Good News for Consumers: Identity Theft Protection is Now a Non-Taxable Benefit

By | January 15th, 2016|Industry News|

Tax SeasonIt may seem like April is far away, but tax season in fact launches next Tuesday, January 19. And whether you’re a business or an individual, you’ll want to know if you’re eligible for any tax benefits. Thanks to a recent announcement from the Internal Revenue Service (IRS), identity theft protection will now be considered a non-taxable benefit – a nod to the rising importance of the service for all consumers in today’s security landscape.

The IRS will treat identity theft protection as a non-taxable, non-reportable benefit—for any employee or company, regardless of whether they’ve experienced a data breach, or whether the identity theft protection is provided by an employer to employees or by a business to its customers.

Previously, only employees or customers who were in the aftermath of a data breach could treat identity theft monitoring as a non-taxable event. But after that announcement just four months ago, several businesses suggested a data breach was not a remote risk, but rather, “inevitable.”

What does this mean for companies? They can now deduct any cost of offering identity theft protection to their employees or customers. The IRS defines identity theft protection services as:

  • Credit report and monitoring services
  • Identity theft insurance policies
  • Identity restoration services
  • Other similar services

It’s important to note that these don’t need to be reported on either W-2 or 1099-MISC forms. However, this new policy won’t apply to cash given to employees or customers in place of identity protection services.

Perhaps the change in defining what qualifies was spurred by the IRS’s need to provide identity theft protection last summer, as its online database of past-filed returns and other documents was hacked. That breach affected over 300,000 individuals.

Whatever the reason, the announcement means this is a perfect time to sign up for identity theft monitoring services. You can do so through an employer or directly with a retailer. Particularly for individuals, the ability to receive tax benefits while knowing your personally identifiable information is safe and secure is a great feeling. For existing subscribers, upgrading to premium services may now be a more viable option.

Does your company offer identity theft protection and monitoring as an employee benefit? If not, would this announcement change their minds? We’d love to hear what you think. Weigh in with us on Facebook, Twitter or LinkedIn.

IoT Buzz at CES: Will Security Make it Through the Noise?

By | January 8th, 2016|Industry News|

CESHundreds of thousands of tech enthusiasts and innovators from around the world make their annual pilgrimage to Las Vegas for the Consumer Electronics Show (CES) this week.

The technology conference and trade show, whose attendees last year represented 82 percent of Fortune 100 companies, features some of the most exciting and newest technologies, encompassing everything from the latest developments in wearables, to connected cars, to robotics.

One area of focus in particular that has grown significantly from year to year is the Internet of Things. According to CIO, last year, more than 900 companies showcased IoT-enabled devices at CES. This year, many predict this number to be markedly higher. Some are already calling CES 2016 “the year IoT took over.”

Major global companies like Ericsson, NETGEAR, Cisco and others have already unveiled either new products or programs specifically for IoT devices aimed to enhance the connected home.

If you’ve been following along with us, you know that we’ve already discussed security vulnerabilities and concerns around the IoT on the blog – including it as one of our key 2016 trends and diving into the topic in our fourth episode of Firewall chats with CSID Chief Innovation Officer, Adam Tyler. There’s no doubt that though these connected devices may bring more efficiency and convenience to our everyday lives (and, there is of course, the “cool factor” – who doesn’t want a fresh pot of coffee ready for them before waking up?) we must understand what we may be sacrificing from a security perspective.

As the IoT is still relatively new, many developers are prioritizing functionality before security. With IoT devices, there is a level of uncertainty with network accessibility, as with anything connected to the Internet. Even when considering seemingly innocuous connected devices (like a connected refrigerator or coffee maker), there may be network vulnerabilities that allow a hacker to access the owner’s more sensitive information, like their email or bank account.

ZDNet reported that while concerns around privacy and security within the IoT may be on the rise, it still may be an “afterthought” for consumers this year at CES. Companies that have already very publicly expressed their investment in IoT security include Panasonic, Samsung, and Dojo-Labs, which, while a step in the right direction, is feared by some industry experts to possibly be too late, as the number of connected devices is expected to grow to more than six billion by next year, according to Gartner.

