ID360 Conference Sneak-Peek

By | April 29th, 2015|Uncategorized|

ID360It’s hard to believe this year’s ID360 Conference is already around the corner (May 5-6). The event, put on annually by our friends at the UT Center for Identity, brings together stakeholders and industry experts from the private sector, government and academia to discuss the latest research and most forward thinking ideas around identity management.

We’re excited about the theme this year, “The Identity Economy,” and look forward to hearing how other speakers address approach the topic. From our end, here’s a sneak peek of what we’ll be talking about next week:

  • Finding a Cure for Medical Identity Theft: Did you know a medical identity has a $50 street value whereas a social security number in comparison only sells for $1? This is just one reason why we’re seeing more and more cases of medical identity theft. CSID President Joe Ross will dive in to why medical identity theft is on the rise, how it happens, why medical identities are seen as so lucrative from a cybercriminal’s perspective, and what steps healthcare organizations can take right now to protect themselves.
  • Securing Digital Wallets Before Majority Adoption: Digital wallet and mobile payment methods are gaining momentum among consumers and retailers. They’re also gaining the attention and enthusiasm of cybercriminals – who are looking to reap the rewards of mobile payments transactions. CSID’s CIO Adam Tyler will explore the major concerns around digital wallets security from both a consumer and business perspective and also offer solutions for how to make these digital wallets more secure.
  • Identity Crimes: Your Money or Your Life?: In addition to his solo talk on Digital Wallets, Adam will also be participating on this panel, which will explore the implications of how businesses, government and law enforcement officials perceive identity theft cases and how identity theft victims perceive the crime. The panel will explore how to find a middle ground between these two perspectives – one that brings more empathy to the victim while still allowing businesses, law enforcement and government to remain effective in addressing identity theft. He will be joined by Sean McCleskey, former Special Agent at the U.S. Secret Service Center for Identity; Dennis Desmond, Chief, Identity Management Branch at USSOCOM; and Deb Griffith, Director of Government Affairs at Lifelock..

Interested in checking out the rest of the lineup this year? Check out the full agenda online.

Will we see you at ID360 next week? Tickets are still available for purchase. Also stay tuned to our Facebook, Twitter and LinkedIn for live updates and pictures from the event!

Overview of 2015 Verizon Data Breach Investigations Report

By | April 21st, 2015|Breach, Uncategorized|

Every year Verizon takes a thorough look at the global breach landscape in the company’s annual Data Breach Investigations Report. This year’s report offers a wealth of information on the threats, vulnerabilities and actions that plagued businesses in 2014. The report is long, but interesting and worth a read. To make it easier for you, we pulled what we feel are some of the most interesting findings below:

Compromised credentials remain the largest threat in 2014.
If this graph doesn’t encourage you to pick a good password, we don’t know what will. Credentials are like keys to your business. Passwords should never be reused and two-factor authentication should be used whenever possible.

Humans are the weakest link.
This year’s survey found that 23 percent of phishing email recipients open phishing messages and 11 percent click on attachments. When you consider that one employee clicking on the wrong link can compromise your entire business’ system, this is an alarming statistic. Verizon also conducted a test to see how quickly phishing links are clicked on. They found that nearly 50 percent of victims opened emails and clicked on phishing links within the first hour. Teaching employees about security best practices and how to identify suspicious links has never been more important.

According to the Verizon report, mobile malware is not a big deal… but it really is.
They found that only .03 percent of the tens of millions of mobile devices they looked at were infected with malicious malware. We don’t agree with this finding. Mobile malware is a huge problem. Over a 12-month period Kaspersky Lab found more than 3.4 million malware detections on devices of 1 billion users. As mentioned above, employees are the weakest link. All it takes is one employee downloading a malware-infected app on his or her phone to put a business at risk.

If you are concerned about your business and the security risks outlined in Verizon’s Data Breach Investigations Report, we recommend you check out our Resources Page. We have a lot of great information for businesses and consumers on how to mitigate the risk and impact of a breach.

As always, let us know what you think on Facebook, Twitter and LinkedIn.

March Recap: SXSW Comes to a Close, CSID Employees Give Back

By | April 8th, 2015|Uncategorized|

Cyber SecurityIt was a busy month for CSID! After months of prepping for SXSW, we were excited to see the fruits of our labor come together. Between all of the SX madness, we were also happy to spend some time unwinding and giving back to the community. Check out our March recap below.

Wellness Week: Unwinding and Recharging
We kicked off March with Wellness Week: an opportunity for our employees to participate in everything from meditation classes to presentations on sleep and boosting your health with music. We rounded out the week with Fun Friday, where employees battled it out to create the healthiest dishes at our potluck and showed their skills at Giant Jenga.

