Kids and Their “Digital Footprints”

By | August 20th, 2014|Uncategorized|

backtoschool_082014This guest blog post is a part of our cyberSAFE blog series focusing on back-to-school security, privacy and identity topics. It comes to us from Diana Graber, co-founder of CyberWise, the go-to-to source for busy adults who want to learn how to embrace digital media fearlessly, and the CyberWise Certified online learning program (check out the course on “Online Reputation Management”). She developed and teaches middle school “Cyber Civics” at Journey School in Aliso Viejo, CA. Diana has an M.A. in Media Psychology and Social Change and is a regular contributor to the Huffington Post.

My daughter, who is busy preparing to go off to college, burst into my office yesterday with a question, “Why in the world did you ever let me get a Facebook page in 8th grade?”

The reason for her outburst was that she’d just received an email from her university telling her the names of her future roommates… you can imagine what every student does the moment they receive this information—they look each other up on Facebook. She anguished over silly and embarrassing posts on her page from 8th grade. She felt that the mistakes she made as a tween were tarnishing her online reputation as a young adult.

Understanding the impact of one’s online reputation—or, “digital footprint”— is challenging, even for those of us who have been online for a long time. We see examples of adults being digitally disastrous every day and we certainly can think of someone who has shared too much information or posted a photo that makes us cringe. So, imagine the difficulty of trying to introduce the concept of a “digital footprint,” and its future ramifications, to kids who are just starting to make their online reputations take shape.

That’s what I do in 6th grade Cyber Civics™ classes at Journey School in Aliso Viejo, CA. To teach this concept I use a lesson from Common Sense Media and adapt it to make it particularly relevant to my students. For example, one class had just completed a very successful pie-making/selling fundraiser called “Sweetie Pies,” so I told these students that as “owners” they were going to hire a national spokesperson for their thriving venture. In this engaging experience, the children consider two applicants, Jason and Linda, by reviewing their “digital footprints.”

After conducting this digital background check, the students were asked to consider which candidate they should hire based on the following criteria: Who was more honest and who worked well with others? They broke into small groups to ponder this decision and after considering all the online evidence (not so good), most groups decided not to hire either candidate.

The best part of this lesson, however, is the follow-up activity: students were given a blank footprint and told that it represented their “digital footprint.” Their task was to think about what they wanted it to say in 10 years by filling it in with words and images that described their future selves.

These students designed footprints that said they’d be professional soccer players, artists, scientists, musicians, gamers, fashion stylists and more. Some footprints indicated that these kids were going to win the Nobel Peace prize, the Heisman trophy, feed the homeless and perform hundreds of pet rescues.

Of course only a fraction of these digital dreams will come true, but the point is this: it gives kids the idea that they can, and should, shape their own online reputations, or “digital footprints” and be proud of the online self they show to the world.

Employee Social Media Use Can Affect Small Business Reputation

By | June 2nd, 2014|Uncategorized|

Social guest postThis post is part of our cyberSAFE series focusing on SMB financial and reputational risks. You can learn more about the financial and reputational risks SMBs face during every phase of business growth by registering for our upcoming webinar on June 10th at 12 PM CT.

This cyberSAFE guest blog post comes to you from Jasmine McNealy, Assistant Professor at the University of Kentucky and privacy and law blogger at Unmasking Doe.

Social media has proven an indispensable tool for businesses of all sizes. It’s used by organizations to manage customers, respond to complaints, and to build social capital. And social media can certainly can build or ruin a reputation. This is, no doubt, one of the reasons that over 15 million businesses, companies and organizations have pages on Facebook.

But it is not solely corporate use of social media tools and sites that should be of concern when building a business reputation. Employee social media habits – including inappropriate posts and insecure password practices – can affect an organization both positively or negatively. Many social media users display affiliation information in their online bios, and tools like LinkedIn make it easy for anyone to find out the name of a user’s workplace. Usually, this affiliation information or the ability to find an individual’s employer is benign, and the employee’s use of social media has no effect on company reputation. Yet, when that employee is involved in or says something untoward on social media, or a hacker gets hold of an employee’s credentials, there can be consequences for their employer as well.

