Cody Gredler

About Cody Gredler

Cody knows cyber security. As CSID’s Director of Marketing she has a keen understanding of what is going on both in the news and behind the scenes with the latest breaches, security threats and identity theft scams. Cody writes about the latest industry news, breaches, identity theft trends and often shares helpful security tips for both businesses and consumers.

Snapchat’s Phishing Attack: A Reminder That Security Starts with Employee Education

By | March 2nd, 2016|Business Security, Industry News, Malware and Scams|

EducateSnapchat, the popular ephemeral messaging application, just announced a phishing attack that has compromised the identities of a number of its current and former employees.

According to a blog post from the company, Snapchat’s payroll department was targeted by an isolated phishing scam, where a scammer impersonated the company’s chief executive officer and asked for employee payroll information. The email was not recognized as a scam and as a result, personal information about some current and former employees was disclosed.

Snapchat has not revealed the specific information that was released, but because it is sensitive payroll information, it could likely include everything from salary data and Social Security numbers, to bank details and addresses.

The frequency of phishing attacks continues to rise, and even unsophisticated hackers now have access to the tools needed to orchestrate an attack. According to a report from PhishLabs, “basic, even free, phishing kits now contain a variety of clever functions, as well as obfuscation and anti-analysis techniques.” While more sophisticated attackers are selling phishing kits for anywhere between $1 and $50, others are making them freely available.

In 2015, the FBI coined the term “business email compromise” to describe the growing category of phishing attacks targeting American companies. As of August 2015, the Bureau estimated that “since 2013, the total dollar losses to American companies exceeded $740 million, while only hitting around 7,000 targets. When international victims are added in, the losses total $1.2 billion.”

As with the case of Snapchat, attackers frequently impersonate executives from the company in order to hack in to company networks. These attacks are often difficult to detect. It’s essential that companies invest time in educating their employees on safe email practices, including:

  • Using strong, unique passwords and enable two-factor authentication whenever possible
  • Keeping all systems up-to-date with the latest security patches and updates
  • Avoiding sharing sensitive information over email, or utilizing code words to verify that the person requesting the information is indeed that person and not an attacker
  • Not clicking on any suspicious links
  • Deploying SPAM filters

How are you keeping your company safe from phishing attacks? We’d love to hear from you–connect with us on Facebook, Twitter or LinkedIn.

What we can learn from Apple’s open letter to its customers

By | February 19th, 2016|Industry News|

iPhoneIn the wake of the San Bernardino tragedy, the Federal Bureau of Investigation (FBI) seized an iPhone that was used by one of the shooters. Recently, the FBI obtained a court order from a California district court, requesting Apple’s assistance in cracking the phone’s passcode. This has sparked an interesting debate around encryption, the outcome of which will ultimately have an impact us all.

The FBI is asking Apple to build a new, custom version of its iOS to help unlock the phone. Later versions of the iPhone have a special security protection that cannot be manipulated by customizing the iOS, an iPhone 5c—and all models prior—can be. If Apple were to move forward with creating the software, the FBI could bypass security measures to crack the passcode, including erasing a key to decrypt data after 10 incorrect passcode guesses and removing the timed delay after incorrect password guesses.

In response, Apple has written an open letter opposing the court order, saying it’s a threat to data security for all of its users, not just for this phone in particular. The company equates what they’re being asked to do with creating “a master key, capable of opening hundreds of millions of locks.” Once the information on how to bypass security controls is known, a hacker that obtains that knowledge can combat encryption. This “backdoor” could be dangerous if it falls into the wrong hands.

There is a legal precedent for all of this: the All Writs Act of 1789, which allows courts established by Congress to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law,” so long as it’s not an “undue burden.”

Of course, this raises an interesting question. Is asking Apple to essentially create malware that could harm its older devices an “undue burden”? Think of all the things you use technology for: shopping, banking, travel, staying in touch with friends and family. It’s an incredible convenience, and while there are inevitable risks, is this asking too much of Apple? One of their top priorities is ensuring their customers are treated fairly and their data is kept secure. On the surface, what the FBI is requesting makes sense–for Apple to help crack the phone of a terrorist. But if this request is granted, it creates a precedent for similar requests in the future, requests that could have an impact not just on older iPhones, but on Android devices, computers, and pretty much any piece of technology.