Another Successful SXSW For the Books
It’s hard to believe another SXSW has come and gone. We enjoyed participating this year, (joining 50,000 of our closest friends), and speaking on panels including “Wi-Fi Privacy: When Sniffing Becomes Snooping,” and “Hacker to InfoSec Pro: New Rock Star Generation.” We were also loco for Jomoco in our session, “Follow the Money: Cyber Crime and the Black Market.” CSID CIO Adam Tyler also participated in the Christian Science Monitor-organized event, “Steak, Eggs and Cybersecurity: A Passcode Conversation.”

For all the details on CSID at SXSW, check out this blog post.

CSID Talks Women in Tech
We were proud to be featured in the March issue of Velma magazine last month. Our own HR recruiters, Melissa Smith and Loren Zeid, shared insights with the magazine on how we hire and retain talented women in tech and what perks and benefits we offer as an organization to attract female talent, including our promotion of a strong work-life balance, regardless of gender. Be sure to check out the issue, where we are featured beginning on page 15.

In addition, our own CFO, Amanda Nevins, represented CSID in the Austin Business Journal’s Bizwomen Mentoring Monday event.

CSID’s Joel Lang Speaks at IAPP KnowledgeNet
CSID’s Joel Lang enjoyed participating in the IAPP KnowledgeNet event in Austin. Joel shared insights on the session, “Setting the Table: An Information Security Incident Response Demo,” alongside Christopher Field, CIPM, CIPP/US, Corporate Privacy Director, Harte-Hanks.

Digging In And Giving Back
At CSID, we believe in the importance of taking time to give back to the community. We closed out March by volunteering for the Sustainable Food Center’s Grow Local Program, which offers central Texas residents the knowledge and resources necessary to grow their own food. We had a blast getting our hands dirty and spending time together as a team outside of the office.

Check out what else we were up to in March on Facebook, Twitter and LinkedIn.

5 Steps to Remedy Taxpayer Identity Theft

By | April 2nd, 2015|Uncategorized|

Cyber SecurityAs we approach the 2014 tax filing deadline, many taxpayers gearing up to file their taxes may find that someone else has already fraudulently filed for them – and have cashed in their refund check. During the 2013 tax filing period, $5.8 billion was paid in identity theft refund costs, according to the U.S. Accountability Office “Identity Theft and Tax Fraud” 2015 report.

While the IRS has developed new measures to protect against taxpayer identity theft, including adding new pre-fund filters and limiting the way people direct deposit refunds, there are still taxpayers who will find themselves a victim this season. Last year in the first six months alone, 1.6 million taxpayers were affected by identity theft. This year, folks who are affected will spend hours on the phone tracking down where their return was sent, spend additional money in fees to access accounts that have been locked out by cyber criminals, and may still end up with empty pockets.

Cybersecurity reporter Brian Krebs recently investigated a taxpayer identity theft case in which the taxpayer had his tax return request rejected because it had already been fraudulently filed and direct deposited into a bank account. The victim spent countless hours on the phone trying to access his IRS account, which had been claimed by a cyber criminal using an unknown email address. He spent $50 in fees to have the fraudulent tax return filed in his name sent to his home address and countless hours tracking down the financial institutions where the money was deposited and talking with different government departments to track down his tax return money.

Did the cyber criminals beat you to your own tax return this year? Was more than one tax return fraudulently filed in your name? Here are some ways you can remedy the problem:

  • Report the problem to the IRS. File an Identity Theft Affidavit with the IRS as soon as you can. This marks your account and lets the IRS know they should keep an eye out for questionable activity during tax season.
  • Place a complaint with the FTC. Sharing a complaint with the FTC helps the commission detect patterns of fraud and abuse.
  • Place a fraud alert on your credit records. This is completely free and you can begin the process by contacting a credit reporting company. The FTC has a helpful step-by-step process online to help you place a fraud alert.
  • Check your credit report and set up credit alerts. Find out if your financial accounts are being further abused by cyber criminals by setting up credit alerts with a major credit reporting bureau.
  • Understand that these cases take time. According to The Washington Post, a typical identity theft case with the IRS takes 120 days to resolve. Be patient, as it unfortunately takes a while to resolve identity theft cases.

There are many ways to help prevent tax identity theft from happening to you in the future. Next year, remember to file your taxes early. Get ahead of cyber criminals’ fraudulent activities by filing as early as possible. When you do file taxes, be sure to do so digitally, instead of via mail. Use credit monitoring to notify you of any unusual activity. Last but not least, be aware of phishing attempts during tax season time. There have been phishing scams in which emails are sent from the IRS asking taxpayers for personal information. Never send sensitive information via email to any organization and be sure to research the correct phone number of the IRS or any organization you need to call to ensure your conversations are secure.

