The Implications of Sharing Personal Data

By | January 28th, 2015|Uncategorized|

Data Privacy DayDid you know that privacy policies do not guarantee that your information will be kept private? Most companies use privacy policies to inform customers about how their personal information may be used, i.e. sold, shared, exchanged, not necessarily guaranteeing absolute confidentiality. In today’s increasingly digital world where exchanging personal information – your name, email address, home address, etc. – for access to websites, coupons and the like has become the norm. And, it can be difficult for consumers to understand the value of their personal information.

Today is the eighth annual Data Privacy Day, an international awareness effort spearheaded by the National Cyber Security Alliance (NCSA) that encourages all Internet users to consider the privacy implications of their online actions and motivate all companies to make privacy and data protection a greater priority. Since most consumers aren’t fully aware of the implications of sharing personal information, we’re taking a deeper look at what can happen when personal information is shared online.

Companies that collect don’t always protect
When you share personal information with a company online, that company is responsible for protecting your information. Even data that is seemingly harmless is extremely valuable to cyber criminals, like your email address or your mother’s maiden name for a password reset. When you share this valuable, personal information with a company online be sure to read the company’s privacy policy fine print in order to be certain that your information is not being shared publicly or with outside companies. In some instances, even reading the company’s fine print cannot keep your information safe. Millions were affected last year due to retail and medical data breaches, proving it difficult for companies to protect your data no matter how secure it may seem. Once cyber criminals have their hands on your personal information, you may be surprised at what they can do with it.

Cyber criminals patch together your digital profile
Bits and pieces of personal information stolen from companies can help cyber criminals patch together a complete picture of your digital identity. They can then use your digital identity to access more important information like your financial records from retail sites that have your credit card information stored. Many consumers leave a trail of personal information on the Internet, leading cyber criminals to steal your identity and your financial information.

How to make a difference during Data Privacy Day
Here are some tips on how you can increase your privacy online from the NCSA:

  • Think of your personal information like money – value it and protect it. You are often paying for “free” services with your personal information. Before you willingly provide your information to a service, make sure it is a business you trust to handle your information with care.
  • Manage your browser cookies to maximize your privacy and prevent unwanted tracking.
  • Demand that businesses be honest about how they collect, use and share personal information.
  • Be cautious about who you “friend” and communicate with online.

Join the Data Privacy Day conversations online by using the hashtag #DPD15! And, let us know what you think on Facebook, Twitter or LinkedIn.

Worried your debit or credit card information may be compromised? Here’s what to do.

By | August 4th, 2014|Uncategorized|

pf_changsHave you eaten a P.F. Chang’s lately? If so, you may want to check your email. This morning the restaurant chain sent out emails to customers that dined at 33 of the chain’s 211 locations between October 19, 2013 and June 11, 2014 saying that their credit and debit card information may have been stolen. Austin’s Jollyville location was one of the restaurants included in this breach.

If you think your card may have been compromised in this breach, or if you want to protect yourself from future instances of data theft, here are a few tips to consider:

  • Use an identity monitoring service: Keep an eye on personal information with an identity protection service. An identity protection service can alert you when your personal information has been compromised and give you the opportunity to alert your bank or the credit bureaus before a cyber criminal can use it against you. P.F. Chang’s has a dedicated page to security updates for consumers to follow with links to FAQs and how to enroll in the identity theft monitoring service they are offering. To learn more, visit
  • Be vigilant: Keep an eye on your debit and credit statements for odd charges, even small ones. Cyber criminals often test accounts with small transactions to make sure they are active. If you see a suspicious transaction, report it as soon as possible and request a new card
  • Use Credit: Consider paying with a credit card if at all possible. Credit card companies cannot hold you liable for fraudulent purchases made on your card. This makes it a lot easier and quicker to recoup losses from a fraudulent credit card charge than recovering losses from debit card fraud.
  • Use Cash: One of the most surefire ways to avoid your card being compromised is to not use it. Pay with cash instead. While this is not the most convenient solution, it is an effective one.

News Recap: Identity Obese – What it Means

By | March 28th, 2014|Uncategorized|

Identity ObeseIt is common practice in today’s digital age to save personal information to online retail, banking and social accounts. However, storing information online makes you a target to identity thieves interested in collecting and selling personal information on the black market. There’s a new term for users who have too much information stored online: “identity obese.”

Henry Bagdasarian, Author of Identity Diet, defines identity obesity by comparing a consumers food consumption habits and the relationship to weight obesity.