This discussion is a reminder of how important cybersecurity awareness is, and why we should all be taking action to keep our personal information secure. Even simple steps, like enabling biometric authentication whenever possible, utilizing unique passwords for online accounts, and monitoring personal information, banking or credit card accounts for any potential fraudulent activity, will go a long way in keeping data secure. Consumers need to do everything they can to be aware of emerging cybersecurity threats, as poor cybersecurity practices in one situation can impact everyone. By arming themselves with awareness around the risks that are out there, consumers will be better prepared for inevitable threats on the horizon.

In the meantime, we’ll be keeping a close eye on developments around this news. Do you have an opinion? We’d love to hear from you–connect with us on Facebook, Twitter or LinkedIn.

Announcing Season 2 of CSID’s Podcast, Firewall Chats

By | February 12th, 2016|Company News, Firewall Chats|

CSIDWe’re pleased to announce CSID’s podcast series, Firewall Chats, is returning for a second season! And this one will be even bigger than the last, with six episodes released every other Tuesday starting on February.

We’ll be kicking off the second season with a look ahead to South by Southwest. SXSW is an annual conference where industry leaders meet to share ideas on the latest interactive and technology trends. Cybersecurity has been an area of focus over the past few years, and a wide-variety of industry thought leaders attend. Even if you’re not able to make it to SXSW, you’ll want to listen in.

We’ll be speaking to some great guests sharing tips and insight on how to stay secure in an increasingly digital world. Nuala O’Connor, President and CEO of the Center for Democracy and Technology, will talk about the legal and personal boundaries needed to protect your life online. We’ll learn from Novetta’s Olga Raskin how biological data, like fingerprints and eye color, are becoming more prevalent in technology, and what we can do to protect our privacy with these technological advancements. VOX Global’s Corey Ealons, along with Sterling L. Miller of Gober Hilgers PLLC, will discuss how a business can minimize the impact of a breach, and the first actions you can take to regain control.

SXSW isn’t the only big event this spring. Tax season is also in full swing. It may not be a lot of fun to do your taxes, but it’s a lot worse to deal with tax-refund fraud. As tax-refund fraud is expected to reach $21 billion this year, Neal O’Farrell of the Identity Theft Council will share how to remedy tax ID theft and protect your information in the future.

Everyone at a company, from CEOs to brand new employees, should play an active role in keeping the business’s information safe. Michael Kaiser, Executive Director of the National Cyber Security Alliance, will join us to chat about instilling a culture of cybersecurity at work. Having an open cybersecurity culture will ensure protecting sensitive information is a company-wide priority.

We’ll also take a look at medical fraud with ITRC’s Eva Velasquez. Last year, the medical and healthcare industry was the second largest market affected by data breaches and hacks. It’s a very real issue, and we’ll discuss how consumers can protect their health information.

We can’t wait to share the expertise of some terrific thought leaders in the industry. To make sure you don’t miss an episode, follow Firewall Chats on Facebook and Twitter. And, as always, stay up to date with everything going on at CSID by following us on Facebook, Twitter and LinkedIn. If you missed Firewall Chats Season 1, you can check out the full season at www.csid.com/firewallchats.

We’re Launching a New, 12-Week Paid Parental Leave Policy

By | January 26th, 2016|Company News|

CSIDAt CSID, we strongly believe there’s a direct correlation between our company’s success and the happiness and well-being of our employees. That’s why we’ve worked tirelessly to create a company culture that includes a suite of competitive benefits to improve the quality of life for our growing team.

Today, we’re thrilled to announce our new parental leave policy for 2016 for our male and female employees that includes 12 weeks of 100% paid time off (PTO) with the flexibility to distribute this leave over a six-month time period. We’ve developed this policy to reflect the evolving modern landscape of parenting, with the hope that it will allow new parents to spend more time at home with their new addition to the family.

Here’s what CSID President and Co-Founder, Joe Ross, had to say about the news: “At CSID, we’ve always believed that the happiness and personal fulfillment of each and every one of our employees is directly related to our company success, and strived to create an environment reflective of our core values. We’re glad that technology industry behemoths like Facebook have brought parental leave to the forefront of the benefits conversation and more in line with the modern family. We want to demonstrate that mid-size companies are also capable of offering these types of policies for their employees. We believe we are one of only two companies in Austin offering parental leave at this level.”

Senior Director of HR, David Darrow, also shared his insight on the new policy: “Research has continued to show the benefits of paid parental leave – including the psychological well being of new parents and also the probability that they will return to work. We’re excited to roll out a policy that we strongly believe will be mutually beneficial for our employees and the company.”

Our parental leave policy joins a host of other competitive benefits, including:

  • Flexible, open vacation policy for exempt employees
  • Free identity protection
  • 401k with generous company match
  • On-site gym and bi-weekly on-site yoga classes
  • Open office environment that fosters collaboration

A comprehensive list of benefits can be found on our website.

