CSID Launches New Mobile App

CSIDAs a society, we are more mobile than ever before.

Between meetings and after-work commitments, social gatherings and kids’ play dates, we are using mobile apps to communicate with friends and family, field emails, stay up to date with the latest news, and so much more. In fact, mobile app usage has increased 90 percent in the past two years, according to comScore’s 2015 Mobile App Report. Apps are now the leading means of digital media consumption.

To keep pace with the modern mobile consumer, we are excited to introduce a new customizable, iOS and Android compatible app available for our partners, which will allow their subscribers to view their alerts and access their identity protection services conveniently from their mobile device while on the go.

In today’s digital world, identity theft is a fact of life. The Federal Trade Commission reported that identity theft complaints increased more than 47 percent from 2014. However, the sooner you become aware of a possible identity theft event, the sooner you can get ahead of it. Using the app, subscribers will receive a push notification if suspicious activity is detected, arming them with information and the ability to take control of their identity from the palm of their hand.

“CSID’s all-new app, designed with our partners in mind, extends convenience for users and immediate access to information with the touch of a button,” said Joe Ross, co-founder and president of CSID. “Our partners’ subscribers are empowered to feel confident about the security of their identity while on the move.”

The new app supports fingerprint authentication on supported devices and can be rapidly designed with the look and feel of our partner’s brands.

To learn more about providing this new mobile solution to your subscribers, contact your CSID account manager with questions.

As always, stay up to date with all CSID news on FacebookTwitter and LinkedIn.

By | September 7th, 2016|Company News|0 Comments

Macs Under Attack: Why We Can’t Take Security for Granted

CSIDIn January, we shared predictions about the trends that would dominate the cybersecurity space in 2016. Among those was a prediction that Apple devices would no longer be “immune” to attack and as they gained popularity, would become a more desirable target than ever for cyber criminals. Once seemingly impossible to penetrate, we’re already seeing a number of attacks against Apple in just the last two months that suggest this is no longer the case.

Users were urged to updated their devices in late July, when news broke around new research identifying security holes in Apple’s desktop and mobile operating systems that could allow malware to be sent via iMessage – similar to what we saw last year with the Stagefright bug on Android devices. By creating malware formatted as a TIFF file, hackers could send an image to a target over iMessage and execute malicious code on the device – giving the attacker access to both the device’s memory and any stored passwords. The same attack could be delivered by email, or by directing the user to a browser that contains the malware-infected image. The good news? Apple addressed these vulnerabilities with the release of iOS 9.3.3 for mobile and El Capitan 10.11.6 for OS X.

Just last week, we saw what could be another pivotal moment in Apple security: the first remote jailbreak exploit. Human rights activist Ahmed Mansoor, from the United Arab Emirates, received a suspicious text with a link that, if clicked, would have jailbroken his phone and infected it with malware. Had this been successful, the attacker would have been able to log encrypted messages, secretly activating the phone’s microphone and tracking its movements. This attack exposed three vulnerabilities in Apple’s iOS that, when combined, could lead to the jailbreak of an iOS device, which until now, has never been thought to be possible. Again, Apple released patches for the vulnerabilities with the release of iOS 9.3.5 last week.

Attacks against Apple show no sign of slowing. That said, if there is one take away from the above, it’s that Apple is offering consumers the opportunity to stay secure with every software update they release. It’s therefore our responsibility to take advantage of these updates, and take control of our own security.

Join the conversation and stay up to date on the latest cybersecurity news by following CSID on FacebookTwitter or LinkedIn.

By | September 1st, 2016|Industry News|0 Comments

To Post Or Not To Post: Back To School Pictures

CSIDIf you’ve logged on Facebook or Twitter in the past few days, chances are good your news feed is flooded with little faces holding colorful backpacks, bursting with supplies. Proud parents love the opportunity to share their children’s “back to school” photos with family and friends. This flurry of photos happens every fall, but a new trend is cause for alarm. Many parents now create and post creative signs, displaying their child’s name, school, and the grade they are entering.

While parents have the best intentions with these photos, they need to be aware they could be sharing sensitive information about their children. Sharing a child’s full name, school, and age, could potentially endanger a child and their identity. Aside from select family members and friends, most followers should not be privy to such details.

