7 Steps to Secure Profitable Business Data (Part III)

By | July 10th, 2011|Uncategorized|

By John Sileo, [cc id=’csid’] consumer security expert

In Part II of this series, we started getting on our way in the technological side of protecting our business’ data. Once you go through with the remaining three steps, you should feel confident in the measures you took to secure your business.

5. Don’t let your mobile data walk away. Mobility, consequently, is a double-edged sword (convenience and confidentiality); 36-50% of all major data breaches originate with the loss of a laptop or mobile computing device.

Strategy: Hire a security professional to implement strong passwords, whole disk encryption and remote data-wiping capabilities for your laptop. Set your screen saver to engage after 5 minutes of inactivity, and set a password for re-entry. Finally, lock your goldmine of data down when you aren’t using it—Store it in a hotel room safe when traveling, or lock it in a private office after work. Physical security is the most overlooked, most effective form of protection.

6. Spend a day in your dumpster. You have probably already purchased at least one shredder to destroy sensitive documents before they are thrown out—but you probably don’t use it regularly.

Strategy: Take a day to pretend that you are your fiercest competitor, and sort through all of the trash going out your door. Search for sensitive documents. Do you find old invoices, employee records, bank statements and other compromising papers? Parading these documents before your staff is a great way to drive your point home. Occasional “dumpster audits” will inspire your employees think twice about failing to shred the next document.

7. Anticipate the clouds. Cloud computing is quickly becoming a major threat to the security of organizational data. Whether an employee is posting sensitive corporate info on their Facebook page or you are storing customer data in a poorly protected, noncompliant server farm, you will ultimately be held responsible when that data is breached.

Strategy: Evaluate your business’ use of cloud computing by asking these questions:

  • Do you understand the cloud service provider’s privacy policy?
  • Do you agree to transfer ownership or control of rights in any way when you accept the provider’s terms of service (which you do every time you log into the service)?
  • What happens if the cloud provider goes out of business or is bought out?
  • Is your data stored locally, or in another country that would be interested in stealing your secrets?
  • Are you violating any compliance laws by hosting customer data on servers that you don’t own, and ultimately, don’t control? (If you are bound by HIPAA, SOX, GLB, Red Flags or other forms of legislation, you might be pushing the edges of compliance.)

This is a cost-effective, incremental process of making your business a less attractive target. Remember, the process doesn’t start working until you do; so take these simple steps, including those in Part I and Part II, to starve data thieves of the information they literally take to the bank, and secure your business.

[cm id=’john-sileo-bio’]

Top 7 Tips to Prevent Identity Theft (Part I)

By | May 28th, 2011|Uncategorized|

By John Sileo, [cc id=’csid’] consumer security expert

Step one of my 7 Steps to Secure Profitable Business Data is to “Start with the humans.” It is crucial to the success of your business’ security efforts that you give your employees the tools to protect themselves personally from identity theft. This develops a privacy language and framework that can be easily adapted to business security.

Pass on the following tips to your employees—seven easy measures to help prevent personal identity theft:

1. Monitor Your Accounts Online

One of the quickest ways to detect identity theft is to monitor your credit card, bank and brokerage accounts online. By doing so, you speed up the detection time and shut down fraud before it becomes a major problem. You can do this either by logging on to the website for the financial provider in question (e.g., your bank), or by setting up automatic account alerts that warn you by email or text message anytime a transaction occurs on your account.

For example, if you have credit card account alerts set up to notify you by email, and you receive an alert that $1 has been spent at a gas station when you haven’t been to a gas station that day, you know that your card has been compromised. Thus, you can shut it down immediately before you become liable for the fraud. Alerts are a painless, immediate way to keep tabs on your financial health.

2. Use Surveillance to Monitor Your Identity

Only about 25% of identity theft can be caught by monitoring credit reports, but there are more sophisticated identity theft monitoring and protection services in the marketplace. I have used [cc id=’csid’] for the past five years because of the quality and volume of monitoring they provide, the convenience of their service and the safety of their data centers.

The product automatically monitors all of the potential sources of identity theft so I don’t have to do it myself. I receive a monthly email letting me know if there are any areas that I should be concerned about. That way, I only have to think about it when necessary. Again, convenience is crucial—If we make it easy to be safe, we will be safe!

You should expect to spend approximately $150 per year for a good service. Keep in mind this is likely less than you spend to insure your car and home, which are worth far less than your identity.

3. Opt Out of Financial Junk Mail

There are complete industries built around collecting, massaging and selling your identity data and habits. Companies buy bits of your privacy so that they can knowledgeably market products to you that you are likely to purchase.

“Pre-Approved” credit card offers, for example, are major sources of identity theft. They give thieves an easy way to set up credit card accounts in your name without your consent. The thieves then spend money on the card, leaving you with the mess purchases that you didn’t make.

The solution is to “opt out” of receiving financial junk mail such as pre-approved credit, home loan and insurance offers. Notify organizations that collect your personal information to stop sharing it with other organizations. This minimizes the amount of your personal information bought and sold on the data market.

To easily opt out of pre-approved credit offers with the three main credit reporting bureaus, call 1-888-567-8688 or visit www.OptOutPreScreen.com.

