Industry News Recap: National Cyber Security Awareness Month

By | October 7th, 2016|Online Safety|

CSIDNational Cyber Security Awareness Month (NCSAM) kicked off this month and as a result, more eyes than ever are on cybersecurity. This week, we’re spotlighting a few recent national stories we expect to be a key part of the conversation among those participating with us in the month-long celebration.

Cybersecurity and the 2016 Election
For the first time in history, cybersecurity has emerged as a major topic in the 2016 general election. In the first presidential debate, both candidates talked about cybersecurity, especially in regard to alleged recent state sponsored cyber attacks. Both candidates agreed that the US should have strong cybersecurity capabilities to combat such threats.

National cybersecurity will continue to be in the news as Election Day itself approaches. Politico recently reported that hackers have probed voter registration systems in more than 20 states. In the wake of this news, more and more voters are becoming concerned as they prepare to head to the polls. Fortunately, many states are now working diligently with the Department of Homeland Security to ensure that their voting systems are properly secured for Election Day.

IoT Breaches On The Rise
The Internet of Things (IoT) continues to grow steadily, and organizations of all kinds are learning to adapt to the new technology ecosystem. However, security flaws in the IoT remain as a concern that has not been adequately addressed. Powerful DDOS, or “distributed denial of service” attacks via IoT devices have made headlines in recent weeks. DDOS attacks are a tried and true type of threat, but what we’re beginning to see is cyber criminals using compromised IoT devices to augment the size of an attack.

As part of NCSAM, the Online Trust Alliance released a checklist of steps for ensuring the security of IoT devices. Just as for most online risk mitigation, consumers should regularly update privacy settings on home and wearable devices in order to remain secure. Additionally, users should create long and strong passwords for all of their devices, and update them regularly.

Security Skills Gap
As we discussed a few weeks ago, the shortage in trained cybersecurity professionals is a problem. New reports show that the problem is continuing to grow. More than 209,000 U.S.-based cybersecurity jobs remained unfilled, a figure that is up 74 percent since 2011. Overall, the state of the cybersecurity skills shortage continues to pose a threat to the industry.

In spite of these issues, 79% of current cybersecurity professionals say that they are happy in their career path. It’s a fulfilling career, especially for today’s tech savvy population. Additionally, more and more schools globally are establishing programs and scholarships that directly address the cybersecurity skills gap by sparking curiosity and inspiring younger generations to get involved in the field.

To stay up to date with all the industry news shaping up during NCSAM, be sure to follow us on FacebookTwitter and LinkedIn

We’re Gearing Up for National Cyber Security Awareness Month

By | September 30th, 2016|Online Safety|

CSIDCyber security is a shared responsibility. That’s why every October, businesses, government agencies, universities, associations, nonprofit organizations and individuals come together to participate in National Cyber Security Awareness Month (NCSAM) to promote online safety awareness. NCSAM was created as a collaborative effort between government and industry to ensure all digital citizens have the resources they need to stay safer and more secure online, while also protecting their personal information.

We’ve participated the last several years and are proud to once again be registered as an official NCSAM Champion, where we’ll join the conversation on how to stay safe online and build a culture of cyber security awareness nationwide. Here are some ways you and your organization can take part in all of the activities throughout the month:

Become a Champion: Whether you’re an individual interested in getting involved or representing your organization, find out more about how to become a NCSAM Champion. You’ll be joining a large community from around the country dedicated to promoting a safer and more secure Internet.

Get Involved with Events – Onsite or Online: Browse Stay Safe Online’s list of events and mark your calendar for conferences and panel discussions in your area. There are also a number of virtual events, like webinars and Twitter chats, taking place throughout the month. Here are a few we’re looking forward to in particular:

  • October 6: #ChatSTC Twitter Chat – The Basics of Online Safety
  • October 13: #ChatSTC Twitter Chat – Creating a Culture of Cybersecurity from the Break Room to the Boardroom
  • October 20: #ChatSTC Twitter Chat – Recognizing and Combatting Cybercrime

Stay Informed: Stay up to date with all NCSAM news by following our friends at Stay Safe Online on Twitter and check out their resources for helpful tips and tricks around online security.