It’s better to err on the side of safety, especially with our children. If you still want to share your child’s photo on social, consider the following:

  • Examine your social media privacy settings. Make sure photos, posts, and your own identifying information are limited to close friends and family.
  • Avoid sharing your child’s full name and birth date. These details along with a home address could allow cyber criminals to create fraudulent accounts in your child’s name.
  • Consider sharing your photos in a shared smartphone album, or on an end-to-end encrypted platform like WhatsApp. Another option is to email or text the photos directly to family and friends.
  • What if grandma doesn’t use the latest apps? Print your photos and send them in the mail.
  • Enlist in an identity protection service that includes child monitoring. These types of services can alert you to potential compromises of your personal information (and your child’s) on the dark web.

Do you post about the first day of school? Join the conversation and stay up to date on the latest tips and cybersecurity news by following CSID on Facebook, Twitter or LinkedIn.

By | August 26th, 2016|Online Safety|0 Comments

There’s an App for That: Keeping Your Phone Secure

CSIDThis summer, with the explosion of Pokemon Go, we’ve seen how a mobile app can take the world by storm. The mobile world continues to grow, and as it does, we must remember to take the necessary steps to ensure our devices remain secure. As we approach the end of summer, here’s a little back-to-school refresher on accessing the apps on your phone safely.

Check Privacy Settings
Think about the accounts you use most frequently – do you know what your privacy settings are for each of them? Whether it’s a banking app, an online retailer, or an email account, if you’re interacting with it often, you should monitor your privacy settings. Certain apps will have default settings that may share information you’re not comfortable giving out. Taking a thorough look at your settings is well worth it to maximize your privacy.

Not sure where to look for privacy settings? The National Cyber Security Alliance has created a guide with links to the security settings of several commonly used apps like Spotify and Amazon. Once your settings are up to date, your next purchase or song session will be that much more secure.

Updates Are Your Friend
Privacy settings aren’t the only thing you should update – the apps themselves need to be refreshed, too. Once an app is released into the world, developers don’t stop working on it. They’re constantly monitoring for bugs and ways to improve their product’s security, and updates pass those improvements along to users. Updates may change an app’s interface, but they also frequently provide benefits under the surface, such as eliminating glitches and offering better overall security.

If your phone isn’t already set to automatically update, turn that function on for the peace of mind that you have the most secure version of the app available.

Delete Apps You Don’t Use
Most people have at least one app on their phone that they never touch. Not only is that forgotten app taking up space on your phone, it may also be a security threat. As we mentioned earlier, there will likely be security updates for your abandoned apps that you may not be aware of, making your phone an easier target.

Depending on your device, you can either disable or permanently delete an app. If you’re an iOS user, you’ll also want to delete the apps from your iTunes account, or they will reinstall anytime you sync your phone.

Keep Your Family Secure, Too
There are several apps whose sole purpose is to hide other apps on someone’s phone. Your child may be using these types of apps to divert attention away from other apps you might not want them using. New messaging apps are constantly being developed which allow users to chat anonymously. By posing as fellow teenagers, hackers have the opportunity to mine your child’s personally identifiable information and put their identity at risk.

It’s worth taking the time to review what your kids have downloaded onto their phone, and talk to them about the potential risks of certain apps. Encourage them to mirror your privacy settings, as well.

What other tips do you have for keeping your phone secure? Join the conversation and stay up to date on the latest tips and cybersecurity news by following CSID on FacebookTwitter or LinkedIn.

By | August 18th, 2016|Online Safety|0 Comments

News Recap: Millennials and Cybersecurity

cybersecurityThis week, we’re talking about one of the most important topics in cybersecurity: the global cybersecurity professional gap and how computer-savvy millennials can help to fill it. Here’s a quick recap of the news surrounding this important issue, including research from our friends over at the National Cyber Security Alliance (NCSA).

The Cybersecurity Professional Gap
Today’s interconnected world creates greater opportunities for cyber attacks. As a result, the demand for cybersecurity professionals has grown enormously. Unfortunately, there are not enough qualified professionals to meet that demand. A study from Raytheon found that 79% of businesses in the U.S. experienced a recent cybersecurity incident, but 82% are unable to fill their open IT jobs. The study also found that while there are only 65,362 Certified Information Security Professionals (CISSP) in the U.S., companies posted almost 50,000 job requests for CISSP holders.