Interested in learning more about what it’s like to work at CSID? Hear what our employees had to say and view current openings here and be sure to follow us on Facebook, Twitter and LinkedIn and along with our hashtag #LifeAtCSID for more company updates.

IoT Buzz at CES: Will Security Make it Through the Noise?

By | January 8th, 2016|Industry News|

CESHundreds of thousands of tech enthusiasts and innovators from around the world make their annual pilgrimage to Las Vegas for the Consumer Electronics Show (CES) this week.

The technology conference and trade show, whose attendees last year represented 82 percent of Fortune 100 companies, features some of the most exciting and newest technologies, encompassing everything from the latest developments in wearables, to connected cars, to robotics.

One area of focus in particular that has grown significantly from year to year is the Internet of Things. According to CIO, last year, more than 900 companies showcased IoT-enabled devices at CES. This year, many predict this number to be markedly higher. Some are already calling CES 2016 “the year IoT took over.”

Major global companies like Ericsson, NETGEAR, Cisco and others have already unveiled either new products or programs specifically for IoT devices aimed to enhance the connected home.

If you’ve been following along with us, you know that we’ve already discussed security vulnerabilities and concerns around the IoT on the blog – including it as one of our key 2016 trends and diving into the topic in our fourth episode of Firewall chats with CSID Chief Innovation Officer, Adam Tyler. There’s no doubt that though these connected devices may bring more efficiency and convenience to our everyday lives (and, there is of course, the “cool factor” – who doesn’t want a fresh pot of coffee ready for them before waking up?) we must understand what we may be sacrificing from a security perspective.

As the IoT is still relatively new, many developers are prioritizing functionality before security. With IoT devices, there is a level of uncertainty with network accessibility, as with anything connected to the Internet. Even when considering seemingly innocuous connected devices (like a connected refrigerator or coffee maker), there may be network vulnerabilities that allow a hacker to access the owner’s more sensitive information, like their email or bank account.

ZDNet reported that while concerns around privacy and security within the IoT may be on the rise, it still may be an “afterthought” for consumers this year at CES. Companies that have already very publicly expressed their investment in IoT security include Panasonic, Samsung, and Dojo-Labs, which, while a step in the right direction, is feared by some industry experts to possibly be too late, as the number of connected devices is expected to grow to more than six billion by next year, according to Gartner.

Will 2016 be the year that security comes into focus as IoT becomes the dominant topic of conversation at CES, or will it continue to take a back seat? And are companies acting quickly enough as our connected world rapidly grows? We’d love to hear what you think. Weigh in with us on Facebook, Twitter or LinkedIn.

Using Social Media in Vetting for Visa Applicants

By | December 16th, 2015|Uncategorized|

Social MonitoringNews surfaced late last week that Tashfeen Malik, the female shooter in the San Bernardino attack, pledged support to ISIS on her Facebook page the day before the attacks and had talked openly on social media about her support for violent jihad prior to passing background checks for her K-1 fiancee visa. The Department of Homeland Security (DHS) missed this because it is currently prohibited from screening applicants’ social media messages for immigration eligibility.

The New York Times wrote, “The discovery of the old social media posts has exposed a significant — and perhaps inevitable — shortcoming in how foreigners are screened when they enter the United States, particularly as people everywhere disclose more about themselves online. Tens of millions of people are cleared each year to come to this country to work, visit or live. It is impossible to conduct an exhaustive investigation and scour the social media accounts of each of them, law enforcement officials say.”

This ignited a debate that has been playing out in the media, the House floor, and on the political stage. To summarize, Democrats and Republicans alike said DHS needs to start screening social media before it approves visas. Hillary Clinton, among others, called for tech companies to work with authorities to combat terrorist messages online.

Whether or not the government should screen applicants social media accounts, it absolutely could accomplish this type of screening quite easily with social media monitoring tools that companies and individuals use all the time for marketing and business intelligence, reputation and online identity management. CSID’s Social Media Monitoring tool is designed to alert subscribers of instances where they are sharing personal information via social that may put them at risk of identity theft, as well as information found within their social networks that might damage their reputations. It is not hard to imagine how this same type of keyword monitoring and alert functionality could be used to aid in the screening of visa candidates.

As always, let us know what you think on FacebookTwitter and LinkedIn.

Firewall Chats, Ep. 5: Scams, Malware, and Phishing Attempts

By | December 15th, 2015|Business Security, Firewall Chats|

MalwareToday airs the final episode in our pilot podcast series! To wind down the last few days of 2015, we sat down with Adam Dolby, Encap Security’s vice president of business development.