Will 2016 be the year that security comes into focus as IoT becomes the dominant topic of conversation at CES, or will it continue to take a back seat? And are companies acting quickly enough as our connected world rapidly grows? We’d love to hear what you think. Weigh in with us on Facebook, Twitter or LinkedIn.

2016: Mobile, IoT Threats on the Horizon

By | December 21st, 2015|Industry News|

Cybersecurity TrendsLast week we recapped the big happenings of 2015 for CSID. This week, we’re switching gears to look ahead to 2016 and the trends we expect to dominate in the year to come.

All eyes on mobile
The rise of mobile payments (and recent participation from major players like Apple, Android and financial institutions like Chase), has made mobile a more attractive target than ever for cyber criminals. We expect that fragmentation, especially within the Android ecosystem, will exacerbate the problem, as different manufacturers are running multiple versions with no agreed-upon update system. This is an increasing problem particularly in the developing world where consumers are using older devices that are no longer supported by the manufacturer and as a result, no longer receive the critical patches and updates to address security flaws.

Additionally, as we look to the future, mobile attacks will be simpler than ever to implement. Just one example of this that we saw in 2015: the iOS text crash, where victims were infected just by opening a multimedia message (MMS). In 2016, we’ll see a rise in these simply orchestrated, yet impactful attacks on mobile devices.

Macs no longer immune to attack
While once seemingly impossible to penetrate, Macs will become the victim of increased focus from cyber criminals as they continue to gain popularity.

A recent report from Bit9 and Carbon Black states that 2015 was the most “prolific year for Mac malware in history.” Specifically, the report suggests that the OSX malware during this past year was a staggering five times more prevalent than the past five years combined.

It’s clear that Mac OSX is now a platform that we need to be concerned about. We’re no longer living in days where we can opt out of OSX updates and not worry about the materials we download. We’ll need to exercise increased caution across all of our devices in 2016.

The dark web as marketplace of ideas will exacerbate attack reach and impact
More than ever, we’ll see cyber criminals using the dark web to share tips and tricks amongst each other, making advanced threats and attacks more accessible to general users. With this, we’ll also see a rise in younger, less experienced, and non-traditional cyber criminals orchestrating attacks. The National Crime Agency recently reported that the average age of a cyber criminal has dropped to just 17 years old.

Malvertising and drive-by downloads will increasingly deceive users
We’ll see a rise in malvertising on legitimate, credible sites – like Forbes, BBC, and other top tier sites – that are sourced by external adware networks.

Malvertising, which takes the shape of seemingly innocuous ads on the internet, will infect users’ devices if clicked. What’s more, drive-by-downloads, which require a user to just visit a website to infect their device, will grow in popularity and be spread through MMS.

Internet of Things players will need to prioritize security
We’re seeing the Internet of Things (IoT) continue to gain momentum as more and more connected devices are brought to market. In 2016, developers will need to make security a priority. Even seemingly benign devices (like your connected refrigerator or thermostat) can serve as a pathway into your most sensitive information.

Vulnerabilities in in-car entertainment systems earlier this year demonstrated how hackers could, somewhat easily, take control of the car’s steering, brakes, and other vital features. In 2016, we’ll see an increasing focus on the security of the IoT, which may cause a shift in priorities at the product development level.

Keep an eye out for these trends in our “click-to-reveal” series on Twitter and stay up to date with the latest CSID news by following us on Facebook and LinkedIn.

Industry News Recap: Secure Holiday Shopping

By | November 5th, 2015|Industry News|

SecurityThis year, the holiday shopping season began the moment Halloween came to an end. As shopping picks up, both online and off, it’s important to keep the safety of your personal information in mind. Here’s a quick recap of recent news stories and some helpful tips to keep you safe and secure:

The Basics: Safe Shopping 101
According to We Live Security, online retail markets in China, the UK and the US will increase to almost a billion dollars within the next three years. With numbers this large, more cyber criminals will inevitably look to the growing number of e-commerce shoppers.

To stay secure, the same online best practices apply during the holiday season as the rest of the year. You should always opt for secured Wi-Fi networks, especially when making online transactions. If there is no secured Wi-Fi network available, consider using a Virtual Private Network (VPN) while you shop. Lastly, always look for the green padlock symbol in your URL box to ensure the site you are shopping on is secure.