You can find more tips on how to avoid taxpayer identity theft by checking out our blog post on the topic. Do you have any additional tips to abide by during tax filing season? Be sure to share with us on Facebook, Twitter and LinkedIn.

Don’t Fall for Scareware

By | March 26th, 2015|Uncategorized|

Cyber SecurityHave you seen one of these lately?

If you have, you are not alone. These pop-ups are called scareware and their sole purpose is to try and trick consumers into downloading malicious pieces of software or contacting a malicious entity who will then try to secure personal or financial information. Scareware has been around for a while but instances of consumers coming across it are on the rise due to the growth of malvertisements.

A malvertisement is a malicious advertisement created to either drop malware on a susceptible device automatically or scare users in to installing bogus software. There has been a huge increase in the distribution of these advertisements over the past few years as ad networks have started to resell space through other providers resulting in less stringent checks on the content pushed through these sites. This is why you can be browsing a perfectly safe and legitimate site like Mashable or CNN and still run in to a scareware pop-up.

If you see one of these popups check to see if the advert is displayed in the browser or on the computer itself. If it is in the browser than you likely have nothing to worry about so long as you haven’t clicked on any of the links. If you are worried that your computer may be infected, run a malware scan. If the advert is running outside of the browser, than it is likely that your device may already have malware. Make sure you take all the necessary steps to remove the malware from your machine and refrain from sharing any financial information or logging in to any sensitive sites until your device is free and clear.

Cyber criminals are always trying new methods and thinking of clever ways to trick people in to downloading malware or sharing valuable information. Always be on the alert and if you get a pop-up asking you to download something on input valuable information, it is likely a scam.

As always, let us know what you think on Twitter, Facebook or LinkedIn.

 

CSID at SXSW 2015

By | March 12th, 2015|Uncategorized|

Cyber SecurityTomorrow, March 13 marks the first day of the SXSW Interactive conference. Over the next five days more than 50,000 of tech and digital’s best and brightest will converge on Austin and talk about emerging technology, digital creativity and all things inherent with the two.

Cyber security promises to be a key issue this year, especially with the growing number of high profile breaches and the security uncertainties that the Internet of Things and growth of mobile technologies are introducing to the market.

CSID is partaking in this conversation and will be participating in a number of security-focused sessions at this year’s conference. If you are attending SXSW, feel free to stop by the sessions. If you are not at this year’s conference but want to follow along with the conversation and conference, we will be live tweeting our panels and other security news at @csidentity.

Check in later next week for a recap of the security issues and themes prevalent at SXSW.

Wi-Fi Privacy: When Sniffing Becomes Snooping
Friday, March 13, 5:30 pm, Austin Convention Center Ballroom C
Image that your daily activities are being recorded and collected: your early morning jog in the park, your daily trip to the local coffee shop, your commute to work. No, we’re not referencing the NSA. We are referring to an emerging class of location-based marketing companies that sniff out signals emitted from Wi-Fi-enabled smartphones (Wi-Fi sniffing) to better understand your habits based off of your location – where you go, how often, how long you stay there, what time you generally visit, and more! All this information is being used to construct a profile that businesses are using for marketing purposes. CSID’s CIO, Adam Tyler will be leading a discussion on the security and privacy issues involved we can expect from Wi-Fi sniffing technology.

Hacker to InfoSec Pro: New Rock Star Generation
Sunday, March 15, 11 am, JW Marriott Salon 8
Malicious hackers tend to be smart, young – many are only teenagers – and they seek respect, power and financial gain. Many of them perceive hacking like being a rock star – they jump into the action and start reaping the rewards. But what if we could help young malicious hackers understand the damage they are doing, the legal ramifications of their actions, and how these actions could hamper their future? What if we could reshape their mindsets and encourage them to channel their work into something more productive – like Information Security, white hat hacking or even working with the government? It’s a wonder that the InfoSec and IT industries have a shortage of talent when salaries are rising and work is comparable to that of hackers, but they are doing it for good. It’s time we turn InfoSec and IT professionals into the new rock stars, the new hot ticket future for the hacker generation. Kent Bloomstrand, CTO at CSID, Tiffany Rad, manager of operational security, embedded technologies at Cisco, and Tom Edwards, Resident Agent in Charge with the United States Secret Service will address why and what we need to do, and how to start making changes.