Prior to joining Encap Security, Dolby was focused on banking, ATM networks, and card processing. His expertise lies within multi-factor authentication, security, and electronic financial services, which is why we wanted to discuss the tricks, traps, scams and malware that consumers face daily.

Did you know, according to Get Cyber Safe, roughly 156 million phishing emails are sent each day? Of that, 16 million make it through filters. Half are opened. In the end, 80,000 people fall victim to scams and share personal information with cyber criminals.

“Bad guys will cast a fairly wide net–the wider the net, the better for them,” Dolby said. “They see who ends up in it at the end. … While the online community has come [far], when you can still trick 80,000 people, a day, into giving away their credentials that means we have a really long way to go.”

Malicious emails aren’t the only danger to businesses and consumers.

“Malware, to me, is the real threat.” Dolby said. “Malware is a form of computer program designed specifically to steal your login credentials.”

Dolby said there were 255,000 new malware variants every single day in 2014.

Our guest also shared that long gone are the days when hackers were individuals, hiding in basements. Now these scams and hacks are part of sophisticated, organized attacks.

In our episode, Dolby shares tips to be aware of these scams, the cost of data breaches, two-factor authentication, and how businesses can better protect their employees and customers.

“It’s up to you to protect your identity,” Dolby said. “Be prepared for the when, not the if.”

You can listen to the entire episode, as well as our past podcast episodes, at www.csid.com/firewallchats. Thanks for listening!

Questions? Comments? A topic you’d like to see us tackle next year? Reach out to us on Twitter and Facebook to let us know!

2015: The Year In Review

By | December 10th, 2015|Company News|

CSIDIt’s been a big year for CSID, with some major company wins and exciting momentum underway as we head into 2016. Here’s a look back at the year’s highlights:

Traveling the World and Sharing Cybersecurity Insights
In the spring of 2015, we joined 50,000 of our closest friends for South by Southwest, speaking on four panels on topics ranging from recruiting in a crowded infosec marketplace to a demo showing just how easily a small business can be hacked. We also participated in the annual ID360 Conference from the UT Center for Identity with sessions on medical identity theft and securing digital wallets in the age of mobile payments.

Our Chief Innovation Officer, Adam Tyler, was kept busy this year, traveling around the world and speaking at many top security conferences including the (ISC)2 and ASIS conferences in Anaheim, Calif. and the Mastercard Global Risk Management conferences in both Key Biscayne, Fla. and Berlin, Germany. CSID’s Joel Lang participated in the Austin InnoTech Conference serving as the moderator for the Incident Response panel and delivered a solo session at the Texas Department of Insurance Fraud Conference.

Receiving Awards and Accolades
In August, our CFO, Amanda Nevins, was named an Austin Business Journal “Profiles in Power” winner. Amanda has been with CSID for four years and during that time she has had a huge influence on the company’s business and employees. Get to know Amanda in this great video interview.

Later that month, CSID was recognized as one of Austin’s fastest growing companies in the Austin Business Journal’s annual Fast 50 Competition.

We were also awarded with the The Higginbotham Health & Wellness Award by the Austin Chamber of Commerce, which recognized our executive staff for actively encouraging our employees to engage in healthy and well-balanced lifestyles.

Launching an Original Podcast Series
We launched the first episode of Firewall Chats in October. Firewall Chats is our new podcast series diving into all things cybersecurity. In season one’s five episodes, we explore topics like social media, steps for consumers to take control of their privacy, the ever-evolving Internet of Things and the newest ransomware and malware attacks. Our final episode airs next week.Take a listen at www.csid.com/firewallchats.

Rolling Out New Services
In November, we announced the launch of our Social Media Monitoring service to alert consumers to privacy and reputational risks across Facebook, Twitter, LinkedIn and Instagram.

In August, we also announced CSID’s Financial Account Takeover monitoring. Financial Account Takeover notifies you if your Social Security number and personal information have been used to open a new bank account; or if changes have been made to an existing bank account, including changes to account contact information or attempts to add new account holder. The service also notifies you if your Social Security number and personal information have been used to apply or open a new credit card, checking or savings account.

Weighing In On the Latest Industry News
Throughout the year, we served as a resource and shared our perspective with media on consumer security, data breach response, and other topics. Below are a few highlights from the year, but you can check out our full news coverage on our website.

Thanks for following along with us this year. We hope you’ll continue to stay up to date on CSID news in 2016 by following us on FacebookTwitter and LinkedIn.

