Memorial Day Bargain or Scam? Tips for Secure Online Shopping

By | May 27th, 2016|Identity Protection, Malware and Scams|

CSIDNational holidays are a time to get together with family, enjoy some time off, and relax. Unfortunately, they’re also a gold mine for cyber criminals. With Memorial Day almost upon us, retailers are promoting their special offers for the holiday weekend. To keep your online shopping deals from turning into a hacker’s opportunity to steal, here are some security best practices to keep top-of-mind:

  • Update your devices. Any device you use for shopping should have the latest security software, operating systems, programs, and applications. Just as you update your computer, make sure to do the same for your tablet, smartphone, or any other device you use to make purchases. In addition, avoid shopping on any device while connected through public Wi-Fi or unsecured networks.
  • Know your merchant. When making online transactions, make sure you’re dealing with a reputable site and take a careful look at the website’s URL. A good indicator that the retailer is legitimate and has a secure payment portal is if your web browser’s address bar displays a closed, green padlock.
  • Be aware of phishing scams. Email phishing scams are always a threat, but be especially wary during peak shopping seasons. Be aware of any misspellings in communications and “too good to be true” deals from a retailer. When in doubt, just go to the site directly by typing in the URL to your browser. Make sure to delete any suspicious emails and mark them as “spam.”
  • Protect your personal and financial information. Be aware of the information that is being collected to complete your purchase. Only fill out what is required and understand the merchant’s privacy policy – know how your information will be stored and used for current and future purchases.
  • Keep track of payments. Keep records of your online transactions and monitor your bank and credit card statements to make sure there are no fraudulent purchases. Credit cards are often the best option for online purchases because if there is any suspicion of fraud, your creditor can investigate and remove the charge if it is indeed fraudulent.

For more online security tips, be sure to follow us on Facebook and Twitter. Stay safe out there and have a great long weekend.

Keeping Kids Safe From Identity Theft

By | December 7th, 2015|Identity Protection|

Child ID TheftIt’s something you may not think about very often—your child’s personally identifiable information being used for identity theft. Most children’s Social Security number (SSN) and personal information remain unused until they turn 18, leaving years for identity thieves to cause serious damage.

It’s common for parents to use a child’s SSN for routine activities, like registering for school or in doctor’s offices. However, many parents don’t think about checking if their child has a line of credit associated with their SSN. The reality is that youths under the age of 18 are a staggering 51 times more likely to have their identities stolen than adults. Victims of child identity theft face many difficulties as a result, like complications applying for college, opening savings accounts, or obtaining credit cards.

Fortunately, there are a number of precautions to help protect both you and your children from identity theft.

Educate and Communicate
Kids are tethered to the Internet through games, apps, and devices. This increases their risk of sharing sensitive information. Take the time to teach your children the the do’s and don’ts of being online. Check out our guest blog post from Anne Livingston on tips to prevent child identity theft, and the 5 pieces of information kids should not share online.

Creating and maintaining this conversation will ideally open up a dialogue and allow your children to feel comfortable talking to you about other online topics, like the latest viral video or more serious issues like cyberbullying.

Check Your Child’s Credit Report
The Federal Trade Commission recommends proactively checking a youth’s credit report around their 16th birthday. Should a credit report with fraudulent charges exist, you’ll have time to correct any errors well before your child needs to rent an apartment or apply for a job or loan.

Stay Up to Date on the Latest Technology
Take advantage of an identity monitoring service that includes Child Protection. These services monitor your child’s SSN and personal information, and alert you to any suspicious activity.

Don’t stop there! Familiarize yourself with your children’s gadgets. Computers, tablets, gaming consoles, and other handheld devices can all collect personal information. A hot new game or app may be revealing more of your child’s personal information than you’d like.

Be Cautious
Ask questions anytime your child’s personal information is requested: what will it be used for, why is it needed and how will it be guarded? For instance, few organizations such as motor vehicle, tax and welfare departments have the right to require your SSN. Be cautious before giving out your child’s personal information, and your own.

By following these simple tips, you can play an active role in ensuring the security of your child’s identity. Stay tuned for more security tips and the latest in industry news by following us on Facebook, LinkedIn and Twitter.

Industry News Recap: Secure Holiday Shopping

By | November 5th, 2015|Industry News|

SecurityThis year, the holiday shopping season began the moment Halloween came to an end. As shopping picks up, both online and off, it’s important to keep the safety of your personal information in mind. Here’s a quick recap of recent news stories and some helpful tips to keep you safe and secure:

The Basics: Safe Shopping 101
According to We Live Security, online retail markets in China, the UK and the US will increase to almost a billion dollars within the next three years. With numbers this large, more cyber criminals will inevitably look to the growing number of e-commerce shoppers.

