National Internet Safety Month: Creating a Conversation at Home

By | June 17th, 2016|Industry News, Online Safety|

CSIDJune is National Internet Safety Month, which began in 2005 in order to raise awareness around the need for online safety, especially among children and teens. In honor of Internet Safety Month, this week we’re diving into how to start a conversation with your family around Internet security.

Late last year, it was reported that teens spend nearly nine hours every day in front of some form of media channel. Pew Research Center also recently found that, “… aided by the convenience and constant access provided by mobile devices, especially smartphones, 92% of teens report going online daily — including 24% who say they go online ‘almost constantly.’”

With so much time spent online it’s clear that, perhaps more than ever before, parents need to start a conversation around Internet security with their children.

What dangers may be associated with so much time spent online? One that may not be immediately obvious is the growing trend of child identity theft. As adults, we know using the Internet comes with certain risks, but parents often do not realize that their children face these same risks while online. This is especially troubling considering young people are already much more vulnerable to identity theft: children are 35 times more likely to have their identities stolen than adults. In our 2013 survey on the subject, CSID found that 52 percent of parents are not taking measures to prevent the misuse of their child’s online information.

These statistics underscore the importance of starting a conversation with your children about online risk. Here are some pointers to get started:

  • Talk to your child about privacy: Teach your child what types of information should be kept private, and talk to them about the importance of guarding this information, both online and in person. Remind them that they should check their social media privacy settings every few months to make sure their information stays private.
  • Teach your child to recognize scams: Fraudsters can send texts or emails that look like they’re from a familiar source –tricks which young people are especially prone to falling for. Tell your kids not to click on links or respond to messages that ask for personal information.
  • Educate your child around password best practices: Encourage kids to create long, strong and unique passwords, especially for their social media accounts. Strong passwords should be a cryptic combination of upper and lowercase letters, numbers and special characters.
  • Ask about your child’s gadgets: Have your child show you their gadgets – gaming console, cell phone, computer, tablet – and familiarize yourself with them. Use this time to recognize the unique risks, and opportunities for to bolster security on each device.

Have more online privacy tips to share? Join the conversation over on Facebook, Twitter and LinkedIn, and check out our blog post “5 pieces of information kids should not share online” for more child identity theft protection tips.

National Internet Safety Month: Gaming and Hacking

By | June 10th, 2016|Online Safety|

CSIDJune is National Internet Safety Month, which began in 2005 in order to raise awareness around the need for online safety, especially among children and teens. In honor of Internet Safety Month, let’s hone in on the gaming industry, one area in particular that has caused a huge growth in the popularity of hacking.

More than ever before, we’re seeing less skilled, younger individuals getting involved in cybercrime. Attacks no longer require years of experience and an advanced technical background. Tools to carry out sophisticated attacks are now easily assessable, easy-to-use and affordable on the dark web. Just three years ago, a majority of cybercriminals were in their late teens or early twenties. Now, we’re talking about nine and 10-year olds, which are being introduced to hacking at an early age. How are youngsters hearing about the dark web, then? One answer: video games.

Popular games are attracting a younger and younger demographic. When kids sit down to play a game, everyone gets competitive. Some have started to hack accounts in order to come out on top. This is where kids begin to be exposed to the illegal world of the dark web. Take Distributed Denial of Service (DDoS) booting services, which have grown in popularity. These DDoS services allow an individual to take control of another individual’s IP address to knock them out of a computer game. And, it doesn’t stop there.

Before gaming gets out of hand, parents need to play an active role in their child’s online safety. First, they need to start thinking about technology or the Internet as a place that’s integrated with our daily lives, not a separate world. Stay up-to-date on the latest technology your child engages with, like gaming consoles or a hot new app. For some of these video games, the age requirement is 18 years and old, where young children are being exposed to potentially harmful environments. Parents should be held accountable for keeping their children safe.

If kids are gaming maliciously, parents must be on the lookout and be willing to start conversations around the real consequences of criminal activity. That’s where we can truly begin cutting down on cybercrime among the younger generation. Want to join in on the gaming conversation? Share your thoughts on Facebook, Twitter and LinkedIn.