We Live Security also recommends sticking to well known e-commerce brands with reputations for robust security measures. This is a great measure because, “fraudsters often create fake and professional looking websites to lure in unsuspecting victims. Their efforts can be quite remarkable.” High-quality phishing sites, for example, have a 45 percent success rate at mining user data.

Did You Know? Chip Credit Cards Provide Added POS Security
Chip credit cards are having their widespread US debut this holiday shopping season. NerdWallet points to some of the added security features of these cards, reporting that, “EMV chips generate a new code for every transaction. Because the codes won’t work more than once, data from an EMV transaction is essentially worthless to a fraudster. EMV cards are also much harder to duplicate than cards that have all the data stored on a magnetic stripe.”

Chase and Target are two major companies that are switching entirely to chip cards, according to USA Today. However, consumers should remember the benefits of the chip system do not extend to online shopping. They should also be alert for fraud during this period of transition, according to Money. Cyber criminals have apparently been posing as credit card companies, sending fraudulent emails to consumers in order to gain personal information.

Porch Pirates (Online and Off)
A last consideration for your holiday season: thieves taking packages from your doorstep while you are away from home. Local news sources around the country have been reporting an uptick in this type of crime, and a large “porch pirate” ring was recently busted in Los Angeles.

While this is largely a low-tech crime, porch pirates can also surprisingly take the shape of cyber criminals. WKYC reports that, “A more sophisticated porch pirate might send you an SMS message or email with malware. That would let them gain access to your computer or smartphone, and they could install a RAT (Remote Access Trojan). Then they can eavesdrop on your orders and deliveries.”

Having your packages shipped to your work or to a friend, or using a service like Doorman, is the easiest way to combat this crime in its offline form. Otherwise, stay alert for suspicious emails and disable GPS services on your phone when not in use.

For the latest in cyber security news, check out CSID on FacebookTwitter or LinkedIn!

Understanding the IoT Convenience/Security Tradeoff

By | October 8th, 2015|Identity Protection, Industry News|

IoTIf you’ve been to a music festival recently, you may have noticed something convenient about your wristband. Sure, it serves its main purpose of getting you into the event, but with recent technology, it now has the capability to do quite a bit more.

Take for instance Austin City Limits music festival, which took place last weekend and will run again this coming weekend here in Austin. Festival-goers have the opportunity to load their credit card information onto their wristband either online or via the mobile app to alleviate digging around in their bag or wallet in the middle of a busy crowd. Simply hold the chip in your wristband up to the POS reader on the vendor’s iPad and voila! You’ve paid for your drink, snack, or souvenir.

Sounds convenient, right? But consider this: As you exit the festival, there are people lined up, eager to buy your wristband from you. Sell it, and it won’t take much for the person to gain access to the personal information associated with the wristband and your credit card info. It would just be a matter of cracking your four-digit pin that you had set up when registering your wristband.

This is just one case to consider, which opens up a broader discussion around what we may be sacrificing from a security perspective in the era of wearables and the Internet of Things.

Wearables, particularly fitness bands, have taken off in the past few years. PwC recently reported that more than 20 percent of U.S. adults already own at least one wearable, and that there will be as many as 50 billion new connected devices by 2020. What users may not realize is that wearable tech creates a new opportunity for a massive quantity of private data to be collected – with or without the user’s knowledge.

Symantic threat researcher Candid Wueest recently shared with Wired that it’s not so much about the level of danger people put themselves in wearing wearable devices, but more about the fact that at this point, developers are not prioritizing security and privacy. From his research, Wueest found that some devices sent data to a staggering 14 IP addresses. During his demonstration at Black Hat, Wueest identified six Jawbone and Fitbit users in the audience, showing how easy it was to find users’ locations, and specific details down to the time they left or entered the room.

But is it the wearable itself that poses the actual security threat? Gary Davis of Intel has explained (and we agree), that the weakest link is actually a user’s mobile phone, not the wearable itself. Most wearables link to your mobile phone, which, in comparison to the wearable device, hosts an exponentially greater amount of data, making it an irresistible target for hackers.