To stay secure, the same online best practices apply during the holiday season as the rest of the year. You should always opt for secured Wi-Fi networks, especially when making online transactions. If there is no secured Wi-Fi network available, consider using a Virtual Private Network (VPN) while you shop. Lastly, always look for the green padlock symbol in your URL box to ensure the site you are shopping on is secure.

We Live Security also recommends sticking to well known e-commerce brands with reputations for robust security measures. This is a great measure because, “fraudsters often create fake and professional looking websites to lure in unsuspecting victims. Their efforts can be quite remarkable.” High-quality phishing sites, for example, have a 45 percent success rate at mining user data.

Did You Know? Chip Credit Cards Provide Added POS Security
Chip credit cards are having their widespread US debut this holiday shopping season. NerdWallet points to some of the added security features of these cards, reporting that, “EMV chips generate a new code for every transaction. Because the codes won’t work more than once, data from an EMV transaction is essentially worthless to a fraudster. EMV cards are also much harder to duplicate than cards that have all the data stored on a magnetic stripe.”

Chase and Target are two major companies that are switching entirely to chip cards, according to USA Today. However, consumers should remember the benefits of the chip system do not extend to online shopping. They should also be alert for fraud during this period of transition, according to Money. Cyber criminals have apparently been posing as credit card companies, sending fraudulent emails to consumers in order to gain personal information.

Porch Pirates (Online and Off)
A last consideration for your holiday season: thieves taking packages from your doorstep while you are away from home. Local news sources around the country have been reporting an uptick in this type of crime, and a large “porch pirate” ring was recently busted in Los Angeles.

While this is largely a low-tech crime, porch pirates can also surprisingly take the shape of cyber criminals. WKYC reports that, “A more sophisticated porch pirate might send you an SMS message or email with malware. That would let them gain access to your computer or smartphone, and they could install a RAT (Remote Access Trojan). Then they can eavesdrop on your orders and deliveries.”

Having your packages shipped to your work or to a friend, or using a service like Doorman, is the easiest way to combat this crime in its offline form. Otherwise, stay alert for suspicious emails and disable GPS services on your phone when not in use.

For the latest in cyber security news, check out CSID on FacebookTwitter or LinkedIn!

News Recap: Cyber Information Sharing Act Moves Past Senate

By | July 11th, 2014|Uncategorized|

SenateThis week, the Senate Select Committee on Intelligence approved the Cyber Information Sharing Act (CISA). While some consider this bill to be a big step towards improving cyber security, others find it controversial.

Gregory McNeal of Forbes explains, “the bill is intended to help companies and the government thwart hackers and other cyber-intrusions. The bill passed by a 12-3 vote, moving it one step closer to a floor debate.” While it was passed with a fairly significant margin, McNeal reports, “Lawmakers have been struggling for years to move cybersecurity legislation. Civil liberties advocates have opposed CISA, arguing that it fails to adequately shield Americans’ privacy. Proponents of the bill say it will help stop attacks by encouraging data-sharing between businesses and the government. The bill achieves data-sharing by protecting businesses from lawsuits if they voluntarily disclose cyberthreat details for the purpose of assisting government or industry partners.”

Russell Brandom of The Verge reports the aim of the bill is to require businesses and government to share information on potential “cyber threat indicators.” Brandom continues by explaining, “Once a company makes a report to the government with information about a threat indicator, CISA would require broad sharing across federal agencies, including with the NSA, which would be given a more central role in threat management under the new scheme. Companies would also be encouraged to monitor their networks to gather more information about the threat.”

Will this legislation be effective in preventing cyber attacks? Should the consumer privacy be a more important part of the legislation? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

For more information on the legislation read, The Latest on Cyber Security Legislation.

News Recap: eBay Gets Hacked and Facebook Updates Privacy Settings

By | May 23rd, 2014|Uncategorized|

eBay_Facebook blogThis week, online security has seen both ups and downs in the headlines. Online auction website, eBay, sent out a news release announcing that user passwords and personal information had been compromised by a cyber attack. On the other side of the coin, Facebook announced that in it’s latest round of updates, it has changed its default post settings to protect users from oversharing personal information.

Gordon Kelly of Forbes reports on the eBay attack saying, “the origin of the breach comes from hackers compromising a small number of employee log-in credentials, which gave access to eBay’s corporate network. eBay says it is working with law enforcement and leading security experts to aggressively investigate the matter.” eBay has asked its users to protect themselves by changing their password information.

