Cyber Monday Shopping Tips

By | November 28th, 2014|Uncategorized|

Cyber MondayCyber Monday’s coming up – fast. Shoppers may be feeling a little antsy because of the major retailer breaches that have occurred over the past year, especially the Target breach that happened right around this busy time last year. We’re determined to see a breach-free shopping season this winter, so here are a few suggestions to take into consideration as you gear up for Monday’s online shopping extravaganza.

Purchase on a safe network
Planning on doing some online shopping on Cyber Monday? Avoid making purchases on public Wi-Fi – like in a coffee shop – and stick to making purchases while you are at home on a secure network. Public Wi-Fi hot spots are susceptible to man-in-the-middle attacks that allow cyber criminals to intercept your personal and credit information when you are making an online purchase.

Look out for phishing attempts
Cyber criminals will be using email phishing scams, enticing consumers with hot holiday deals to get them to click on an insecure URL. Look up store deals by going directly to the website of that business.

Don’t store credit card information
Many websites will want you to store credit card information for an easy, one-click purchase experience. While it sounds convenient, storing your credit card also create unnecessary risk. If you lose your mobile device or if an online account is compromised, cyber criminals will have easy access to the stored credit card information. To take this a step further, consider encouraging your favorite shopping sites to store their data in dedicated servers, as these servers can help prevent cyber criminals from gaining access to any credit card information. 

Reset passwords
Reset passwords for high value accounts like email, social media and banking accounts after Cyber Monday. Use unique, long and strong password combinations. This will help ensure that even if there is a breach, these high value accounts will remain safe.

Use reputable retail sites to shop
Look for HTTPS in the URL to make sure the site is safe while you’re shopping. Stick to retailers you know are reputable, have good return policies and are secure.

Use a credit card for online purchases
It’s much more difficult to recover money lost due to fraudulent purchases on debit cards compared to credit cards. Use a credit card in preparation for the worst-case scenario – a retail breach.

Any additional security best practices you plan on using this Cyber Monday? Let us know your thoughts on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Content Theft and Identity Theft Go Hand in Hand

By | September 9th, 2014|Uncategorized|

online_gamingThis guest blog post is a part of our cyberSAFE blog series focusing on back-to-school security, privacy and identity topics. It comes to us from Tom Galvin, Executive Director of Digital Citizens Alliance. Tom is based in Washington, DC and has been active in Internet security and safety issues for over a decade. He is focused on bringing a voice to consumers, including those who have been victimized online. By putting a face on the victims of online crime, Digital Citizens will serve our fellow citizens and issue a wake-up call to policymakers and Internet companies that they must do more to protect us.

Children today are engaging with a vast amount of digital content. The average child spends around 7.5 hours a day consuming some form of media—a lot of it through the Internet. While children may be tech-savvy, they don’t always understand the implications of downloading an illegal game, song, TV show, or movie—and what those actions can mean for their personal online safety.

It should come as no surprise that a significant percentage of the content children encounter online is stolen content—music, movies, and games that are provided for “free” because the sites hosting them have misappropriated them. Criminals rake in hundreds of millions of dollars a year through advertising and subscription fees for content they don’t own. In fact, that’s a topic Digital Citizens has explored at length in our study, Good Money Gone Bad.

Children may or may not realize that downloading this content is illegal, and certainly more education is needed to help children behave ethically and morally online. Beyond the issue of whether downloading stolen content is ethically wrong, it also exposes children to significant risks. Those “free” games or songs can end up costing children and their parents a lot, including their identities.

A good rule of thumb for anyone to follow is that there’s no such thing as “free” on the Internet. Downloading stolen content exposes an Internet user and his or her entire family to malware and spyware that puts personal information at risk, gives hackers access to private content, and enables identity thieves to steal your life.

According to a recent survey, identity theft among children is on the rise. One out of every 40 households with kids 18 or under has experienced “at least one child’s personal data compromised by identity thieves.” Sadly, most of the time identity theft among children isn’t even discovered until years later, when the child becomes old enough to apply for a bank account, student loan, or credit card. By then, the damage done can be extraordinary.

Children are especially vulnerable to identity theft because their identities are essentially clean slates. They have Social Security numbers with no credit histories, making them perfect targets for online criminals who can use their Social Security information to open fraudulent bank accounts, new lines of credit, or even mortgages and loans.

Most of us would never condone a child walking into a local store and stealing a CD, DVD, or video game, but when they download illegal content, that’s essentially what they’re doing. The only real difference is that stealing a DVD from the local Best Buy isn’t likely to lead to weeks or years of frustration and expenses trying to reclaim a stolen identity.

In today’s digital world, it’s not just about teaching our children right and wrong when it comes to content theft, as important as that is. It’s also about helping them understand how downloading supposedly free movies, music, or games can put their online safety and their identities at risk. Today’s children need to know how their actions online can impact their entire life offline, and that means their parents need to know as well.

For more information, visit the FTC’s guide to Child Identity Theft.