Have your employees begin to conquer these initial tasks—completing the tasks will help your them understand identity security and be ready to take on the remaining four tips, coming soon.

[cm id=’john-sileo-bio’]

7 Steps to Secure Profitable Business Data (Part II)

By | April 1st, 2011|Uncategorized|

By John Sileo, [cc id=’csid’] consumer security expert

In the first part of this article series, we discussed the first two steps of securing your business data, which focus on resolving the underlying human issues behind data theft. The remaining five will help you begin protecting the technological weaknesses common to many businesses—take on the next two:

3. Stop broadcasting your digital data. There are two main sources of wireless data leakage: 1) the weakly encrypted wireless router in your office and 2) the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Both connections are constantly sniffed for unencrypted data being sent from your computer to the web.

Strategy:

1) Have a security professional configure the wireless router in your office to utilize WPA-2 encryption or better, implement MAC-specific addressing, mask your SSID, and do a thorough security audit of your network. You will never be sorry for investing the additional money in cyber security.

2) To protect your data while surfing on the road, set up wireless tethering with your mobile phone provider (Verizon, Sprint, AT&T, T-Mobile) and avoid using free or fee hot spots. Data criminals can easily “sniff” the data you send across these free connections.

4. Eliminate the inside spy. Most businesses don’t perform background checks when hiring new employees, yet much of the worst data theft ends up resulting from “inside jobs.” Not surprisingly, the number one predictor of future theft by an employee is past theft—most employees who are dishonest now were also dishonest in the past, which may be why they have moved on from former employers.

Strategy: Invest in a comprehensive background check before you hire, and follow up on the prospect’s references. Investigating someone’s background will give you the knowledge necessary to let your gut-level instinct go to work. In addition, letting your prospective hire know in advance that you will be performing a comprehensive background check will discourage dishonest applicants from pursuing the job.

Stay tuned for Part III of this series. Soon you’ll have a more secure system in place and can rest easier about the safety of your data.

[cm id=’john-sileo-bio’]

7 Steps to Secure Profitable Business Data (Part I)

By | February 15th, 2011|Uncategorized|

By John Sileo, [cc id=’csid’] consumer security expert

Everybody wants your data. Why? Because it’s profitable, it’s relatively easy to access and the resulting crime is almost impossible to trace.

Take, for example, the 100+ million customer records have been breached in the past months. Sony PlayStation Network, Citigroup, Epsilon, RSA, Lockheed have faced billions in recovery and reputation damage costs.

To minimize recovery costs, you must minimize risk and secure your business data. Take the following steps in this three-part series and you’ll be well on your way.

1.  Start with the humans.
Companies often only approach data privacy from the perspective of the company. This is a costly data security mistake, as it ignores a crucial reality: All privacy is personal. You employees will only care about data security or property protection when they understand their direct involvement.

Strategy:
Start with the personal and expand into the professional. Give your employees the tools to protect themselves personally from identity theft. In addition to showing them that you care, you are developing a privacy language and framework that can be easily adapted to business. Once your employees understand the security framework from a personal standpoint, it’s a short leap to apply that to your business security.

2.  Immunize against social engineering.
The root cause of most data loss is not based on technology; it is based on human beings who make costly miscalculations out of fear, confusion, bribery and a sense of urgency. Data thieves can manipulate information out of your employees by pushing these buttons.

Strategy:
Immunize your workforce against such social engineering. Train them to do the following when asked for information:

  • Utilize professional skepticism. Automatically assume that the requestor is a spy of some sort.
  • Take control of the situation. If you didn’t initiate the transfer of information, stop and think before you share.
  • Expose fraud. During this moment of hesitation, ask a series of aggressive questions aimed at exposing fraud.

When doing this type of training, whether it is for the Department of Defense, a Fortune 50 or a small business, try making a game out of it—make it interesting, interactive and fun, as that is how people learn best.

While these first two steps are not what you might traditionally associate with data security, they have everything to do with human behavior. You must begin with the human factor, with core motivations and risky habits, to increase the success of your privacy initiatives. You need to build a coalition; you need to instill a culture of privacy, one security brick at a time.

Look out for Part II and Part III of the 7 Steps to Secure Profitable Business Data to round out your business security efforts.

[cm id=’john-sileo-bio’]

John Sileo – Privacy and Identity Theft Expert

By | September 12th, 2010|Uncategorized|

John Sileo’s identity was stolen out of his corporation and used to commit a series of crimes, including $300,000 worth of digital embezzlement. While the data thief (an “internal spy”) operated behind the safety of John’s identity, John and his business were held legally and financially responsible for the felonies committed. Ultimately, the data breach destroyed John’s corporation and consumed two years of his life as he fought to stay out of jail. But John chose to fight back and speak out.

Emerging from this crisis, John became a professional speaker on identity theft protection and corporate data privacy, teaching audiences to bulletproof their bottom line against data breach. John is a contributing writer for CSIdentity’s blog, among many others, and his book, “Stolen Lives: Identity Theft Prevention Made Simple“, has won several awards.

For more information on John Sileo and identity theft protection, please visit www.thinklikeaspy.com.

Load More Posts
WordPress › Error

There has been a critical error on this website.

Learn more about troubleshooting WordPress.