Blaze said, stating that his field still has a long way to go.

Defining a Company’s Role in Society
While most tech enthusiasts applauded Apple for their steadfast stance, not everyone felt they were completely innocent. Stewart Baker, former general counsel for the National Security Agency, believes Apple “isn’t being socially responsible” on the subject of encryption. He went so far as to suggest that if a company is profiting from the privacy benefits it offers, then it should have to take on a portion of the costs in fighting crimes.

“How about letting victims of crimes that have not been solved because of encryption sue Apple for damages?” Baker said.

Blaze added that weakening encryption systems will actually hurt the government’s ability to pursue criminals. “It’s a fundamental problem of computing,” he said. “If those systems aren’t as strong, they’re easier to infiltrate.”

Companies nowhere near the size of Apple can still create a better security culture. “You can’t iterate the trust your users have in you,” said Heather West, senior policy manager at Mozilla during a SXSW talk. In essence, consumers are happy to give up more data if they feel secure in your presence, but if that trust ever disappears, it’s nearly impossible to get it back.

Staying Secure Among Robots and the Internet of Things
Writer Kevin Kelly spoke at a panel about the trends in software, robotics and data. While there’s certainly some concern in the general public about robots taking over, Kelly urged us to focus on using robotics for good, as in the case of self-driving cars whose only knowledge is how to get passengers to their destinations safe and sound.

With wearables and the IoT continuing to expand, we’re seeing progress in a number of fields that can enhance our quality of life: IEEE Spectrum has done research into brain prosthetics to help restore memory, and graphene wristbands that not only monitor blood sugar levels, but also correct them.

At one panel, Intel’s vice president of law and policy Ruby Zefo said she recently was notified that her home’s temperature could be adjusted based on who was currently inside of it. The technology would determine the home’s occupants via location services in their mobile devices. Sure, it’s convenient, and could even save money by turning off the heat and air conditioning when no one was home. But Zefo opted not to give up that personal data, and suggested everyone at least consider what information they provide. “You’ve got to be a wise consumer,” she said. “If you have zero privacy, you should get over it, because you did it to yourself.”

SXSW was full of great conversations, and it’s interesting to see where things are headed in the coming months and years. We’ll be weighing in on these trends and more this year, be sure to follow us on Facebook, Twitter and LinkedIn.

Load More Posts