Cyber Criminals Shut Down an SMB in One Hour

By | May 11th, 2015|Uncategorized|

JomocoThere’s a huge misconception among small businesses that cyber criminals are only interested in stealing data from big names like Target, Home Depot and Neiman Marcus. This misleading mindset may cause a small business (SMB) to inadequately invest in security measures and improperly enforce security policies at work. In fact, only 2 in 5 SMBs have a social media policy in place and only 2 in 10 SMBs plan to increase security spending this year. The truth of the matter is that cyber criminals are looking for the path of least resistance that will get them the most information as fast as possible.

With the growth of startup culture across the nation, we decided to test just how easy it is for cyber criminals to infiltrate a budding business. Thanks to the ingenuity of the sales and marketing team and some dark web help from our cyber team, Jomoco was brought to life. Jomoco is a fictitious coconut water company with a groovy coconut mascot and two fabricated employee personas. We set up Jomoco like any other startup would – with a company website, server, employee personal and work email addresses, a credit card and some employee social media accounts. CSID also ensured that Jomoco’s fictional employees made common mistakes when protecting their professional and personal data online, including sharing sensitive information via email and reusing passwords across multiple sites. The real cyber criminals took it from there.

Within one hour, Jomoco was taken over by cyber criminals. The website was defaced, the credit card had been used and employees were locked out of work emails and social media sites.

Interested in finding out how cyber criminals took down this business so fast? Download our case study to get the complete story, including pictures of the defaced website and the dark web forums where Jomoco’s credit card information was shared. If you’re an SMB looking to better protect your data, here are tips from the National Cyber Security Alliance on how to make your business more secure.

How can SMBs better protect their assets? What are some ways employees can protect business data? Please share your thoughts with us on Facebook, Twitter and LinkedIn! We’d love to hear what you have to say.

ID360 Conference Sneak-Peek

By | April 29th, 2015|Uncategorized|

ID360It’s hard to believe this year’s ID360 Conference is already around the corner (May 5-6). The event, put on annually by our friends at the UT Center for Identity, brings together stakeholders and industry experts from the private sector, government and academia to discuss the latest research and most forward thinking ideas around identity management.

We’re excited about the theme this year, “The Identity Economy,” and look forward to hearing how other speakers address approach the topic. From our end, here’s a sneak peek of what we’ll be talking about next week:

  • Finding a Cure for Medical Identity Theft: Did you know a medical identity has a $50 street value whereas a social security number in comparison only sells for $1? This is just one reason why we’re seeing more and more cases of medical identity theft. CSID President Joe Ross will dive in to why medical identity theft is on the rise, how it happens, why medical identities are seen as so lucrative from a cybercriminal’s perspective, and what steps healthcare organizations can take right now to protect themselves.
  • Securing Digital Wallets Before Majority Adoption: Digital wallet and mobile payment methods are gaining momentum among consumers and retailers. They’re also gaining the attention and enthusiasm of cybercriminals – who are looking to reap the rewards of mobile payments transactions. CSID’s CIO Adam Tyler will explore the major concerns around digital wallets security from both a consumer and business perspective and also offer solutions for how to make these digital wallets more secure.
  • Identity Crimes: Your Money or Your Life?: In addition to his solo talk on Digital Wallets, Adam will also be participating on this panel, which will explore the implications of how businesses, government and law enforcement officials perceive identity theft cases and how identity theft victims perceive the crime. The panel will explore how to find a middle ground between these two perspectives – one that brings more empathy to the victim while still allowing businesses, law enforcement and government to remain effective in addressing identity theft. He will be joined by Sean McCleskey, former Special Agent at the U.S. Secret Service Center for Identity; Dennis Desmond, Chief, Identity Management Branch at USSOCOM; and Deb Griffith, Director of Government Affairs at Lifelock..

Interested in checking out the rest of the lineup this year? Check out the full agenda online.

Will we see you at ID360 next week? Tickets are still available for purchase. Also stay tuned to our Facebook, Twitter and LinkedIn for live updates and pictures from the event!

Infographic: How to Stay Anonymous Online

By | October 10th, 2014|Uncategorized|

NeoMam InfographicToday’s digital generation has made it nearly impossible to keep your identity hidden online. Social networking and sharing has created a culture of transparency, which can be beneficial when used for good, but extremely dangerous in the hands of cyber criminals. In the spirit of celebrating National Cyber Security Awareness Month (NCSAM), we wanted to share an infographic from WhoIsHostingThis that includes a few ways you can keep your identity private online.