 

Keeping Kids Safe From Identity Theft

By | December 7th, 2015|Identity Protection|

Child ID TheftIt’s something you may not think about very often—your child’s personally identifiable information being used for identity theft. Most children’s Social Security number (SSN) and personal information remain unused until they turn 18, leaving years for identity thieves to cause serious damage.

It’s common for parents to use a child’s SSN for routine activities, like registering for school or in doctor’s offices. However, many parents don’t think about checking if their child has a line of credit associated with their SSN. The reality is that youths under the age of 18 are a staggering 51 times more likely to have their identities stolen than adults. Victims of child identity theft face many difficulties as a result, like complications applying for college, opening savings accounts, or obtaining credit cards.

Fortunately, there are a number of precautions to help protect both you and your children from identity theft.

Educate and Communicate
Kids are tethered to the Internet through games, apps, and devices. This increases their risk of sharing sensitive information. Take the time to teach your children the the do’s and don’ts of being online. Check out our guest blog post from Anne Livingston on tips to prevent child identity theft, and the 5 pieces of information kids should not share online.

Creating and maintaining this conversation will ideally open up a dialogue and allow your children to feel comfortable talking to you about other online topics, like the latest viral video or more serious issues like cyberbullying.

Check Your Child’s Credit Report
The Federal Trade Commission recommends proactively checking a youth’s credit report around their 16th birthday. Should a credit report with fraudulent charges exist, you’ll have time to correct any errors well before your child needs to rent an apartment or apply for a job or loan.

Stay Up to Date on the Latest Technology
Take advantage of an identity monitoring service that includes Child Protection. These services monitor your child’s SSN and personal information, and alert you to any suspicious activity.

Don’t stop there! Familiarize yourself with your children’s gadgets. Computers, tablets, gaming consoles, and other handheld devices can all collect personal information. A hot new game or app may be revealing more of your child’s personal information than you’d like.

Be Cautious
Ask questions anytime your child’s personal information is requested: what will it be used for, why is it needed and how will it be guarded? For instance, few organizations such as motor vehicle, tax and welfare departments have the right to require your SSN. Be cautious before giving out your child’s personal information, and your own.

By following these simple tips, you can play an active role in ensuring the security of your child’s identity. Stay tuned for more security tips and the latest in industry news by following us on Facebook, LinkedIn and Twitter.

CSID Launches Social Media Monitoring Service

By | November 11th, 2015|Product News|

Social MediaEach day our lives become increasingly connected to our friends and family around the world thanks in large part to social media.

As of September, Facebook now boasts 1.55 billion monthly active users across the globe. Instagram has more than 400 million monthly users. Our favorite 140-character site has just over 320 million monthly tweeters.

Billions of people create an almost unfathomable amount of data. By 2020, social data is expected to reach 44 zetabytes (or 44 trillion GB’s), according to industry research firm IDC. With every post, check-in, like, swipe, and favorite, we are sharing our most precious information with the world. While many posts are harmless, individuals need to be aware of the types of things they are sharing on social media.

We recently tackled this topic on our first episode of Firewall Chats, titled “Social Media Matters.” Credit cards and Social Security numbers aren’t the only pieces of information that can lead to identity theft and fraud. Social media oversharing can have lasting consequences.

Inspired by the world’s social tendencies and our commitment to protecting consumers, CSID is proud to debut a new service to assist social media users. Our Social Media Monitoring service alerts users to privacy and reputational risks on the most widely-used platforms: Facebook, Twitter, LinkedIn, and Instagram.

Cyber criminals can easily access sensitive information on social media. Even seemingly innocuous information found on social networking sites, like mother’s maiden name and high school mascot, can be useful to fraudsters to gain access into your accounts. Just think, are these pieces of information used as your password reset questions? You may want to think twice next time you share this information on social media. That’s where our Social Media Monitoring services comes in. This service alerts a user when they are sharing personal information on their social networks, whether it be in their profile info, comments, status updates, or wall posts.

Perhaps even more than our assets, social media poses a great threat to our reputations. Careless posts and comments have resulted in lost jobs, relationships, and opportunities. After all, 91 percent of hiring managers screen job applicants’ social networking profiles during the hiring process. In addition to flagging privacy risks, Social Media Monitoring alerts users when their reputation may be at stake, identifying social media content containing foul language, sexual content, or drug and alcohol references.

To learn more about our Social Media Monitoring service and how to safeguard your consumers’ online privacy and reputation, please visit www.csid.com/socialmonitoring.

Load More Posts