Steak, Eggs, and Cybersecurity: A Passcode Conversation
Monday, March 16, 8:30 am, Fogo De Chao
Adam Tyler, CSID CIO, will be joining some of the sharpest practitioners and researchers for a discussion about cyber security innovation and trends. Adam will be joining Daniel Weitzner, head of the new MIT Cybersecurity Policy Initiative; John Dickson, principal of the Denim Group, and Stephen Coty, chief security evangelist at AlertLogic for this conversation. Register for this event at Passcode’s website.

Follow the Money: Cyber Crime and the Black Market
Tuesday, March 17, 12:30 pm, JW Marriott Salon 4
What exactly happens when a cyber criminal steals your credit card number? Believe it or not, in a matter of a couple hours your personal information could have taken a trip to multiple countries before being sold on the Black Market. When it comes to cyber crime, the Internet is a global ecosystem and hackers know no borders. Come take a behind-the-scenes look as we follow a stolen credential’s international journey through the Black Market. See for yourself how cyber crime isn’t a single issue impacting one country, but rather a global issue impacting consumers, corporations and governments around the world. In what country will our stolen credential end up? Join CSID’s development director Joel Lang and IDT911 editor-in-chief Byron Acohido, to find out.

Safer Internet Day Recap: Top 5 Ways to Protect Your Business

By | February 18th, 2015|Uncategorized|

Safer Internet DayWith the explosion of social media sites in the last 10 years, employees are more connected than ever to the Internet, putting their personal information and the businesses they work for at risk for data breaches. In fact, IBM’s 2014 Cyber Security Intelligence Index reports that cyber criminals have begun targeting negligent employees more and more on social media sites to exploit businesses. In their 2013 report, IBM found that employees account for roughly 80 percent of company breaches.

With the recent Safer Internet Day, an international awareness campaign to promote safe Internet habits, we want to share how businesses can better protect their business and employees from cyber criminal activity. Here are our top 5 tips to protect your business online:

1. Educate employees
The best crisis prevention is education. Teach employees the importance of digital security and be sure to have policies and guidelines in place to help employees make secure decisions. Do you have BYOD policy in place? Do employees have a VPN they can use when conducting work in a public area? Are employees allowed to use social media at work? Consider these questions and be sure to have an answer for each one. Teaching employees about the latest phishing scams, best password practices, and social media cons can help them better identify suspicious activity.

2. Create a culture of awareness
When employees are in-the-know about security do’s and don’ts, they tend to be more open to notifying the correct personnel when suspicious activity does arise. Oftentimes, employees are uneducated about security best practices, or scared they will get reprimanded when they’ve made an unintended mistake that can lead to insecurities on the web. Your IT department should create an open door policy for security questions and concerns and make sure to acknowledge employees when they notify you of suspicious Internet activity.

3. Monitor for unusual activity
Use software to monitor the security of your business. Anti-virus solutions are a great way to protect against malware, and a monitoring service can keep an eye on employee and customer information that may be circulating the Dark Web. Businesses should also keep an eye on their credit score and credit report to detect any fraudulent activity.

4. Require regular password updates
To ensure employees are not reusing personal passwords, require that work passwords be changed every few months. Better yet, require two-factor authentication for work logins.

5. Have a plan
According to IBM, “your perimeter may already have been breached: Recent attacks demonstrate that victims were compromised for months before they discovered it.” Be sure to have a breach preparedness plan in place in case of a cyber attack. This plan can help keep customer relationships intact and reduce business reputation damage.

Do you have any additional best practices to help businesses stay secure online? Let us know on Facebook, Twitter or LinkedIn, and be sure to keep up with our Tumblr for up-to-date security news stories.

Tips For Consumer Data Security After The Anthem Breach

By | February 10th, 2015|Breach, Uncategorized|

Anthem BreachAs the dust settles after Anthem Healthcare Insurance announced last week that approximately 80 million of its customers may have had their personal information exposed in a data breach, consumers are once again left wondering how they can protect themselves and their data in the wake of another high profile hack.

Though it’s being called the most massive breach yet, last week’s Anthem’s breach announcement comes not as a surprise, but rather a confirmation of the continuing expansion of online attacks and growing focus on medical ID theft that CSID has seen firsthand. Why? Medical IDs are an extremely lucrative source of income for identity thieves. According to the World Privacy Forum, a medical identity, including name, address, Social Security and health ID numbers – all information that was a part of Anthem’s breach – can sell for around $50 on the online black market. By comparison, a Social Security number currently sells for $1 and an active credit card can sell for $3.