The consequences of this gap are already being felt. NCSA explains that without the proper security team, organizations are exposed to a greater risk for loss in profitability, brand reputation and intellectual property. According to a report from Intel Security, 71% of those who participated say they are already seeing quantifiable damage to their organizations. Current cybersecurity professionals are more likely to experience burnout, and their limited time is often spent responding to pressing cyber incidents rather than defending against them in the first place.

Can Millennials Fill The Gap?
Organizations and governmental task forces globally are hoping millennials can start to fill the deficit. However, lack of awareness is still a huge barrier. The Raytheon study found that 52% of millennial women and 39% of millennial men say they were never made aware of computer science programs in school. Additionally, 77% of young women in the U.S. say no high school guidance or career counselor talked about cybersecurity as a career, and 67% of men said the same.

Fortunately, it’s not too late for the millennial generation to correct the problem. The same Raytheon study also found that 40% of survey respondents were interested in learning more about careers in security. While millennials already in the workforce may have a more difficult time switching career fields, helpful Quora users have shared some tips on how people can begin to educate themselves. Additionally, the current pool of late millennials and college students are great candidates to begin training in the cybersecurity market.

Join the conversation and stay up to date on cybersecurity news by following CSID on FacebookTwitter or LinkedIn.

By | August 11th, 2016|Industry News|0 Comments

Head to the Polls: SXSW 2017 PanelPicker Voting is Now Open

CSIDIt’s that time of year again, South by Southwest’s 2017 PanelPicker voting platform is now live! Every year, people around the world vote through PanelPicker to help bring their favorite sessions to SXSW Interactive, the internationally recognized event that draws thousands of tech enthusiasts to Austin, TX every March.

We’ve participated in SXSW Interactive for the last few years and we’re once again hoping to bring our cyber security expertise to the stage, but we need your help to get us there. SXSW’s PanelPicker is a simple, two-step online process that allows the SXSW community to have a significant voice in shaping the programming. Your vote shows the organizers that our panels are a good fit for 2017’s event.

Check out our submissions below. If you want to see the panel at SXSW next March, follow the PanelPicker link and give it a “thumbs up.” All you need is an email address to vote.

The Creation Of A Hacker
Younger, less technical individuals are the new face of cyber crime. Through a live demonstration, this session will dive into the relatively unexplored world of gaming and showcase the growing role it is playing in luring younger individuals to get involved in cyber crime as a service. We’ll explore the emerging business models within the dark web and the consequences for the misrepresentation of hackers in mainstream media. Recent case studies will shine light on the evolving cyber criminal identity and participants will walk away from the session with new, critical insights to mitigate risk at the individual and organizational levels.

Vote here: http://panelpicker.sxsw.com/vote/60437

Target on Their Back: Small Businesses Under Attack
Cyber criminals have their eyes on small businesses more than ever before. In fact, more than half of phishing attacks were targeted towards small businesses last year. Why? They have fewer resources to defend themselves than large enterprises but still store data criminals consider valuable and attractive for commerce across the dark web. The consequences of a breach can be critical – sometimes even forcing a small business to close up shop. With attacks on small businesses showing no sign of slowing, how can this group stay one step ahead of cyber threats? Join this dual session for a conversation around the latest threats and walk away with proactive steps to defend against attacks.

Vote here: http://panelpicker.sxsw.com/vote/65846

The Domino Effect of Flawed Breach Response
The unthinkable happens – your company has been breached. How has this happened? What are the first steps you take? Are you prepared? In this interactive session you’ll gain insight into the breach response process, uncover best and worst practices, and experience the long-term domino effects inherent with each. Attendees will form small groups to role-play the wide variety of responses at each stage, and uncover the potential long-term effects of actions. By learning best practices through seeing the effect of worst practices, you’ll walk away with unique insight into the breach response process that will help you prepare your company.

Vote here: http://panelpicker.sxsw.com/vote/61885

You have until September 2 to cast your vote and leave any comments or questions for our panelists.  We appreciate your support! Keep up with our SXSW involvement and other company happenings on Facebook, Twitter, and LinkedIn.

By | August 8th, 2016|Industry News|0 Comments

Here’s the Going Rate for Your Accounts on the Dark Web

CSIDLast year, I took the stage at South by Southwest and walked audience members through a live demonstration of dark web marketplaces in a session called “Digital Identities: Modern Underground Currencies.” We kicked off with a game of “Price (of Pii) is Right,” where I gave the audience an opportunity to guess how much personally identifiable information was selling for across the dark web. As I revealed the answers, the feeling of shock was palpable.