Passwords Going the Way of the Dinosaur?

By | June 3rd, 2016|Industry News, Online Safety|

CSIDWe have discussed passwords many times on this blog and how poor password habits, such as easy-to-guess logins and reusing passwords across multiple accounts, can easily lead to identity theft and fraud. Password management can be difficult – we get it – and so does Google.

At this year’s Google I/O conference, the company announced Trust API, a new feature that will be available to Android developers by the end of the year that uses a combination of biometrics to create a “Trust Score.” The API uses biometrics such as your location, typing cadence, and facial recognition to determine if you are who you really say you are. If the Trust Score is over a certain number, the device will automatically log you in – no password or pin needed. If the Trust Score falls below a certain threshold, a password and two-factor authentication may be required.

Consumers often use easy-to-guess passwords and reuse them across multiple sites because they simply don’t want to remember multiple passwords. The same goes for two-factor authentication. Most consumers don’t turn on two-factor authentication because they want to access sites quickly, without the added step of entering a pin or answering a question. People want ease of use. We explored the issue in a 2012 survey that found that 61 percent of respondents reused passwords across multiple sites and 44 percent changed their passwords once a year or less. Despite the many high profile breaches over the past four years, it doesn’t seem like password habits have improved. Identity and access management firm, Gigya, conducted a similar survey last month and found that 56 percent of respondents used passwords such as names and birthdates, and only 16 percent created a unique password for each of their online accounts.

But are consumers ready to embrace biometrics such as location tracking and typing cadence? We’ll have to wait and see. The fact remains that our current password system has a lot of flaws and it is going to take a combination of consumer education and new technologies to reduce the impact of stolen and hacked passwords on consumers and businesses.

What are your thoughts on Google’s Trust API? Share with us on our social – on Facebook, Twitter and LinkedIn.

Social Media Dos and Don’ts

By | May 19th, 2016|Online Safety|

CSIDMost of us use multiple social media platforms every day to connect with our friends, family and coworkers. While these platforms allow us to feel closer to our followers near and far, it is not without risk. Malicious online criminals may target social media profiles to make use of our life’s most private details.

Check-ins at our favorite restaurants, vacation flight details and even selfies can reveal more than we originally intend. The same information we share on Facebook, Twitter and LinkedIn can be manipulated to access private accounts, create fraudulent identities, threaten our reputations offline and more.

Before you click, tweet or type your next update, make sure you are protecting your information:

DO: Create a long, strong and unique password for your social media accounts. Strong passwords should be a cryptic combination of upper and lowercase letters, numbers and special characters. Do not use the same password and login combination across multiple accounts.

DO: Use two-factor authentication on social accounts. Many sites, including Facebook, allow users to enable this second layer of protection on accounts. For Facebook, when logging in to a new device, you’ll need to use your password and enter a timed PIN that is sent to your phone. Other accounts may require biometric information, like a fingerprint. This helps further safeguard your information and accounts.

DON’T: Don’t share location details. Sharing information like your home address in your social networking profile or checking-in at a restaurant can put you at risk for identity theft, or worse, alert criminals to your whereabouts. The same goes for sharing details of when you are not at home, like posting photos while on vacation.

DO: Keep your social apps updated. The latest versions may fix bugs and help keep your identity secure. For extra ease, consider turning on automatic updates.

DO: Re-examine your privacy settings on all social accounts. Social platforms are constantly tweaking their privacy options and policies. What you think is being shared with just your friends may be reaching a much larger audience, including strangers. Check your settings every few months to make sure your information is as private as possible.

DON’T: Don’t post harmful comments online. Think about the impact of your words. Post about others as you want them to post about you. Remember, your comments and posts live long after you’ve deleted them.

DO: Delete old apps and profiles on social media sites you no longer use. This often goes beyond deleting an app from your home screen. Follow their instructions online to make sure all your information is removed.

DO: Read the news and stay up to date on social media platforms, privacy policies and news. Check trusted websites for the latest information.