Taking into account this unfortunate emerging cyber-crime trend, all consumers – including those directly impacted by the Anthem breach—should consider the following best practices:

  • Use a monitoring service to keep an eye out for signs of medical identity theft, including medical bills in someone else’s name or for medical services you did not receive.
  • Review your Explanation of Benefits (EOBs) to ensure the doctors listed and services provided are accurate. If you find an inaccuracy, contact your insurance provider right away.
  • Submit a benefits request to your insurance provider. The insurance provider will send a list of all benefits and services paid in your name. Review to ensure they are accurate. Some insurance providers have online systems with information.
  • Keep a close eye on your credit report for fraudulent activity, such as accounts you did not open. Under the law, you’re entitled to a free credit report from each of the three credit bureaus every year. You can visit AnnualCreditReport.com to obtain the most recent version of your credit reports. If you find an error on your credit report or an account that you do not recognize, please file a dispute with the credit bureau (TransUnion, Equifax, Experian) who generated the report and contact that bureau for more information.
  • Consumers may also place a fraud alert on their credit file, which tells creditors to double-check whenever someone applies for credit in your name. For example, when a credit card issuer receives an application for a new card, a fraud alert tells the company to contact you and make sure you’re really the one who submitted the application. You can place a fraud alert with each credit agency by following the links below:

Finally, Anthem has stated that they will be notifying affected customers and providing credit monitoring and identity protection services free of charge. Eligible individuals should definitely take advantage of this offering so that they can be closely aware of important changes to their personal records.

As always, let us know what you think on Twitter, Facebook or LinkedIn.

 

January Recap: Ramping Up For The New Year

By | February 6th, 2015|Uncategorized|

Cyber Security Took Center Stage in the State of the Union Address
On January 20, President Obama delivered his annual State of the Union Address and this year cyber security was a major focus. President Obama detailed his plans for increasing online security, electronic privacy and the prevention of identity theft for the American people. Check out our blog post on the topic.

Data Privacy Day
On January 28, companies and organizations around the world celebrated the eighth annual Data Privacy Day – an initiative to help spread best practices from the National Cyber Security Alliance and StaySafeOnline.org. The day was filled with engaging Twitter chats, webinars and live events that dove into the biggest trends and challenges in cyber security today, providing interesting online conversations throughout the entire week.

Identity Theft Awareness Week
The last week of January was a busy one with Identity Theft Awareness Week, sponsored by the FTC. During the week, we joined in on the #IDTheftChat, where users shared tips on how to safeguard their information from some of the most common forms of identity theft.

Countdown to SXSW Interactive
It’s hard to believe SXSW is just around the corner! And, we have been busy ramping up for our three sessions. Below you will find more information on where you can find each of CSID’s sessions at SXSW:

SXSWiHacker to InfoSec Pro: New Rock Star Generation
Sunday, March 15
11:00am – 12:00pm
JW Marriot
Salon 8
110 E 2nd St

Follow the Money: Cyber Crime and the Black Market
Tuesday, March 17
12:30pm – 1:30pm
JW Marriot
Salon 4
110 E 2nd St

Wi-Fi Privacy: When Sniffing Becomes Snooping
Friday, March 13
5:30pm – 5:45pm
Austin Convention Center
Ballroom C
500 E Cesar Chavez St.

Joe Ross’s column on Huffington Post
Massive point-of-sale breaches seemed to dominate the news in 2014. CSID’s president Joe Ross weighed in with his insights on what new EMV legislation may mean for the security of merchants and consumers in his latest article on the Huffington Post: “POS Breaches in 2015: The Good, the Bad and the Ugly.”

With so many exciting initiatives this past month on increasing cyber security awareness and education, we look forward to what the rest of 2015 will bring. What do you think will be the biggest areas of focus this year? Share your answers with us on Facebook, Twitter and LinkedIn.

Customer Alert: “GHOST” Vulnerability on Linux Systems

By | January 30th, 2015|Uncategorized|

Ghost VulnerabilityOn January 27, 2015, Qualys, Inc., the leading provider of cloud security and compliance solutions, announced that its security research team discovered a vulnerability in the Linux GNU C Library known as (glibc). This vulnerability, called “GHOST (CVE-2015-0235),” allows attackers to remotely take control of a system without having prior knowledge of system credentials. This exposure can be triggered by a buffer overflow in a system library that affects many, if not most, Linux distributions.

The recommended resolution for addressing the GHOST vulnerability is to apply the latest patches, which have been specifically developed to address this issue, distributed by your Linux vendor.

CSID customers should be assured that we have evaluated our systems for any exposure and patched our Linux servers in all environments, up to and including Production. We strongly recommend that our customers running Linux-based systems take the same proactive approach with respect to any and all machines that are potentially vulnerable to the GHOST vulnerability.

For more information, please visit the Qualys Security Advisory.

Load More Posts