Talking with Kids about Online Privacy Settings

By | August 26th, 2014|Uncategorized|

Backtoschool_082514This guest blog post is a part of our cyberSAFE blog series focusing on back-to-school security, privacy and identity topics. It comes from Anne Livingston, the founder of Kids Privacy, which provides parents with information and resources to teach kids to share smart and stay safe online. This fall, she is publishing her first book – Talking Digital: Tips and Scripts for Parents Raising Kids in a Digital World.

When I download a new app, I like to figure it all out first. I take my time, look through settings, and read reviews. My kids have a different approach. They just dive in. Often, this means moving as rapidly as they can, ignoring the settings to get to the fun part. But taking time to explore the settings is a critical piece to protecting privacy.

In the past, teens were able to rely on privacy through obscurity. With so much information online, most communications were lost in a sea of content. Technology is developing faster and better ways to search. Now, people can look for things online via an image or location. These public photos and posts are becoming easier to find. This visibility can lead to unintended audiences

Parents should talk with their kids and teens about the importance of limiting information. Most teens are looking to hang out online with their friends and classmates. By utilizing privacy settings, they can make sure they are sharing with their friends and not the entire world. Fortunately, most apps have some privacy protections. Below is a quick overview of the privacy options for some of the most popular apps for teens.

Twitter, Vine & Instagram allow users to set up private accounts. With a private or protected account, only subscribers approved by your teen can see their posts and pictures. Teens should remember that even with a private account, their profile photo and profile information is still public.

Tumblr also has private accounts but users must first set up one public profile. After that, they can create as many private accounts as they wish.

Facebook does not have private accounts but allows users to select a different audience for each post. Users can choose to share a picture or post with the appropriate audience for that content. Teens should remember the default audience is the same as the audience they selected on their previous post.

YouTube is a popular video-sharing site where teens can create a channel and post videos. YouTube does not have private channels anymore. By default, all videos are public. Teens can change an individual video’s setting to be private or unlisted, and private videos can only be viewed by selected users, while unlisted videos can only be seen by people who have the video link.

Snapchat doesn’t have privacy settings but attempts to protect privacy by allowing teens to share a photo that disappears after a set amount of time. The recipient can only see the photo for a limited time before it vanishes. Snapchat also notifies the user if the recipient takes a screenshot, but teens should note that the screenshot can be easily shared with the public.

Even when kids set everything up correctly, information can still leak out. A picture shared between friends on Snapchat can be screenshotted and posted on to Twitter or Instagram. The bottom line is that kids never know who is going to see it. Even with privacy settings, they need to be smart about what they share. If they would not wear it on a t-shirt, they should not post it. This goes for sharing pictures of their friends as well. Protecting privacy requires all of us to be good friends both online and offline.

For more information about privacy settings, check out KidsPrivacy’s detailed reviews of popular apps and social networks.

News Recap: Feb. 1 is National Change Your Password Day

By | January 31st, 2014|Uncategorized|

PWWith the recent release of 2013’s worst passwords, there has been a good deal of discussion about the importance of good password habits. And what better time for this discussion than now, considering National Change Your Password Day is this Saturday, February 1st.

SpiceWorks’ Peter Tsai discusses password protection, the dangers that poor password security presents from an IT perspective, and what to do on the upcoming National Change your Password Day. Ultimately, Tsai encourages readers to take advantage of the holiday with following tips:

  1. Enforce a strong password policy
  2. Don’t store your passwords out in the open!
  3. Implement 2 factor authentication in your IT environment
  4. Enable 2 factor authentication on your personal accounts
  5. Consider using password management software
  6. Password protect and secure your mobile devices
  7. Consider a MDM solution for BYOD devices that have access to your network

We found in a survey last year that poor password habits are rampant: 44 percent of consumers change their passwords only once a year or less, and 61 percent of people reuse passwords across multiple websites. So in addition to Tsai’s tips, we also encourage you to take a few minutes on Change Your Password Day to make sure your own passwords – personal and professional – are long and strong, and vary across websites! For more about how to spruce up your passwords and the importance of password security, see our white paper and infographic on the topic.

How are you going to participate in National Change Your Password Day? What are your go-to tips for maintaining secure password habits, personally or in the workplace? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

November Recap: Holiday Tips, New Video and More

By | December 2nd, 2013|Uncategorized|

Now that holiday season is in full swing and 2013 is coming to a close, we’re spending these last few months reviewing our successes and being proactive – preparing for another great year ahead. And beyond that, we’re continuing to develop new technologies, share our expertise and get out in the community. Take a closer look at what we were up to in November, and see what we have in store for December.

Holiday Season Brings Increased Security Risks

We spent much of November educating individuals and businesses about the security risks that come during the holidays, especially when it comes to holiday travel and online holiday shopping. Does your business have an online store? Here are our top 6 tips to prepare your online shop for a busy – and secure – holiday season. Look for more holiday tips and discussions throughout the month of December.