We’ll be actively involved in many of the NCSAM activities across all our social channels, so be sure to follow us on FacebookTwitter and LinkedIn.

CSID Bolsters Social Media Monitoring Product to Help Keep Children Safe Online

By | September 20th, 2016|Company News, Online Safety|

CSIDToday, we’re pleased to announce that our Social Media Monitoring product now includes child-monitoring services. This important addition, which can be rapidly deployed and customized through our Identity Management Center (IMC), lets our partners enable subscribers to monitor privacy and reputational risks, cyber bullying, weapons references, and sexual predator activity for their child’s Facebook, Twitter, and Instagram accounts.

Ninety-two percent of teens go online daily. Ninety-one percent of these individuals share photos of themselves, and 71 percent share the name of the city or town in which they live. It’s more important than ever for parents to be vigilant of the security risks facing their children across social media. Not only can a child’s social media activity put them risk for identity theft or fraud, it can also impact his or her future success. In fact, 35 percent of admissions officers reported that when checking on a student’s online presence, they found something that negatively impacted an applicant’s chances of getting in, a figure that has nearly tripled from last year.

Here’s what CSID President and Co-Founder, Joe Ross, had to say about the news:

In today’s world where children and teens are constantly connected, they may be sharing information that puts them at risk for identity theft, reputation damage, or worse. The new child monitoring services added to our Social Media Monitoring product will allow businesses to provide subscribers peace of mind, knowing that they’ll be alerted if their children are sharing any information or engaging in activities via social media that puts them at risk.

For more information on CSID’s Social Media Monitoring product, visit https://www.csid.com/socialmonitoring/ and to stay up to date with all CSID news, be sure to follow us on FacebookTwitter and LinkedIn.

To Post Or Not To Post: Back To School Pictures

By | August 26th, 2016|Online Safety|

CSIDIf you’ve logged on Facebook or Twitter in the past few days, chances are good your news feed is flooded with little faces holding colorful backpacks, bursting with supplies. Proud parents love the opportunity to share their children’s “back to school” photos with family and friends. This flurry of photos happens every fall, but a new trend is cause for alarm. Many parents now create and post creative signs, displaying their child’s name, school, and the grade they are entering.

While parents have the best intentions with these photos, they need to be aware they could be sharing sensitive information about their children. Sharing a child’s full name, school, and age, could potentially endanger a child and their identity. Aside from select family members and friends, most followers should not be privy to such details.

It’s better to err on the side of safety, especially with our children. If you still want to share your child’s photo on social, consider the following:

  • Examine your social media privacy settings. Make sure photos, posts, and your own identifying information are limited to close friends and family.
  • Avoid sharing your child’s full name and birth date. These details along with a home address could allow cyber criminals to create fraudulent accounts in your child’s name.
  • Consider sharing your photos in a shared smartphone album, or on an end-to-end encrypted platform like WhatsApp. Another option is to email or text the photos directly to family and friends.
  • What if grandma doesn’t use the latest apps? Print your photos and send them in the mail.
  • Enlist in an identity protection service that includes child monitoring. These types of services can alert you to potential compromises of your personal information (and your child’s) on the dark web.

Do you post about the first day of school? Join the conversation and stay up to date on the latest tips and cybersecurity news by following CSID on Facebook, Twitter or LinkedIn.

There’s an App for That: Keeping Your Phone Secure

By | August 18th, 2016|Online Safety|

CSIDThis summer, with the explosion of Pokemon Go, we’ve seen how a mobile app can take the world by storm. The mobile world continues to grow, and as it does, we must remember to take the necessary steps to ensure our devices remain secure. As we approach the end of summer, here’s a little back-to-school refresher on accessing the apps on your phone safely.

Check Privacy Settings
Think about the accounts you use most frequently – do you know what your privacy settings are for each of them? Whether it’s a banking app, an online retailer, or an email account, if you’re interacting with it often, you should monitor your privacy settings. Certain apps will have default settings that may share information you’re not comfortable giving out. Taking a thorough look at your settings is well worth it to maximize your privacy.