  1. Use proxy servers. This is an easy way to hide your IP address and circumvent firewalls. Beware of using bait proxies set up by cyber criminals to mine your data.
  2. Set up a Virtual Private Network (VPN). VPNs encrypt your data through a “point-to-point” tunnel. This allows you to hide the route of your data from other Internet users. Make sure to use an up-to-date VPN service and be prepared to possibly deal with slower download speeds.
  3. TOR is an option for identity privacy, but not security. TOR encrypts your data and sends it through a random route of computer around the world. The downside to using TOR is that while your identity remains protected, your data is not safe. We recommend using the first two options before choosing TOR.

What are some other ways you can protect your identity online? Share your ideas with us on Twitter, Facebook or LinkedIn, and be sure to participate in the NCSAM conversations happening this month all over the world. Learn more about NCSAM and how you can get involved.

News Recap: Healthcare Industry Accounts for 44 Percent of Breaches

By | September 4th, 2014|Uncategorized|

medicalEarlier this year, our friends at the Identity Theft Resource Center published their latest breach statistics, showing that the healthcare industry accounted for nearly 44 percent of all breaches. According to Fortune reporter Laura Shin, 2013 “was the first time that the medical industry surpassed all others, and stood in stark contrast to the financial services industry, which represented just 3.7% of the total.”

Shin reports that the “leading causes of a breach are typical for any business: a lost or stolen computing device, an employee error, a third-party snafu.” However, there’s also a different kind of fraud that occurs in the healthcare industry, one that Shin terms “Robin Hood fraud.” In this case, family members knowingly give their insurance to an uninsured family member or friend so they may receive health care.

The effects of medical identity theft are harmful to victims and the industry. Not only can fraudulently altered medical records lead to misdiagnoses, but “clearing up a record corrupted by commingled information costs victims an average of $19,000,” reported Jane Antonio at FireceHealthPayer.

Beyond these fraudulent causes, Shin notes that “one cause has grown in importance: criminal attacks have doubled in the last four years,” according to Ponemon’s Fourth Annual Study on Patient Privacy and Data Security.

How can the healthcare industry better protect against data breaches and “friendly fraud?”  Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.


Five Simple Security Resolutions for the New Year

By | January 8th, 2014|Uncategorized|

new year blogDo you have room for one more new year’s resolution? Beyond getting fitter, healthier or smarter, vow to be more secure. Here are five simple actions you can take for a more secure year.

Refresh your passwords

Take a minute to refresh your personal and professional passwords. Make them long and use a mix of numbers, letters and symbols, and avoid using the same passwords across multiple sites. Require that your employees, customers and family do the same. Check out our Consumer Password Habits Unveiled blog post for more password advice.

Update software

Keeping your device software up-to-date can help keep your device and identity secure. So this year, whenever you see that “update available” notice pop up, click “yes”! It only takes a few moments to keep your software updated.

Shred, wipe and reformat

Erase your tracks. Shred unneeded documents, wipe old devices and reformat old hard drives so identity thieves cannot retrieve any sensitive information. Tax season will be here before you know it, and the overwhelming number of tax identity theft cases that occurred last year indicates that identity thieves are prone to using year-old information to collect refunds.

Protect your privacy

Update privacy settings on your social media pages, mobile apps and web browsers to protect against identity theft and manage your online reputation. Be sure to continually check your privacy settings, as privacy rules tend to change frequently online.

Turn on two-factor authentication

When offered, turn on two-factor authentication services for an extra layer of security. You can already do so for popular sites like Gmail, Twitter, Apple, and Dropbox.

Which of these do you plan to adopt? What other simple security resolutions have you made for the new year? As always, let us know on Twitter and Facebook.

News Recap: New Texas Law Aims to Protect Children From Identity Theft

By | January 3rd, 2014|Uncategorized|

Texas law blogAt the start of 2014, Texas passed a law enabling parents to create a security freeze on their children’s consumer and credit files. Texan residents 16 and under will be protected under this new legislation, which aims to prevent children from becoming victims of identity theft or credit card fraud.

KVUE’s Jim Bergamo quoted Texas Senator Jane Nelson, who helped to get this bill passed, saying: “A staggering number of Texas children have fallen victim to illegal child identity theft, putting them at risk for credit problems before they ever reach adulthood.”

Last year, CSID surveyed parents on the topic of identity theft and found many were aware of child identity theft, but 88 percent were not actively taking measures to prevent the misuse of their child’s online information.

While many seem to be in support of the legislation, some speculate whether this will protect children from the people closest to them. D’Ann Johnson, a resident of Austin, Texas, pointed out in an interview with KVUE, “there are parents who steal their children’s identity, because they themselves have bad credit. So, giving parents control over children’s credit might not always be in the best interest of the child.”

You can find a full summary of the law by visiting LegiScan.