Before you cancel your order on that new fancy fitness tracker, keep this in mind: There are a number of simple, common sense steps you can take in order to protect your data. Consider buying a wearable that comes equipped with remote-lock capabilities, so that you can lock or erase its data if it is stolen. Also, as always, use a password to protect your device, use biometric authentication whenever possible, and keep an eye on user reviews online.

Stay tuned to the blog for more cybersecurity news throughout National Cyber Security Awareness Month. Share your thoughts with us on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

 

National Cybersecurity Awareness Month Kicks Off Today – We’re Proud to Be a Champion

By | October 1st, 2015|Company News, Industry News, Online Safety|

NCSAMOctober is National Cyber Security Awareness month (NSCAM), and we’re excited to be involved and show our support as an official champion!

While it’s important to keep cyber security top-of-mind throughout the year, NCSAM provides a dedicated time for companies and organizations to share tips, best practices, and collaborate on how to stay safe online.

President Barack Obama kicked things off, stressing the importance of cybersecurity with this official statement from the White House: “We now live in an era of the Internet – our children will never know a world without it. Our financial systems, our power grid, and our health systems run on it, and through widely helpful, this reliance reminds us of our need to remain aware, alert and attentive on this new frontier. By working together to prevent and disrupt threats to our digital infrastructure, America can continue pioneering new discoveries and expanding the boundaries of humanity’s reach.”

Looking for ways to get involved?

  • Show your support by registering to be an NSCAM “Champion”
  • Participate in upcoming #ChatSTC Twitter chats, occurring every Thursday throughout the month at 2 p.m. CT:
    • October 8: How to Create a Culture of Cybersecurity at Any Organization
    • October 15: Digital Parenting – Keeping Your Connected Family Safe
    • October 22: Cybersecurity and the Evolving Internet of Things
    • October 29: So You Want to Work in Cybersecurity?
  • Host a lunch and talk to coworkers about online safety on one or more of the weekly NCSAM themes.
  • Organize a volunteer day with local schools to teach young people about cybersecurity and online safety using StaySafeOnline.org’s ready-to-use teaching materials and lesson plans.

Stay tuned to the blog throughout October for cybersecurity tips and tricks from CSID experts. Have additional ways you’re celebrating NCSAM? Share them with us on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Industry News Recap: Connected Automobile Security

By | September 30th, 2015|Industry News|

Car SecurityTwo weeks ago we published a blog on security in the Internet of Things, part of which addressed recently uncovered vulnerabilities in automobile software. Since that time, concerns about cars and cybersecurity have remained in the news.

Hacked cars have made headlines before, but the issue was recently thrust back into the spotlight when white hat hackers Charlie Miller and Chris Valasek revealed a flaw in Chrysler’s Uconnect system. The flaw allowed them to steer the vehicle, change its speed, disable the brakes and shut off the engine as it sped down a highway – all from the comfort of their couch. The two described the hack as “fairly easy” and “a weekend project.”

An article in Wired covered this demonstration in detail and included the fear-inspiring conclusion that if this flaw is not fixed, “the result would be a wirelessly controlled automotive botnet encompassing hundreds of thousands of vehicles.” Days later, Tesla Motors was featured in a similar story, a sign that the auto industry’s connected cars are just as vulnerable to breach as our other Internet-connected devices.

There has been an evolving conversation around car security. As a result of Miller and Valasek’s research, Chrysler issued a recall on more than a million vehicles. Meanwhile, according to Dark Reading, “the automobile industry at large began to address growing concerns over security weaknesses and vulnerabilities in new and evolving vehicle automation and networking features.” Dark Reading also published a list of the world’s most hackable cars, while security influencers began weighing in on the best ways to reduce car hacking threats.

As of September, the ongoing conversation has yielded some promising progress. Miller and Valasek announced that they are joining Uber’s Advanced Technologies Center “to continue building out a world-class safety and security program at Uber.” Intel, a company with plenty of clout in the auto industry, also recently published a “Best Practices” white paper, providing recommendations for automakers to outfit their vehicles for privacy and cybersecurity “in the era of the next-generation car.”

The bonus of all the attention on car security? IoT security as a whole has been given more attention. Cars have not only pushed the Internet of Things forward, they have also reminded the world that as soon as anything is connected to the Internet, it becomes vulnerable to external parties.

Let us know what you think about security and the IoT on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.

Load More Posts