One need only consider the recent Justine Sacco tweet scandal for an illustration of this. In December 2013, Sacco, then a corporate communications professional at leading Internet company IAC, tweeted, “Going to Africa. Hope I don’t get AIDS. Just kidding. I’m white!” before embarking on a many hours long plane trip to South Africa. Twitter reaction was swift and brutal, with the hashtags #JustineSacco and #HasJustineLandedYet trending for hours while watchers waited for her plane to land. Although Twitter’s reaction to her, individually, was considerable, the response of her employer was also significant. The company fired Sacco, but not before being contacted via Twitter, phone, email and other social media inquiring about its reaction to its employee making such statements.

It would be nice to say that incidents like that of Sacco are few and far between. Yet the continuing growth in social media outlets and use make all organizations vulnerable to having to go into crisis communication mode as a result of an employee’s comments. Here are a few tips that may help to mitigate this concern:

  • If you encourage employee social media use, consider requiring that employees make separate personal and professional accounts.
  • Require that social media passwords must be different from work logins. Employees should not reuse their work emails and passwords for personal sites. This serves as a barrier of protection for work accounts, in case an employee’s social media account is hacked into.
  • Make sure that the corporate social media accounts are the most popular. In this way customers and other consumers may recognize the organization’s statements as reflective of corporate conscious.
  • Never attempt to censor employees. Instead, offer social media training that increases their information literacy, and allows them to understand that actions (or speech) have consequences. Let them know what is appropriate to post on social media and what is sensitive company information.

News Recap: Identity Obese – What it Means

By | March 28th, 2014|Uncategorized|

Identity ObeseIt is common practice in today’s digital age to save personal information to online retail, banking and social accounts. However, storing information online makes you a target to identity thieves interested in collecting and selling personal information on the black market. There’s a new term for users who have too much information stored online: “identity obese.”

Henry Bagdasarian, Author of Identity Diet, defines identity obesity by comparing a consumers food consumption habits and the relationship to weight obesity.

“As eating more of the wrong things can quickly lead to health and weight problems, managing too many personal information components the wrong way can also quickly lead to identity theft,” Bagdasarian reported. “As I continue my research about the causes of identity theft and related risks or solutions, I am convinced that both consumers and companies unnecessarily accumulate and share personal information at an alarming rate without the understanding of the risks and/or willingness to adjust their identity management practices.”

Bagdasarian makes it clear that companies can also fall victim to identity obesity, but at a much greater cost. He makes the clear distinction that identity obesity of a consumer simply puts the consumer at risk. However, when a company unnecessarily collects and shares the information of its customers, it has the ability to put their entire customer base at risk for identity theft. During our 2013 Risk Mitigation for Small Business webinar, SMB CEO Chuck Gordon of SpareFoot encouraged SMBs to avoid collecting unnecessary personal information from customers, and executive director of the National Cyber Security Alliance Michael Kaiser agreed with a motto CSID has now adopted: “if you collect it, you’ve got to protect it.”

The Identity Management Institute recently shared a video about the effects of identity obesity and what this issue can look like based on the simple actions you take each day.

Are you identity obese? What are the best ways to avoid becoming identity obese? How can you identify an obese company? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Cyber Security Takeaways From South By Southwest Interactive

By | March 20th, 2014|Uncategorized|

Cyber security was a hot topic this year at South by Southwest Interactive (SXSWi), the digital, film and music festival held in our headquartered city of Austin, TX. We took part in the security discussions by sharing some mobile security tips, hosting a networking party Saturday night and participating in three SXSWi panels. Take a look at our SXSWi activities and what we learned

SXSWi PostCSID President Joe Ross and CIO Adam Tyler Shared Mobile Security Tips

Prior to the festival starting, Joe and Adam got behind the mic and in front of the camera to share mobile security tips. Joe on KLBJ radio and Adam on KXAN News, both discussed how a large event like SXSWi attracts cyber criminals as there is an onslaught of out-of-towners and a tendency for conference-goers to use public Wi-Fi. Here are a few suggestions they shared with the audiences to help protect against mobile risks during the festival:

  • Avoid using public Wi-Fi and use a VPN for added security, if possible.
  • Use a different mobile passcode during the festival and then change it back to your original code when you travel home.
  • Be cautious about downloading new apps during the festival. Always download apps from a credible app store.