DON’T: Don’t take cyberbullying or cyberstalking lightly. Both of these issues can affect the self-esteem of users of all ages. Parents, create a conversation with your children and teenagers about the dangers of online harassment. If a situation arises, talk to your children, their school and even law enforcement if necessary.

What are your social media best practices? Share with us on our social – on Facebook, Twitter and LinkedIn.

What Does Spotify’s Latest Security Incident Mean for the State of Online Security?

By | May 3rd, 2016|Online Safety|

CSIDSpotify is used by millions of people across the globe. If you’re one of them, you may want to change your password—TechCrunch first reported Tuesday that the streaming music service suffered a security breach, its second security incident in less than six months. A list containing hundreds of Spotify account credentials, including emails, usernames, passwords and other account details, appeared on the website Pastebin on April 23.

Spotify provided a statement in response to the news, denying the allegations that the company had been hacked: “Spotify has not been hacked and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”

But TechCrunch heard from a number of people that discovered suspicious activity in their accounts. Playlists had been deleted, unknown songs had been listened to, and one user even got locked out from his account while he was in the middle of streaming a song.

If the company did not in fact experience a compromise, how can we explain this activity? While companies do have a responsibility to maintain users’ security, consumers are just as much responsible for the security of their online accounts. Many attacks come down to one thing: poor password practices. Consumers often reuse the same email and password combination across multiple sites. While easy-to-remember, it puts them at risk. Fraudsters may steal data from one site and find the same credentials work on other sites. This is likely what happened in Spotify’s case.

And, Spotify isn’t the first company to get called out in the media for lost credentials due to user’s poor password habits. Both Uber and PayPal have had account information compromised in the past few months.

Some advice for businesses and consumers:

  • Businesses: Educate employees on password policies. Ensure employees are not reusing passwords, and require regular password updates.
  • Consumers: Do the same! Create long, strong and unique passwords, and update them frequently. Again, do not reuse passwords across multiple accounts, and use two-factor authentication, if possible.
  • Businesses: Monitor employee and customer credentials to proactively watch for data compromise and help mitigate the risk associated with data breach.
  • Consumers: Keep your personal data safe. Enlist in an identity monitoring service to watch over things like email address, SSN and more. These types of services can alert consumers to potential compromises of their personal information on the dark web.

Want to join in the conversation? We’d love to hear your thoughts. Reach out to us on Facebook, Twitter and LinkedIn.

National Cybersecurity Awareness Month Kicks Off Today – We’re Proud to Be a Champion

By | October 1st, 2015|Company News, Industry News, Online Safety|

NCSAMOctober is National Cyber Security Awareness month (NSCAM), and we’re excited to be involved and show our support as an official champion!

While it’s important to keep cyber security top-of-mind throughout the year, NCSAM provides a dedicated time for companies and organizations to share tips, best practices, and collaborate on how to stay safe online.

President Barack Obama kicked things off, stressing the importance of cybersecurity with this official statement from the White House: “We now live in an era of the Internet – our children will never know a world without it. Our financial systems, our power grid, and our health systems run on it, and through widely helpful, this reliance reminds us of our need to remain aware, alert and attentive on this new frontier. By working together to prevent and disrupt threats to our digital infrastructure, America can continue pioneering new discoveries and expanding the boundaries of humanity’s reach.”

Looking for ways to get involved?

  • Show your support by registering to be an NSCAM “Champion”
  • Participate in upcoming #ChatSTC Twitter chats, occurring every Thursday throughout the month at 2 p.m. CT:
    • October 8: How to Create a Culture of Cybersecurity at Any Organization
    • October 15: Digital Parenting – Keeping Your Connected Family Safe
    • October 22: Cybersecurity and the Evolving Internet of Things
    • October 29: So You Want to Work in Cybersecurity?
  • Host a lunch and talk to coworkers about online safety on one or more of the weekly NCSAM themes.
  • Organize a volunteer day with local schools to teach young people about cybersecurity and online safety using StaySafeOnline.org’s ready-to-use teaching materials and lesson plans.

Stay tuned to the blog throughout October for cybersecurity tips and tricks from CSID experts. Have additional ways you’re celebrating NCSAM? Share them with us on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Load More Posts