Not sure where to look for privacy settings? The National Cyber Security Alliance has created a guide with links to the security settings of several commonly used apps like Spotify and Amazon. Once your settings are up to date, your next purchase or song session will be that much more secure.

Updates Are Your Friend
Privacy settings aren’t the only thing you should update – the apps themselves need to be refreshed, too. Once an app is released into the world, developers don’t stop working on it. They’re constantly monitoring for bugs and ways to improve their product’s security, and updates pass those improvements along to users. Updates may change an app’s interface, but they also frequently provide benefits under the surface, such as eliminating glitches and offering better overall security.

If your phone isn’t already set to automatically update, turn that function on for the peace of mind that you have the most secure version of the app available.

Delete Apps You Don’t Use
Most people have at least one app on their phone that they never touch. Not only is that forgotten app taking up space on your phone, it may also be a security threat. As we mentioned earlier, there will likely be security updates for your abandoned apps that you may not be aware of, making your phone an easier target.

Depending on your device, you can either disable or permanently delete an app. If you’re an iOS user, you’ll also want to delete the apps from your iTunes account, or they will reinstall anytime you sync your phone.

Keep Your Family Secure, Too
There are several apps whose sole purpose is to hide other apps on someone’s phone. Your child may be using these types of apps to divert attention away from other apps you might not want them using. New messaging apps are constantly being developed which allow users to chat anonymously. By posing as fellow teenagers, hackers have the opportunity to mine your child’s personally identifiable information and put their identity at risk.

It’s worth taking the time to review what your kids have downloaded onto their phone, and talk to them about the potential risks of certain apps. Encourage them to mirror your privacy settings, as well.

What other tips do you have for keeping your phone secure? Join the conversation and stay up to date on the latest tips and cybersecurity news by following CSID on FacebookTwitter or LinkedIn.

Pokemon Privacy: Catching Them All, Safely

By | July 18th, 2016|Industry News, Malware and Scams, Online Safety|

CSIDOn July 6, Niantic launched Pokemon Go — a free, augmented reality game for iOS and Android devices. The world went wild. Pokemon Go grabbed 26 million users in the U.S. alone, surpassing both Google Maps and Twitter in daily active users.

It’s been hard to escape the colorful news over the past week. Articles continue to surface on where to find the best Pokemon, how to catch them, and (most importantly) how to stay safe while doing so. In addition to warning users to be aware of their physical surroundings, many headlines warn of the cybersecurity risks involved with the game.

Full Google Account Access
One of the main concerns was Pokemon Go’s access to iOS users’ full Google Accounts. Although the app was vague on what this entailed, many privacy experts and users were concerned the game could access everything from Gmail to Google Drive.

Niantic was quick to respond to the alarm, claiming this was an error. “Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected,” Niantic said in a joint statement with The Pokemon Company.

The statement also clarified that no additional information has been received or accessed within Google. Instead of potentially accessing your entire Google footprint, the app can now only access your Google user ID and email address.

Take Action: iOS players should take care to update the app from the App Store and re-login to accept this updated privacy policy.

Malware Threats
Pokemon Go is only currently available in the United States, Australia, New Zealand, and United Kingdom, though it will soon be available in Italy, Spain and Portugal. While other regions wait for their chance to build their Pokedexes, many over-eager gamers are downloading versions from third-party sites.

“When it comes to malware, you really don’t want to catch ’em all,” Tim Erlin, Director, Security and IT Risk Strategist at Tripwire told InformationSecurityBuzz.com. “Cybercriminals are after any angle that helps them gain a foothold on your devices. A popular app that’s not available in some places is a near-perfect target for crafting a malware delivery strategy. … Installing software from third-party markets and unknown sources increases your risk of malware. Period.”

The security firm Proofpoint claims to have found a third-party version of the game which included a RAT, or remote access tool, called Droidjack. While Proofpoint has not observed the malicious tool “in the wild,” Droidjack has the potential to give a cybercriminal full control over a victim’s phone.

Take Action: If Pokemon Go is not currently available in your area, be patient. Do not risk infecting your phone and devices with malware. Android users should also take care to download the app from App Store.