Do you think this law is an effective preventative measure against child identity theft? Do you think Texas will see a reduction in the number of child identity theft and credit card fraud cases? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Survey Finds College Students are Concerned About Online Privacy

By | September 20th, 2013|Uncategorized|

Blog picA recent survey by AnchorFree, online privacy and security firm, found that U.S. and U.K. students shared considerable insight regarding the concerns of their privacy online. The study revealed that most college students are, in fact, concerned about their online privacy – particularly as it relates to their future endeavors.

According to Ben Dipietro of the Wall Street Journal, the survey found that “14% of college students said they experience identity theft, 80% suspect their online activity is monitored by school officials and 79% think their online activities might compromise future job projects”. U.S. News reporter Samantha Gordon highlighted, “68% felt videos and photos posted during college could resurface later on in life and create unnecessary issues.”

While most reports show that students are concerned with online privacy, ZDNet quotes CEO of AnchorFree, David Gorodyansky, about why college students might be so concerned. Gorodyansky explains, “College students all over the world tend to be among the most mobile and digitally connected… On top of that they are more frequently targets of online hackers and identity thieves because of their limited credit and employment histories. It is critical that they take control of their personal information online.”

In your opinion, what can students do to better protect against ID theft and increase their online privacy? And how can they take control of their online reputations as they enter the workforce?

This topic will be part of our cyberSAFE Series discussion this Tuesday, 9/24, as we talk to experts in our free webinar, “Managing Online Reputation in a Digital World.” Reserve your spot here. And as always, join the conversation on Twitter and Facebook, and check out our Tumblr for the latest industry news stories.

ID360 Conference 2013 – The Global Forum on Identity

By | May 1st, 2013|Uncategorized|

We spent the past couple days at ID360, the UT Center for Identity’s annual conference that gathers information security professionals from around the world to discuss issues in security, privacy and identity. Some of the hottest topics this week included identity management, Big Data and analytics, the definition of privacy and the shifting cybersecurity ecosystem. Three of our CSID team members spoke at the conference and covered a number of these topics.

CSID Vice President Bryan Hjelm kicked off Tuesday morning with a presentation on the future of identity. The identity protection industry started with credit-monitoring techniques like monitoring our credit reports for fraud. We then moved toward identity monitoring for personal information like email addresses and passwords. Now we’re taking it a step further, toward identity management. As an industry, we now focus on non-credit monitoring, child identity monitoring, small business monitoring and two-factor authentication. See Bryan’s poster below, next to a poster from CSID’s Joel Lang.


Later that afternoon, CSID president Joe Ross joined a panel of security leaders to discuss the impact of social and mobile Big Data on identity and privacy. A key takeaway from the discussion was that with so much social and mobile data out there, we, as individuals and businesses, have a real version of the once-fictitious “permanent record.” Once your information is posted on the Internet, it’s out there for good. It can be found by potential employers or predators years later. Joe also talked to the global aspect of such data, pointing out challenges we face in finding globally universal identifiers, as Social Security numbers are give only to U.S. citizens.


Lastly, CSID development director Joel Lang presented on the nature of malware and the importance of credentials. Just one piece of malware or one compromised credential can easily lead to an entirely infected or breached network.

For a more in-depth look at the conference, see the Twitter discussions. Also, be sure to keep an eye on the Resources section of our website for copies of Bryan and Joel’s topic papers and presentations.

Did you attend ID360 this year or last? What messages resonated most with you? As always, let us know on Facebook or Twitter.

Our SXSWi Panel Picks

By | March 1st, 2013|Uncategorized|

sxsw2013Austin is a-buzz with preparations for the 2013 SXSW Interactive Festival, and we’re so excited for it to kick off! For those of you attending this year’s events, here is a list of panels covering biometrics, identity, big data including healthcare, reputation management and privacy. And if you’re still in search of a place to stay, don’t forget to enter our giveaway before 3/6! See you at SXSWi!

Friday, March 8

I Know Where You’re Going: Location as Biometric

  • Summary: This session will discuss location data as the ultimate biometric identifier, including the legal and technical aspects of location information as biometrics, what this means for privacy and civil liberties and what consumers can do about it.
  • Speakers: Jennifer Lynch, attorney, Electronic Frontier Foundation and Jeff Jonas, IBM
  • Date/Location: Friday, March 8, 3:30 – 4:30 pm, Radisson Town Lake

The New Nature vs Nurture: Big Data & Identity

  • Summary: Increasing availability of data changes how we are able to know and define ourselves – at the risk of being defined by algorithms that we can’t control
  • Speakers: Jen Lowe, Assoc Research Scholar, Columbia University Spatial Information Design Lab and Molly Steenson, Asst. professor, University of Wisconsin-Madison
  • Date/Location: Friday, March 8, 5 – 6 pm, Radisson Town Lake