We Hosted Our Annual “Protect Your Buzz” SXSWi Party

We held our annual “Protect Your Buzz” party at Star Bar on Saturday during SXSWi and had a chance to connect with security professionals, strengthen partner relationships and celebrate our hardworking employees. And as always, we enjoyed food from our favorite Tex Mex caterer– Valentina’s!

CSID CIO Adam Tyler Demonstrated the Power of a Malicious $20 Hacked Router

In his “When Good Technology Goes Bad: Mobile Technology” solo panel, CSID CIO Adam Tyler showed how inexpensive, readily available technology can be hacked into a malicious device used to create “man-in-the-middle” attacks. Here are the key takeaways from his panel:

  • If you must connect to Wi-Fi on your laptop, take a moment at the end of your session to “forget” the network. This can help you avoid man-in-the-middle attacks that allow malicious technology to connect to your device via past networks. Smartphones and tablets, however, do not have the capability to “forget” networks, so the best policy is to not connect to public Wi-Fi at all.
  • Make sure your mobile device does not automatically connect to Wi-Fi. You should always manually choose a secure Wi-Fi connection on your device.
  • While technology can be manipulated into malicious devices, you should never be afraid of using technology. In fact, the better informed you are about technology, the better armed you are to protect against the bad.

Internet Privacy Lawyer Parry Aftab Partnered with CSID to Talk Reputation

The hour-long SXSWi panel, “That Was the Old Me: Managing Online Reputation,” featured CSID’s VP of Product and Marketing Bryan Hjelm and renowned Internet privacy lawyer Parry Aftab. They discussed how personal and business digital presences have evolved in our fast-paced world and the implications of a damaged online reputation. Some crucial lessons:

  • Suppression services can help hide unwanted, and many times untrue, articles, web profiles, etc. that can hurt a reputation.
  • Hiring managers are looking at social media more than ever to determine whether a candidate is fit for a job.
  • The excessive reuse of passwords across multiple websites and the frequency with which teens share their passwords can put many at risk for identity theft, which can lead to damaged reputations as well as injured credit.

Two Child Online Safety Advocates Discussed Child ID Theft in a Roundtable Discussion

In CSID’s third security panel, “Growing Up Unprotected: Child ID Theft,” CEO of Inflection Point Global Chris Crosby and CEO of Lookout Social Clay Nichols discussed how child ID theft should be a top privacy concern for parents. Here are some lessons learned from the discussion:

  • Children have a digital footprint before they are even born! This early digital footprint can make cyber criminals aware of a fresh identity on which to prey.
  • Many parents are unaware that child identity theft is a growing problem, since there are many other frightening cyber challenges they face, such as cyber bulling.
  • To combat cyber criminals, parents can start the digital safety conversation early with children. Let kids know why they should not share their passwords with others and educate them on what is appropriate to post on social media.

News Recap: Social Engineering Threats to Businesses

By | February 27th, 2014|Uncategorized|

SMB postA few weeks ago, we shared the story of @N_is_stolen; where Naoki Hiroshima’s online accounts were attacked and held at ransom, in order to have access to his Hiroshima’s coveted “$50,000” Twitter handle. A recent update in his story arose: Twitter was able resolve the incident by restoring Naoki with his @N handle. Megan Guess of Ars Technica quotes a tweet from Hiroshima on Tuesday that said, “Order has been restored.” While this is good news for Hiroshima, other stories like his are continuing to spread across headlines.

Paul Mah of Fierce CIO Tech Watch shared the story of Josh Bryant, the founder of a start-up business who nearly lost his entire company to a social engineering attack. Mah writes, “The target of this hacker was Josh Bryant’s Twitter username of @jb and its popularity due to it representing the initials of superstar Justin Bieber. In his case, the attacker targeted various online services that Bryant used with social engineering tactics to gather more fragments of information along the way.” Bryant states that his attackers hoped to gain access to his personal information through his accounts with Apple and Amazon. Mah comments, “It is worth noting that disaster was prevented only because Bryant was online at the time of the attempted hijack, and followed on the heels of the various password reset notifications in an active bid to stymie the attacker.”