Watch Where You Work
The cybersecurity risks around Pokemon Go give employers a great opportunity to create a conversation around BYOD security (and time management) in the workplace. Companies and employees should be aware that a device infected with malware could affect the entire network’s security.

Take Action: Brush up on our best practices for protecting your business.

Create a Conversation with Kids
While apps – and Pokemon – are meant for fun, it’s important to examine the privacy policies of all your apps to ensure you are not over-sharing data. This can help lead into a conversation with your family, and especially your kids, about privacy and security.

Discuss what types of information should be kept private, both online and in person. Discuss concerns over connecting devices to public Wi-Fi, and how to recognize a scam. Creating a conversation now can lead to better cybersecurity habits later.

Take Action: We discuss more tips for talking to your kids about privacy.

Are you playing Pokemon Go? Let us know your experience with the app and how you’re protecting your information. Join in the conversation on Facebook, Twitter or LinkedIn!

Say “I Do” to Safe Digital Wedding Etiquette

By | July 15th, 2016|Online Safety|

CSIDThere’s no doubt about it, wedding season is fully upon us. Between brides researching vendors on their mobile phones and excited guests eager to share the official hashtag, wedding planning and participation is becoming increasingly digital.

While technology may bring more convenience to the planning process, nothing ruins a honeymoon quite like a case of identity theft or fraud. In the spirit of staying safe during wedding season, our friends at the National Cybersecurity Alliance and STOP.THINK.CONNECT recently shared some helpful tips that brides, and everyone for that matter, should vow to follow. Here’s a recap of a few we feel especially strongly about:

  • Make passwords long and strong: If you’re planning your special day, chances are you’re dealing with a number of online vendors. Remember to make passwords complex, using at least 12 characters with a combination of upper and lowercase letters and symbols. Be sure to use unique passwords for each account. If two-factor authentication is available, take advantage of this extra layer of security.
  • Resist the urge to share your honeymoon pictures on social: This is something we’ve discussed before on the blog, but sharing photos while you’re on vacation can alert criminals that you are away from home. Avoid the stress of hearing about a break-in while you’re on the beach, and wait to share pictures until you return. Also consider turning off location services on your mobile devices when not in use.
  • Avoid using public Wi-Fi hotspots: Whether you’re at the airport, hotel, or hopping around cafés, avoid connecting to public Wi-Fi, especially while making purchases or accessing sensitive websites like your bank account. Using public Wi-Fi can significantly increase the risk of signal sniffing and identity theft. The convenience is not worth the security trade-off. Consider a VPN if you’re looking to connect securely on the go.

Are you taking the plunge and committing to safe digital practices? We’d love to hear from you. Join the conversation on FacebookTwitter and LinkedIn and be sure to check out the full list of tips for digital bliss from our friends at the National Cybersecurity Alliance and STOP.THINK.CONNECT.

Recognizing Different Types of Imposter Scams: Part 2

By | July 14th, 2016|Malware and Scams, Online Safety|

CSIDImposter scams – when criminals disguise their true identity, pretending to be someone trustworthy in an attempt to obtain money from their victims – can happen anywhere, and to anyone. Imposters go to great lengths to appear real and manipulate their victims, and we’re not seeing any sign of these scams slowing. In order to combat this growing trend, the Federal Trade Commission recently released educational videos and articles to help consumers and businesses alike avoid some of the most common imposter scams facing us today. We took a look at a couple of scams last week – the second of this two-part series discusses the others: grandkid and online dating scams.

Grandkid Scams
This type of scam happens more commonly with the elderly, taking advantage of the bond between a grandparent and grandchild. However, anyone can be affected. Typically, the scammer will give you a call, claiming to be a grandchild or another family member, asking for money to get out of an accident or other fabricated incident.

Before you reach for your wallet, try to determine if the call is legitimate. Contact the person claiming to call directly. You should also check in with someone who knows the person, like a sibling, parent or friend. Don’t send money unless you’re positive the person calling is indeed who they say they are.

Online Dating Scams
In today’s digital world, more and more relationships are being formed via online dating sites. In many cases, relationships begin to develop online before ever actually meeting in person. The lack of face-to-face interaction is a perfect opportunity for a scammer to strike. Perhaps they’ll have a sick relative, or their car is just giving them all sorts of trouble, or they’re late with their rent. It’s a different excuse every time, with all requesting the same thing: money.