Saturday, March 9

Who Owns the Data? Self-Tracking to Health 2.0

  • Summary: While the healthcare system is in the midst of reform, what must we do to put the massive quantities of data it holds to more efficient use for the community?
  • Speakers: John Wilbanks, chief common officer, Sage Bionetworks and Martha Wofford, vp consumer platform, Aetna
  • Date/Location: Saturday, March 9, 12:30 – 1:30 pm, Sheraton Austin


Monday, March 11

Privacy in a Location-Based World

  • Summary: A discussion on the boundaries of privacy and location-based services
  • Speaker: Damien Patton, Founder/CEO, Banjo
  • Date/Location: Monday, March 11, 5 – 6 pm, Sheraton Austin


Tuesday, March 12

Privacy in the Age of Augment Reality

  • Summary: What will privacy and anonymity mean in the coming age of augmented reality – a future where online and offline data will seamlessly blend?
  • Speaker: Alessandro Acquisti, professor at Carnegie Mellon University
  • Date/Location: Tuesday, March 12, 9:30 – 10:30 am, Radisson Town Lake

What’s in a name? Anonymity, Then and Now

  • Summary: A legal and historical look at the anonymity and anonymous speech on the internet
  • Speakers: Nabiha Syed, a First Amendment lawyer, and Katie Engelhart, a historian and author
  • Date/Location: Tuesday, March 12, 3:30 – 4:30 PM, Austin Convention Center

Reputation as Currency: Is the Resume Extinct?

  • Summary: What happens when online trust and social reputation move beyond the commerce space? Could online reputation replace traditional validation engines?
  • Speaker: Leah Busque, TaskRabbit, Founder and CEO
  • Date/Location: Tuesday, March 12, 12:30 – 1:30 pm, Austin Convention Center

Kids as Young as Two Have an Online History

By | February 27th, 2013|Uncategorized|

digital_footprintThis guest blog post comes from Russ Warner, CEO of ContentWatch – makers of parental control software, Net Nanny.

Remember when you brought your first date home? My siblings delighted in showing her embarrassing photos of me. Well, there isn’t much reason to pull out the ole photo album anymore. Most people can “friend” you or your family members online and or just find your public profile to see many pics or details you may have wanted to keep private.

This trend now affects everyone. In fact, one recent study said 92 percent of kids under the age of 2 already have a digital footprint. Kids that age are too young to post online by themselves of course, it’s their parents and/or siblings that have created their digital profile.

It starts with the ultrasound pic announcing pregnancy. Then you read live Tweets during birth, divulging the exact date and time of the baby’s birth. Once online, information cannot be easily removed.

As a child grows, the excited parents’ online friends will see updates about potty-training and funny first words. This happens years before baby even knows about social media sites.

What happens when the child becomes a teen and signs up for Facebook? Will his mom “tag” him in his ultrasound picture?

This is trend of openly sharing our lives online is new ground. Social media has only really been around for a few years. Today’s thirteen year-olds wouldn’t have had their ultrasound pics posted on Facebook, Tumblr or Instagram. But parents now upload personal information all the time.

There are many types of professionals who make a living finding and using your personal information. They range from identity thieves, hackers, private detectives, bounty hunters, and even skiptracers.

What’s a skiptracer? One of our Net Nanny Community fans, Carolynn Y, is a skiptracer. Her job is to find personal information, for any number of purposes. A skiptracer is similar to a private investigator.

Carolyn said: “I find people for a living; I find most people through their children who post their cell phone numbers on their open access Facebook pages. In fact, when I am trying to find someone, I go to Facebook and look for a person’s “young” relatives. They almost always have their privacy settings loose and they either post their number on their wall (especially when they get new ones) OR they post their numbers on their best friend’s posts. I find them there too.”

So what’s a proud parent to do? Should you share every detail about your kids online? Maybe. But you have to be very careful about what and with whom you share.

Two suggestions:

1) Invite trusted family and friends to a private blog, on the condition they never repost or share the details you share.

2) If you really need to post something on Facebook, post it to a select group of friends, not your entire friend list. Don’t make your profile public.

Based on what’s done today, this might sound paranoid. But, I believe it’s a sound practice.

These safety measures aren’t foolproof, of course. One unscrupulous friend can post or tag you in an embarrassing photo anytime. But it’s better than going down the path we are all on.

To read a related, somewhat frightening story (mostly fictional) that I shared previously, see the following article: Your Online Privacy (Or Lack Thereof). This discusses what might happen in the future when companies recruit new employees or insurance companies research customers. With thousands of details available online, a potential employee or customer can’t hide the facts about their life.

I work for Net Nanny and the opinions expressed here are my own.

Load More Posts