Fahmida Y. Rashid reported on last week’s Kaspersky Lab Security Analyst Summit, where senior security researcher David Jacoby shared his experience with a different approach to social engineering. Rashid writes, “Jacoby was invited by a company come in and tests its defenses. As it turned out, he didn’t need any fancy hacks or zero-days to get through. It was all social engineering.” Rashid continues by explaining Jacoby’s step-by-step process to infiltrating and gathering information from this company. In closing, Jacoby believes that as a business “It’s really hard to defend against social engineering because it’s human nature to want to be nice and helpful. We want to give people the benefit of doubt and not assume everyone is out to cause harm, but it’s exactly this human emotion that makes us fail at security.”

What procedures and policies should businesses incorporate in order to protect the company and its employees from falling prey to social engineering attacks? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Adding Social Verification to the Multifactor Authentication Mix

By | February 24th, 2014|Uncategorized|

Social VerificationMultifactor authentication is nothing new. In fact, “secret questions” to reset passwords or verify your identity have been around for a long time. However, social networking has made it easier than ever for cyber criminals to find personal information often used to answer “secret questions,” such as a mother’s maiden name, a favorite pet or a school mascot. Using social engineering tactics, cyber criminals can access personal data of even the most private person. Social verification is a new tactic that businesses are starting to use that makes it more difficult for cyber criminals to false authenticate a login.

Mashable’s Rebecca Hiscott reports that “Facebook is already employing a form of this social verification: When you log in to the platform from an unknown computer, the site will ask you to identify the names and faces of several of your friends. That kind of data is much more secure than your mother’s maiden name; it would be difficult for a hacker half a world away to determine this information in the space of a few minutes.”

There are other forms of multifactor authentication that are coming to market. Biometrics is one example and uses something a person is such as voice or a fingerprint as a second form of authentication. CSID provides VoiceVerified, a patent-protected voice biometrics technology to authenticate individuals. Geo-fencing is another. Hiscott mentions LaunchKey, an authentication software with authentication factors including “the ability to pair devices together — for example, making it impossible to log in to your work computer without also having your mobile phone nearby — and geo-fencing, which entails setting a geographical radius for logins. None of these relies on personal data beyond an individual’s location.”

Many businesses are getting on board with multifactor authentication, making it more widely accepted and adopted. Microsoft Office recently rolled out multifactor authentication to Office 365 business users, PC World John Ribeiro reported. The future of biometrics includes incorporating these “invisible” identifiers, like geolocation awareness or even the cadence with which you type. The more hassle-free it is for consumers to use and the harder it is for cyber criminals to guess or fake, the more widely adopted multifactor authentication will become, therefore making our digital world a safer place.

What do you think about multifactor authentication? Does your business employ two-factor authentication? On personal accounts, have you opted into multifactor authentication? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

 

News Recap: Cyber Attacks through Social Engineering

By | February 7th, 2014|Uncategorized|

social engineeringIn today’s digital age, nearly everything we do online requires an account composed of a username, password and other important personal data – including answers to private questions for password reset options – unique to each individual. It’s these pieces of information that are the foundation for a person’s “digital life,” or what you could call your digital DNA. Building a digital life through online accounts typically makes things easier and provides such benefits as increased efficiency, ease of use and personalization. Despite the many conveniences, your digital life could be in great danger without proper security precautions. One of the latest trends of online attackers is social engineering, which is the practice of manipulating users into performing certain action that will provide the attacker privileged information.

Karissa Bell of Mashable shared the story of Naoki Hiroshima – a man with a coveted digital presence. According to Bell, “Naoki Hiroshima claims to have tweeted using the @N handle since signing up for Twitter in 2007. In that time, he said, he has fended off multiple attempts by attackers to take control of the coveted one-character account. He claims he was once even offered $50,000 in exchange for the handle.” Bell goes on to tell the story of how Hiroshima experienced several breaches of online accounts including PayPal, GoDaddy and Facebook that eventually ended in the hacker blackmailing Naoki into handing over control of his @N Twitter handle.

In his own words, Hiroshima wrote, “As of today, I no longer control @N. I was extorted into giving it up.” Continuing his story, Hiroshima describes with great detail the great lengths his attackers went to in order to secure his information, including holding his GoDaddy domain names and other information hostage until the handle was released. Knowing the severity of his attackers to his digital livelihood, Hiroshima saw no other option than to relinquish the desired Twitter handle.