“As eating more of the wrong things can quickly lead to health and weight problems, managing too many personal information components the wrong way can also quickly lead to identity theft,” Bagdasarian reported. “As I continue my research about the causes of identity theft and related risks or solutions, I am convinced that both consumers and companies unnecessarily accumulate and share personal information at an alarming rate without the understanding of the risks and/or willingness to adjust their identity management practices.”

Bagdasarian makes it clear that companies can also fall victim to identity obesity, but at a much greater cost. He makes the clear distinction that identity obesity of a consumer simply puts the consumer at risk. However, when a company unnecessarily collects and shares the information of its customers, it has the ability to put their entire customer base at risk for identity theft. During our 2013 Risk Mitigation for Small Business webinar, SMB CEO Chuck Gordon of SpareFoot encouraged SMBs to avoid collecting unnecessary personal information from customers, and executive director of the National Cyber Security Alliance Michael Kaiser agreed with a motto CSID has now adopted: “if you collect it, you’ve got to protect it.”

The Identity Management Institute recently shared a video about the effects of identity obesity and what this issue can look like based on the simple actions you take each day.

Are you identity obese? What are the best ways to avoid becoming identity obese? How can you identify an obese company? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Security Insights: Handling Credit Card Data (PCI-DSS)

By | July 19th, 2013|Uncategorized|

pci_compliantAccording to the PCI Compliance Guide, PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits, or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply. Read the full PCI Compliance Guide to learn more.

What credit card information must be protected?
The PCI Compliance Guide also notes that cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name, address, social security number, etc. All personally identifiable information associated with the cardholder that is stored, processed, or transmitted is also considered cardholder data.

More specific cardholder data examples include:

  • Primary Account Number (PAN) 16-digit number on credit card
  • CVV or DVV2 (security codes)
  • Credit Card PIN (Personal Identification Number)
  • Card Expiration Date
  • Type of Card (Visa, MasterCard, etc.)
  • Cardholder’s name in conjunction with any items listed above

What is the primary security concern for Americans?
The Unisys Security Index is a bi-annual global study of consumer opinion on four areas of security: financial, national, Internet and personal safety. The results were tallied on a scale of 0-300, with 300 representing the highest level of perceived concern. The average score of 147 for the current Unisys Security Index for the United States indicates a moderate level of overall security concern (out of over 1,000 U.S. respondents).

Additional findings from the latest U.S. Unisys Security Index include:

  • Credit and debit card fraud is now the primary security concern for Americans. More than two-thirds of respondents (68 percent) are either extremely or very concerned. The proportion of Americans indicating no concern is at the lowest level since Unisys began the global study.
  • Only 25 percent of Americans have no concern about meeting their financial obligations. More than half of all Black Americans and Hispanic Americans polled are extremely or very concerned with meeting their financial obligations. In particular, almost three-quarters of Black Americans (74 percent) are concerned.
  • Older Americans and Americans with higher salaries are less concerned about meeting financial obligations than younger Americans and Americans with lower salaries.
  • Two-thirds of Americans (66 percent) are seriously concerned about unauthorized access to or misuse of personal information. Overall, the level of concern on this issue has remained relatively high and constant since the first global study in August 2007.
  • The percentage of Americans is extremely or very concerned about war or terrorism dropped to the lowest level for all surveys in the Unisys Security Index series.

View all the findings from the Unisys Security Index.

Tips for Handling Credit Card Data

Keep all credit card data secure and confidential:

  • Do not store sensitive cardholder data on computers, such as: Full account numbers, Types, Expiration date, CVC2/CVV2 data
  • Do not transmit credit card data in an insecure manner, including: Email, Unsecured Fax, Chat
  • Secure all documents containing credit card information in locked file cabinets with access to staff on a need-to-know basis in order to carry out job duties
  • Destroy all documents containing credit card information by shredding after their useful life has expired
  • Restrict access to credit card data to appropriate and authorized personnel only

Be sure to check out our other blog posts on security. Share your tips for protecting your business with us on Facebook and Twitter.

News Recap: Ponemon Finds Companies Doing Little to Protect Regulated Data on Mobile Devices

By | June 28th, 2013|Uncategorized|

byod_fbThe Ponemon Institute released this week “The Risk of Regulated Data on Mobile Devices,” a study that focuses on the risks associated with employee access to regulated data, including health and financial information, through a company or personal mobile device. The report revealed nearly half of IT professionals cannot determine whether their companies are yielding to laws protecting data stored on mobile devices.

According to SC Magazine, “only 12 percent of practitioners said their organizations were in “substantial” compliance with laws that protect regulated mobile data, while 17 percent said they weren’t in compliance with applicable laws and regulations at all.” Additionally, 40 percent are not sure if they are compliant with these laws.