Tony Bradley of PCWorld worries that the eBay breach will result in social engineering schemes and cautions readers to be on alert to potential danger from malicious actors attempting to take advantage of the situation through phishing schemes. Bradley comments, “The attackers can use information like your phone number, email address, and mailing address for targeted phishing campaigns… You can’t trust any emails or phone calls you receive. You can’t even trust snail mail. Any communication you receive should be treated with skepticism, and you should contact the company in question yourself to make sure it’s legitimate.”

Josh Constine of TechCrunch reports on the latest Facebook updates, saying, “After years of putting new users at risk of oversharing by defaulting the visibility of their status updates and photos to public, Facebook is switching the default to ‘friends’. Constine comments that this change will hopefully help protect users from accidentally oversharing information that would put them at risk online.

Vindu Goel of the New York Times also explores the latest Facebook update, which includes a feature to make sure users are properly updating their privacy settings. Goel writes, “the service will walk users through the privacy settings for their status updates, remind them of the applications that have permission to use their Facebook data, and review the privacy settings for some of the most private information on their profiles, such as their hometown, employer, email address, phone number and birth date.” Goel quotes Mark Zuckerberg on the matter saying, “what we really want is to enable people to share what they want.”

Will a simple password change be enough to protect eBay users or should alternative measures be taken? Will the latest round of Facebook updates improve online security and privacy? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Retailers Will Share Data To Battle Cybercrime

By | May 16th, 2014|Uncategorized|

CyberCrimeSharingThis week, The Retail Industry Leaders Association (RILA) announced the launch of an intelligence center where retailers can exchange information about data breaches and threats to help protect against cybercrimes.

According to the Associated Press, RILA’s president Sandy Kennedy said that retailers have a common goal: to protect their business against cyber threats.

“It’s really in everyone’s interest, every retailer’s interest, to protect information against cybercrime,” Kennedy said. “Criminals are getting more and more sophisticated. We’re looking at how we can deal with this long term.”

The New York Times and ZDNet reports that participating retailers include American Eagle Outfitters, Gap, J.C. Penny, Lowe’s, Safeway, VF Corporation, Walgreens, Nike, Lowe’s and Target, “which was hit with a large data breach at the height of last year’s holiday shopping season.”

ZDNet’s Natalie Gagliordi said the center will allow retailers to share threat information with one another, as well as “anonymized information” with the government through a cyber analyst and technician at the National Cyber Forensics and Training Alliance.

“The technicians and analysts are on the lookout for real-time cyber threats such as new strains of malware, activity on underground forums and potential software vulnerabilities, which they say can be translated into actionable insights,” Gagliordi writes.

Will this center help retailers protect against future cyber threats? What do you think about retailers banding together to fight cyber crime? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Covert Redirect Vulnerability

By | May 8th, 2014|Uncategorized|

Social FlawLate last week, it was reported that a flaw in an online security technology could likely expose social media users personal information to malicious actors.

Jodi Mardesich of ReadWrite, comments, “It’s not the next Heartbleed, but a security flaw in social-login services gives you one more thing to watch out for in apps and on the Web.” Mardesich explains the issue by saying, “the vulnerability stems from a flaw in OAuth 2.0 and OpenID technology that lets you use your login from Facebook, Google, or Amazon (among others) to access other sites and services. Because of the flaw, an attacker can trick a user into thinking he or she is signing in via Facebook or Google and then redirect them to a malicious website. From there, depending on the level of access granted, it can expose your personal information, your contacts, your friends list, or in the case of Google Apps, stored data.” These different social logins offer connectivity to various services quickly and conveniently, but this shortcut in security comes with a price.

While this vulnerability exposes the potential actions of a malicious actor, it also sheds light on the security weaknesses in development and integration with social media sites. Mardesich expands on these weaknesses with this example: “Facebook, for instance, recommends developers use a whitelist that would effectively close the OAuth loophole by limiting redirections to safe and secure URLs. But Facebook doesn’t require a whitelist, and as a result, many developers don’t use one.”

What actions do social media sites need to take to improve security in development and prevent issues like this vulnerability? What precautions should individuals take to ensure the security of their information? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: The White House’s Cybersecurity Secrets

By | May 2nd, 2014|Uncategorized|

White HouseThis week, the White House joined the conversation about the current state of cybersecurity when it shared its policies on alerting the public to threats and vulnerabilities.

According to David Sanger of The New York Times the discussion started when Michael Daniel, White House cybersecurity coordinator, published a post to the White House blog discussing the process for making cybersecurity flaws public knowledge. Sanger writes, “The Heartbleed incident had cast a light on a balancing test the White House has until now declined to discuss in any detail: When should the government reveal flaws that it discovers.”