Credentials for an Uber account? That will set you back $1.49. 20k Avios air miles? A mere $10.

The reality is, many high value accounts are selling for cheap across the dark web. Just this past week, a company called LogDog released a report that revealed just how inexpensive these credentials are being sold for:

  • Email accounts like Gmail and Yahoo:Around $1 (70 cents to $1.20)
  • Amazon accounts:Around $1 (though this ranges from 70 cents up to $6, depending on the account balance and country)
  • Uber accounts:$1-$2
  • Netflix accounts:$1-$2
  • Social Security numbers:About $1

While you may not feel especially threatened by the idea of someone using your Netflix account to stream movies, the real danger here is due to password reuse. Sixty-one percent of people admit to reusing the same password across multiple websites, and hackers have caught on. So while you may not mind if a hacker accesses one of your perceived lower value accounts, they are more than likely to use those same login credentials on your bank website, or to access your medical insurance.

It’s imperative that consumers create long, strong and unique passwords across their accounts, as hacks show no sign of slowing and cyber criminals are younger and less sophisticated than ever. If you’re interested in the creation and evolution of hacker identities, be sure to stay tuned to the blog next week for information on how to help my session make the stage at SXSW 2017.

Do these prices surprise you? We’d love to hear what you think. Join in the conversation on FacebookTwitter or LinkedIn.

By | August 4th, 2016|The Dark Web|0 Comments

Attracting Talent: Why Culture Matters

Most of our waking hours are spent in an office setting – behind a desk, in front of a screen, surrounded by our co-workers, managers, and customers. While the hardware from company to company doesn’t change drastically, the culture of each workplace does. Today, when prospective employees consider a career with a company, they examine the bigger picture, rather than simply their assigned day-to-day tasks.

We just celebrated our 10th anniversary at CSID. We are pleased to bring to the table a number of innovative solutions that help address the growing issues related to identity theft and data breach. As employees, we leave the office each day with a sense of purpose and pride, but there’s something else that drives us, too: our company culture.

We balance our challenging tasks and projects with positive energy that stems from our staff. At CSID, we surround ourselves with energetic talent. In addition to helping individuals and businesses on a daily basis, what attracts these talented individuals to our company? Competitive benefits and perks.

We recently made headlines for our new parental leave policy. We now offer a 12-week paid leave policy for moms and dads, a benefit that typically only corporate giants like Facebook and Apple have offered. We also allow that paid maternity/paternity leave to be spread out over a six month period, providing greater flexibility for families.

No kids? No problem. We have important benefits that focus on the individual including 100 percent coverage of dental, vision, and life insurance, and 80 percent coverage on medical insurance. We also have an open vacation policy for our exempt employees, and company-paid holidays. Of course, we extend free identity protection to all of our staff.

Our kitchen is kept stocked with snacks and cool refreshments. We also have an on-site gym, and offer bi-weekly, on-site yoga classes. Namaste. This all occurs just minutes south of downtown Austin, where our headquarters are located. Our offices are developed in a welcoming, open floor plan, with multiple areas to gather and collaborate. Even better, they overlook the Greenbelt. You really can’t beat the view.

We make sure our employees feel valued. We appreciate our staff and the hard work they accomplish each day. Great work deserves great reward. Our challenging work attracts new talent, and our culture keeps them part of our growing workplace.

To learn more about CSID’s benefits, please visit: https://www.csid.com/careers/benefits/

 

By | July 29th, 2016|Company News|0 Comments

Pokemon Privacy: Catching Them All, Safely

CSIDOn July 6, Niantic launched Pokemon Go — a free, augmented reality game for iOS and Android devices. The world went wild. Pokemon Go grabbed 26 million users in the U.S. alone, surpassing both Google Maps and Twitter in daily active users.

It’s been hard to escape the colorful news over the past week. Articles continue to surface on where to find the best Pokemon, how to catch them, and (most importantly) how to stay safe while doing so. In addition to warning users to be aware of their physical surroundings, many headlines warn of the cybersecurity risks involved with the game.

Full Google Account Access
One of the main concerns was Pokemon Go’s access to iOS users’ full Google Accounts. Although the app was vague on what this entailed, many privacy experts and users were concerned the game could access everything from Gmail to Google Drive.