“Regulated data isn’t subject to a lower standard of protection just because it ends up on a mobile device,” said Ryan Kalember, chief product officer at WatchDox. “This study clearly shows that IT departments must understand the risks and be more proactive to accommodate mobile productivity while still protecting the organization’s data.”

The survey showed that most (69%) IT professionals surveyed understand the security risks associated with mobile devices, but 59% allow employees to use their own devices at work. “This is also known as the bring your own device phenomenon, a related issue that is also quite painful in the enterprise,” reported CMS.

To help with data security on mobile devices, the Ponemon Institute recommends “organizations create awareness about regulated data on mobile devices to the effect that it be treated just like any other sensitive information,” reported CMS. “An inventory of protected data should be taken so the risks are more known, and organizations should consider using technology like mobile device management, mobile DRM and mobile application management to specifically address data risk.”

Is your business in compliance with laws protecting data stored on mobile devices? How can you enforce a healthy BYOD policy with employees? Let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

Small Business Webinar Recap: “If You Collect It, You’ve Got to Protect It”

By | June 19th, 2013|Uncategorized|

Yesterday, in honor of National Small Business Week, we hosted this quarter’s cyberSAFE webinar, featuring a panel of experts who dove into why and how small businesses should tackle cyber security. We also published a white paper with findings from our recent survey of small business owners and their feelings toward cyber security, as well as a corresponding infographic that highlights some of the most interesting stats. You can download a recording of the webinar and check out these other materials at

Our webinar had a fantastic turnout. Thank you to everyone who joined us! Following is a quick recap, in case you missed it.

Throughout the webinar, Michael Kaiser, Executive Director at the National Cyber Security Alliance, focused on the larger picture of SMB security, stating that making small businesses safer is in everyone’s best interest: “Having a secure ecosystem is critical to our country’s economic infrastructure.” We also enjoyed his motto about storing data: “If you collect it, you’ve got to protect it.”

Justin Freeman, Corporate Counsel at Rackspace Hosting, gave insight into the legal implications of how a data breach can affect a small business, both in terms of cost, time and reputation. He mentioned cost-effective ways to start a security plan for your business: start with creating a security preparedness plan – even an informal one if needed – by communicating with your employees on security expectations, encrypt your files and/or computer, and work up to finding a service provider to help you with database management.

Chuck Gordon, CEO at SpareFoot, who provided the perspective as a small business owner, shared how his experience with SMB security has changed as his business has grown. Chuck, who’s startup has rapidly grown from under 10 employees to over 85 in the last couple of years, has focused on security since the launch of his business but has continued to increase measures as his company has grown. At SpareFoot, Chuck minimizes risk by using reputable third party vendors to store and/or handle valuable data, and he encouraged small business owners to invest a little time and money at the start of building their business, as it will cost much less than an actual breach later on.

The conversation continued on Twitter, where participants asked questions and gave advice regarding SMB security – see more Tweets below.

Thanks again to our panelists and attendees for participating. Head to to download a recording of the webinar, as well as a copy of our accompanying white paper and infographic, and keep an eye on out for upcoming cyberSAFE webinars. We’ll see you at the next one!


News Recap: Most SMBs Unable to Restore All Data Post-Cyber Attack

By | June 7th, 2013|Uncategorized|

The Ponesecurity_keymon Institute reported that out of the 29 percent of small businesses who experienced a cyber attack, 72 percent were not able to fully restore their company’s computer data. The causes of these cyber attacks included computer viruses, worms and Trojans and malware.

In addition to data loss, the small businesses who experienced a computer-based attack also had “consequences of those attacks which included managing potential damage to their reputations (59 percent); theft of business information (49 percent); the loss of angry or worried customers (48 percent) and network and data center downtime (48 percent),” said Help Net Security.

“The Internet connects even the smallest businesses to data networks and computer systems around the world,” said Timothy Zeilman, vice president for Hartford Steam Boiler in the Boston Globe. “This access also exposes companies to hackers, viruses and other computer attacks that can corrupt critical data, shut down their operations and make them liable for compromised information.”

As a small business owner, do you worry about losing valuable company data? How do you protect your company’s data? Let us know your thoughts on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

Upcoming Webinar: Risk Mitigation for Small Businesses

By | June 6th, 2013|Uncategorized|

We’ve made it a practice here at CSID to pick a security topic to focus on each quarter. For each topic we conduct a unique research survey, create a white paper and schedule a webinar with leading security experts to discuss the topic. Our goal with this practice is to create a number of resources that businesses and consumers can refer to when figuring out how to keep their businesses and identities safe, and mitigate the impact and risk when personal and business information is lost. We’ve even come up with a name for our quarterly themes and webinars – CSID cyberSAFE Series (more on that soon in another blog post).