If you do suspect someone of attempting to scam you, report it at FTC.gov/imposters. Have you been a victim of a scam? Join the conversation on FacebookTwitter and LinkedIn.

Recognizing Different Types of Imposter Scams: Part 1

By | July 8th, 2016|Malware and Scams, Online Safety|

CSIDImposter scams – when criminals disguise their true identity, pretending to be someone trustworthy in an attempt to obtain money from their victims – can happen anywhere, and to anyone. Imposters go to great lengths to appear real and manipulate their victims, and we’re not seeing any sign of these scams slowing. In order to combat this growing trend, the Federal Trade Commission recently released educational videos and articles to help consumers and businesses alike avoid some of the most common imposter scams facing us today. The first of this two-part series takes a look at some of the most prevalent: IRS and tech support scams.

IRS Imposter Scams
Tax season is already a stressful period for many, and it’s made even worse by imposters pretending to be someone they’re not. We’ve discussed various types of tax fraud in the past, but an IRS imposter scam is a bit different. A scammer will send an email, text or call claiming you owe taxes, or there that there is an issue with your return, and can even rig your caller ID to look official. These are alarming messages for anyone to receive, and a scammer could take advantage of your anxiety to extort money.

Before panicking, remember this: the first method of contact from the IRS is always via a letter in the mail. If you’re receiving a message in any other format, especially if it’s suggesting paying with a debit card or wire transfer, it’s likely bogus.

Tech Support Scams
With how much time we spend on the Internet, it’s possible we may have picked up a computer virus along the way. Scammers know this, and may pose as a tech company to warn you about a potential infection.

These scammers come with varying intentions. They may want to sell you useless software services, steal your credit card number, or get access to your computer to install malware. If you receive a call or an email like this, take a moment to stop and think. Never give control of your computer or your credit card information to anyone that contacts you out of the blue.

We’ll cover two additional imposter threats in an upcoming blog post. Meanwhile, if you do suspect someone attempting to scam you, report it at FTC.gov/imposters. Have you been the victim of a scam? We’d love to hear from you – join the conversation on FacebookTwitter and LinkedIn.

National Internet Safety Month: Staying Safe While Traveling

By | June 23rd, 2016|Online Safety|

CSIDJune is National Internet Safety Month, which began in 2005 in order to raise awareness around the need for online safety, especially among children and teens. In honor of Internet Safety Month, this week we’re taking a look at keeping your information secure while traveling.

But before you pack your bags, it’s important to understand that summer travel, and any travel, can put a target on your back for cyber criminals. Fortunately, there are some easy tips you can follow to keep you secure no matter where you go:

Be mindful of what you bring
While you may need to bring your license and passport if traveling abroad, keep other personally identifiable information (PII) at home. There is no need to bring things like your Social Security card, bank account statements or medical documents. These documents can be easily traced back to you, and if you misplace them during your travels, it can put you at risk for identity theft.

However, things you should keep with you when you travel are your personal devices. Avoid the urge to check larger devices in your luggage. While a laptop or camera may add a bit of bulk to your carry-on, it’s worth having the peace of mind of knowing the location of these items that store your data at all times.

Avoid using public Wi-Fi
Avoid purchasing flights or accessing sensitive websites (like your bank account) on any device while connected through public Wi-Fi or unsecured networks Also, remember to turn off your phone’s auto-connect Wi-Fi feature during your entire trip. When you’re at the airport, in a café, at a bookstore, or other similar places, using public Wi-Fi can increase the risk of signal sniffing and identity theft.

Be in the moment
Resist sharing your vacation on social media while you’re away from home. Posting a photo of your latest zip lining adventure may make your friends jealous, but it also alerts criminals that you’re not at home. To prevent a break-in from an opportunistic criminal, wait until you return before sharing your photos. Don’t worry – your friends will still be envious of your trip.

Have more traveling tips to share? Join the conversation over on Facebook, Twitter and LinkedIn, and check out our blog post on loyalty reward program scams for more traveling advice.

Load More Posts