Niantic was quick to respond to the alarm, claiming this was an error. “Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected,” Niantic said in a joint statement with The Pokemon Company.

The statement also clarified that no additional information has been received or accessed within Google. Instead of potentially accessing your entire Google footprint, the app can now only access your Google user ID and email address.

Take Action: iOS players should take care to update the app from the App Store and re-login to accept this updated privacy policy.

Malware Threats
Pokemon Go is only currently available in the United States, Australia, New Zealand, and United Kingdom, though it will soon be available in Italy, Spain and Portugal. While other regions wait for their chance to build their Pokedexes, many over-eager gamers are downloading versions from third-party sites.

“When it comes to malware, you really don’t want to catch ’em all,” Tim Erlin, Director, Security and IT Risk Strategist at Tripwire told InformationSecurityBuzz.com. “Cybercriminals are after any angle that helps them gain a foothold on your devices. A popular app that’s not available in some places is a near-perfect target for crafting a malware delivery strategy. … Installing software from third-party markets and unknown sources increases your risk of malware. Period.”

The security firm Proofpoint claims to have found a third-party version of the game which included a RAT, or remote access tool, called Droidjack. While Proofpoint has not observed the malicious tool “in the wild,” Droidjack has the potential to give a cybercriminal full control over a victim’s phone.

Take Action: If Pokemon Go is not currently available in your area, be patient. Do not risk infecting your phone and devices with malware. Android users should also take care to download the app from App Store.

Watch Where You Work
The cybersecurity risks around Pokemon Go give employers a great opportunity to create a conversation around BYOD security (and time management) in the workplace. Companies and employees should be aware that a device infected with malware could affect the entire network’s security.

Take Action: Brush up on our best practices for protecting your business.

Create a Conversation with Kids
While apps – and Pokemon – are meant for fun, it’s important to examine the privacy policies of all your apps to ensure you are not over-sharing data. This can help lead into a conversation with your family, and especially your kids, about privacy and security.

Discuss what types of information should be kept private, both online and in person. Discuss concerns over connecting devices to public Wi-Fi, and how to recognize a scam. Creating a conversation now can lead to better cybersecurity habits later.

Take Action: We discuss more tips for talking to your kids about privacy.

Are you playing Pokemon Go? Let us know your experience with the app and how you’re protecting your information. Join in the conversation on Facebook, Twitter or LinkedIn!

By | July 18th, 2016|Industry News, Malware and Scams, Online Safety|0 Comments

Say “I Do” to Safe Digital Wedding Etiquette

CSIDThere’s no doubt about it, wedding season is fully upon us. Between brides researching vendors on their mobile phones and excited guests eager to share the official hashtag, wedding planning and participation is becoming increasingly digital.

While technology may bring more convenience to the planning process, nothing ruins a honeymoon quite like a case of identity theft or fraud. In the spirit of staying safe during wedding season, our friends at the National Cybersecurity Alliance and STOP.THINK.CONNECT recently shared some helpful tips that brides, and everyone for that matter, should vow to follow. Here’s a recap of a few we feel especially strongly about:

  • Make passwords long and strong: If you’re planning your special day, chances are you’re dealing with a number of online vendors. Remember to make passwords complex, using at least 12 characters with a combination of upper and lowercase letters and symbols. Be sure to use unique passwords for each account. If two-factor authentication is available, take advantage of this extra layer of security.
  • Resist the urge to share your honeymoon pictures on social: This is something we’ve discussed before on the blog, but sharing photos while you’re on vacation can alert criminals that you are away from home. Avoid the stress of hearing about a break-in while you’re on the beach, and wait to share pictures until you return. Also consider turning off location services on your mobile devices when not in use.
  • Avoid using public Wi-Fi hotspots: Whether you’re at the airport, hotel, or hopping around cafés, avoid connecting to public Wi-Fi, especially while making purchases or accessing sensitive websites like your bank account. Using public Wi-Fi can significantly increase the risk of signal sniffing and identity theft. The convenience is not worth the security trade-off. Consider a VPN if you’re looking to connect securely on the go.

Are you taking the plunge and committing to safe digital practices? We’d love to hear from you. Join the conversation on FacebookTwitter and LinkedIn and be sure to check out the full list of tips for digital bliss from our friends at the National Cybersecurity Alliance and STOP.THINK.CONNECT.

By | July 15th, 2016|Online Safety|0 Comments
Load More Posts