For Q2, 2013 we decided to focus on security and risk mitigation for small businesses. An Oct 2012 Symantec survey found that 77 percent of small businesses feel their business is safe from cyber threats such as hackers, viruses and breaches. The survey also found that 83 percent of small businesses have no formal cybersecurity plan. We can understand where these businesses are coming from. They may not have the resources or time to focus on security. They may think that because they are small, hackers and thieves may not be interested in them. The truth of the matter is, small businesses do need to pay attention to cybersecurity. Lost information not only impacts consumers and employees, but also can impact the business’ health – the ability to secure a loan or credit card, and brand reputation.

We are hosting a webinar this month to talk about security and risk mitigation for small businesses. We’ve got a great panel for this discussion. Michael Kaiser, executive director of the National Cyber Security Alliance, Justin Freeman, corporate counsel at Rackspace Hosting and Chuck Gordon, CEO of SpareFoot (and small business owner) will be talking about the challenges and unexpected risks that businesses face when it comes to security as well as best practices for keeping employee and consumer information safe and the business credit report clean.  We will also be sharing some interesting stats from our own recent survey on small business security.

Save a spot on your calendar, or go ahead and register here

Webinar: Risk Mitigation for Small Businesses

When: June 18, 2013 at 12 pm CDT

Cost: Free

Register Now!


Michael Kaiser, Executive Director, National Cyber Security Alliance

Justin Freeman, Corporate Counsel, Rackspace Hosting

Chuck Gordon, CEO, SpareFoot

Industry News Recap: Combating IP Theft Through Computer Lockdowns

By | May 30th, 2013|Uncategorized|

laptop_lockThe US Commission on the Theft of American Intellectual Property released an 89-page report assessing how international intellectual property theft affects the United States. The report claims that there is more than $300 billion annually in intellectual property theft, and US Cyber Command commander General Keith Alexander calls this theft “the greatest transfer of wealth in history.”

The end of the report includes recommendations that involve combating cyber thieves. BGR states “[the Commission suggests that] copyright holders should be allowed to take more assertive action against intellectual property thieves, including developing software that will ‘allow only authorized users to open files containing valuable information’ and will potentially lock down any unauthorized computer that tries to access the file.” More specifically, the lock down will provide “instructions on how to contact law enforcement to get the password needed to unlock the account” (Network World).

Some were wary of these recommendations. Technology blog Boing Boing claims that locking down the computer is a “mechanism that crooks use when they deploy ransomware.” PC World called the lock down method “legalized ransomware” and highlighted another IP Commission recommendation: “Corporate vigilantes need not stop there, according to the commission. They could photograph hackers using the cameras built-in to the miscreant’s computer, infect the hacker with malware, or physically disable the suspected IP thief’s computer.”

Take a look at the report and the Washington Post op-ed piece the Commission co-chairs wrote to summarize the report, and let us know what you think: is combating intellectual property theft with computer lock downs and possibly infecting cyber thieves’ computers with malware extreme? Or are current cybersecurity laws too lax? Tell us your thoughts on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

Industry News Recap: More than 58 million home PCs infected with malware

By | May 3rd, 2013|Uncategorized|

malwareIn the latest Annual State of the Net Consumer Report about 58.2 million American home PCs were affected with at least one malware infection, causing an estimated $4 billion in repair costs.

“Our Annual State of the Net Report revealed that home computers are no safer than they were last year,” said Jeff Fox, technology editor for Consumer Reports.

Consumers had different ways of identifying malware on their PC. In the report, “people whose computers had been infected by malware were asked how they verify such problems. Sixty-two percent relied on antivirus software to notify them, 17 percent felt they were savvy enough to verify it themselves, and 15 percent relied on someone else with computer expertise,” said Dark Reading.

According to Consumer Affairs, even the best anti-virus software can miss malware detections. “If you find that your browser is taking you to a different site than the one you selected from your bookmarks, or a search engine gives you odd, unpredictable results, it’s a sure sign your computer is infected with malware. After all, the main purpose of malware is to give someone else control over your machine,” Consumer Affairs reported. Our development director Joel Lang recently spoke to this topic at the UT Center for Identity ID360 Conference.

In addition to a high number of home PC malware cases, it appears that malware is on the rise for small businesses and mobile devices as well.

What methods do you use to identify malware on your home or business PC? What are some ways you can prevent malware from getting onto your PC on the first place? Take a look at the three types of malware to be aware of and let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

Load More Posts