What can you do in order to protect your digital presence from attacks like this? How can you work with third party sites to better protect your information? What tools can be used to better monitor your digital presence? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Five Simple Security Resolutions for the New Year

By | January 8th, 2014|Uncategorized|

new year blogDo you have room for one more new year’s resolution? Beyond getting fitter, healthier or smarter, vow to be more secure. Here are five simple actions you can take for a more secure year.

Refresh your passwords

Take a minute to refresh your personal and professional passwords. Make them long and use a mix of numbers, letters and symbols, and avoid using the same passwords across multiple sites. Require that your employees, customers and family do the same. Check out our Consumer Password Habits Unveiled blog post for more password advice.

Update software

Keeping your device software up-to-date can help keep your device and identity secure. So this year, whenever you see that “update available” notice pop up, click “yes”! It only takes a few moments to keep your software updated.

Shred, wipe and reformat

Erase your tracks. Shred unneeded documents, wipe old devices and reformat old hard drives so identity thieves cannot retrieve any sensitive information. Tax season will be here before you know it, and the overwhelming number of tax identity theft cases that occurred last year indicates that identity thieves are prone to using year-old information to collect refunds.

Protect your privacy

Update privacy settings on your social media pages, mobile apps and web browsers to protect against identity theft and manage your online reputation. Be sure to continually check your privacy settings, as privacy rules tend to change frequently online.

Turn on two-factor authentication

When offered, turn on two-factor authentication services for an extra layer of security. You can already do so for popular sites like Gmail, Twitter, Apple, and Dropbox.

Which of these do you plan to adopt? What other simple security resolutions have you made for the new year? As always, let us know on Twitter and Facebook.

September Recap: It All Comes Down To This

By | October 2nd, 2013|Uncategorized|

With summer officially over, September found us keeping our noses to the grindstone here at CSID. A large portion of September was spent thinking and talking about online reputation management as we prepped for our quarterly CSID cyberSAFE webinar. It all came down to September 24th, when we hosted the webinar with three very cool panelists (more on that below). But it wasn’t all about work and webinars in September. We also made time for a little fun. Take a look at what we were up to this September:

cyberSAFE Webinar Series: Online Reputation Management

On the 24th we held a cyberSAFE webinar on “Managing Online Reputation.” We enjoyed the enthusiastic discussion among our panelists: Parry Aftab from Wired Safety, HR consultant and writer Jessica Miller-Merrell, professor of law at Washington University St. Louis Neil Richards, and CSID’s own Bryan Hjelm, VP of Product and Marketing. Read a recap of the webinar discussion or watch it anytime on-demand.

Stemming from that webinar – we also released a corresponding whitepaper and infographic on the topic. Check it out on our blog and feel free to share!

Hosted #cyberSAFEchat with Security Today Magazine

Prior to our webinar, we got together with Ginger Hill, a reporter with Security Today Magazine, to host a Twitter chat about online reputation management. Joined by other industry experts, we discussed how employees’ personal social media use can impact their employers’ businesses reputation and security. Find great tips and takeaways from this chat in our recap.

More from Joe Ross on Huffington Post

CSID President Joe Ross contributed another piece to the Huffington Post: “How to Prevent Child Identity Theft Part Two: What Businesses Can Do.” Take a look and let us know if you have additional tips to share.

Cookie picHosted Austin Technology Council Happy Hour

Our Austin office hosted this month’s Austin Technology Council (ATC) happy hour, catered by our favorite food truck in the city, Valentino’s, and complete with CSID-branded cookies. We enjoyed conversations from the ATC, CSID president Joe Ross, as well as a particularly engaging talk about cybersecurity from our Chief Innovation Officer Adam Tyler. It was great to see so many new and familiar faces. Thanks for joining us!

What We’re Looking Forward to in October – National Cyber Security Awareness Month

October is the 10th annual National Cyber Security Awareness Month (NCSAM) and we’re pumped to be a part of it! Join us on Facebook, Twitter or LinkedIn for daily security tips and other NCSAM related posts. We’ll also be co-hosting an official NCSAM Twitter chat on October 24th about cybercrime with STOP.THINK.CONNECT. and other industry experts. What are you doing for NCSAM?

Load More Posts