The Verge’s Jacob Kastrenakes sheds light on the purpose of withholding the news from the public with this quote from Daniel: “Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack, stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks.”

Dara Kerr of CNET comments on the government policy saying, “Several government agencies have put together a set of principles they use when deciding whether to disclose vulnerabilities. If the government does decide to keep a security flaw secret, it goes through a series of questions about why it made that decision, including the possible risk, exploitability, and reach of the bug.”

Jon Fingas of Engadget lends perspective to any critics of the NSA’s policies with an additional comment from the White House on the matter; “The White House… has a vested interest in speaking up when possible; it suffers like everyone else if critical infrastructure goes down, after all. It’s at least clear from the statements that the government doesn’t make its choices lightly.”

Is the government doing the right thing by keeping cybersecurity flaws a secret? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Interactive Cyberthreat Map by the Kaspersky Lab

By | April 11th, 2014|Uncategorized|

MapWhile many dedicate their careers to spreading the word about cyber security, this week’s news about the Heartbleed vulnerability has put cyber security in the spotlight, giving the world a new found perspective on just how susceptible the Internet can be.

Farhad Manjoo of The New York Times said “the bug known as Heartbleed… is a stark reminder that the Internet is still in its youth, and vulnerable to all sorts of unseen dangers, including simple human error.” He compares the technology industry with other industries that saw rapid growth, but remarks that the tech industry is ultimately unique and will require additional efforts beyond regulation and industry-wide cooperation. Computer security expert at Princeton University Edward Felten believes that “Heartbleed is further evidence that we don’t have our house in order when it comes to Internet security.”

Help Net Security further discussed the global threat by sharing an interactive map released by the Kaspersky Lab. The interactive cyberthreat map visualizes cyber security incidents occurring worldwide in real time. Help Net Security showed how the map detects and monitors a variety of malicious objects across the web, and comments, “In today’s world of cyberthreats, it only takes a few minutes to spread new malicious applications or spam.”

CNET’s Leslie Katz explained how the interactive map works:

“You spin the 3D globe using a mouse and zoom in or out with a scroll wheel. Click on a country, and you’ll see the number and type of threats detected there since 12 a.m. GMT and the position that nation holds on the world’s “most-infected” list… Different types of threats tracked by the Kaspersky Antivirus and Internet Security Multi Device software shoot around the map like colored lasers. Viruses found in email appear as orange, for example, and yellow represents malicious executable files.”

Does this interactive map help consumers visualize how fast threats move across the globe? How can businesses use this interactive map for security purposes? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

News Recap: Adding Social Verification to the Multifactor Authentication Mix

By | February 24th, 2014|Uncategorized|

Social VerificationMultifactor authentication is nothing new. In fact, “secret questions” to reset passwords or verify your identity have been around for a long time. However, social networking has made it easier than ever for cyber criminals to find personal information often used to answer “secret questions,” such as a mother’s maiden name, a favorite pet or a school mascot. Using social engineering tactics, cyber criminals can access personal data of even the most private person. Social verification is a new tactic that businesses are starting to use that makes it more difficult for cyber criminals to false authenticate a login.

Mashable’s Rebecca Hiscott reports that “Facebook is already employing a form of this social verification: When you log in to the platform from an unknown computer, the site will ask you to identify the names and faces of several of your friends. That kind of data is much more secure than your mother’s maiden name; it would be difficult for a hacker half a world away to determine this information in the space of a few minutes.”

There are other forms of multifactor authentication that are coming to market. Biometrics is one example and uses something a person is such as voice or a fingerprint as a second form of authentication. CSID provides VoiceVerified, a patent-protected voice biometrics technology to authenticate individuals. Geo-fencing is another. Hiscott mentions LaunchKey, an authentication software with authentication factors including “the ability to pair devices together — for example, making it impossible to log in to your work computer without also having your mobile phone nearby — and geo-fencing, which entails setting a geographical radius for logins. None of these relies on personal data beyond an individual’s location.”

Many businesses are getting on board with multifactor authentication, making it more widely accepted and adopted. Microsoft Office recently rolled out multifactor authentication to Office 365 business users, PC World John Ribeiro reported. The future of biometrics includes incorporating these “invisible” identifiers, like geolocation awareness or even the cadence with which you type. The more hassle-free it is for consumers to use and the harder it is for cyber criminals to guess or fake, the more widely adopted multifactor authentication will become, therefore making our digital world a safer place.

What do you think about multifactor authentication? Does your business employ two-factor authentication? On personal accounts, have you opted into multifactor authentication? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.


Load More Posts