Introducing: ETI

Over the course of the year we’ve been rolling out a new enterprise product, Enterprise Threat Intelligence (ETI). And this month, we’re excited to finally showcase ETI in a new animated video! Watch the short video to see what ETI is all about. What do you think?

November RecapTexas Conference for Women

We find that boosts of inspiration are valuable and motivating. A group from CSID’s Austin HQ got that boost at the Texas Conference for Women, where we were not only inspired, but also moved by all the support for women entrepreneurs and women in technology. We were honored to be in a room among such smart, creative and powerful minds.

More from Joe Ross in the Huffington Post

CSID President Joe Ross contributed another blog post to his column in the Huffington Post: “Understanding Identity Theft.” Follow Joe’s column and let us know if you have additional tips to share or questions you’d like him to answer.

CSID does Thanksgivukkuh

Each year our Austin office hosts a Thanksgiving potluck, and this year was no exception (with the addition of Hanukkah). From pumpkin pies to green bean casseroles, we are still recovering from the food coma.

What We’re Looking Forward to in December

December should be a good one. We’re expecting another proactive yet busy month, as we’ll be educating others about keeping security up during the holidays, reviewing our efforts in 2013 and preparing for a productive new year. Join us on Facebook, Twitter or LinkedIn for more updates.

‘Tis the Season: Secure Your Business’ Online Shop

By | November 14th, 2013|Uncategorized|

‘Tis the Season: Secure Your Business’ Online Shopholiday blog pic

Holiday season is just around the corner. Most people are aware that online holiday shopping opens up a number of security risks for consumers, and last year we outlined security tips for the online shopper during holiday seasons – but this year? Let’s tackle the issue from the business side.

Businesses with online shops are surely looking forward to the season, especially Cyber Monday, the Monday after Thanksgiving, during which they’ll likely see a huge boost in sales and popularity among their shoppers. But what about the security risks that come with managing an online shop? Consider these tips to keep your business – and your shoppers – secure this holiday season.

Keep your machines clean

Make sure your employees’ devices are using up-to-date software and are running the latest anti-virus technologies. Keeping your machines clean and running smoothly will help defend against internal viruses and malware.

Train everyone in security and privacy basics

Education is key. Teach your employees about the basics in security and privacy, including what types of customer information should be kept confidential. Also check that they are practicing best security practices internally, such as keeping strong passwords.

Create user accounts for each customer

Require that customers create individual user accounts. This will help you keep their information organized and secure on an internal level, while also adding an extra layer of security on the user’s side of the online shopping experience.

Encourage strong passwords

For these user accounts, require that your customers use strong passwords. Passwords should be long and feature a mix of letters, numbers and symbols. Ask that customers change their passwords at least on an annual basis.

Protect sensitive customer information

One of the most important tips in this list – protect your customers’ sensitive information. This includes their account credentials, their credit card information, their mailing address and any other information you acquire from them. Ensure that this information is all encrypted, or better yet, don’t house it internally at all. There are many trusted third party services to help manage such data.

Secure your site and provide advice for shoppers

Work with your IT team to secure your website – it should say HTTPS in front of the URL. Also consider reminding shoppers to confirm that they are using a secure Internet network prior to inputting any credit card information.

Are you prepared to run a secure online shop this holiday season? Do you have any tips to add? Let us know what you think! As always, join the conversation on Twitter and Facebook.

U.S. Cyber Security By The Numbers

By | October 30th, 2013|Uncategorized|

IBM recently published the 2013 IBM Cyber Security Intelligence Index, a report detailing the global threat landscape across 3,700 IBM clients in 130 countries. The report analyzed the most affected industries and the most comment types of attacks, motivation behind attacks, how human error comes into play and suggestions on how to create a strong cyber security defense. The findings? Cyber threats are increasingly becoming more opportunistic as human fallibility creates vulnerabilities within an organization.

Affected Industries

To get a better understanding of who and what cyber criminals are targeting, researchers took a look at the industries that were most affected. The manufacturing and finance/insurance industries took the lead, accounting for nearly 50 percent of all security incidences. Researchers were not surprised to find that these industries were the most affected, but their interest piqued when seeing a rising number of cyber attacks focused on sabotage compared to the number of espionage cases within these industries. The report shows that attacks are often “aimed at causing physical damage, disruption and safety issues – rather than accessing information.” Why? Because vulnerabilities within organizations often leave attackers with opportunities to cause damage.

The depth of human error

More than 49 percent of the attackers surveyed claimed that existing vulnerabilities or weaknesses were their main motivator to attack in the first place. Having strong defenses in place can be a major deterrent to a cyber attack. However, human fallibility can greatly attribute to a company’s vulnerabilities. According to IBM’s report, humans can account for roughly 80 percent of company breaches.

Reduce vulnerabilities and build awareness

In order to reduce vulnerabilities within a company’s cyber security, IBM provides 10 ways to better protect against cyber attacks. Here are a few recommendations from CSID:

  1. Continue to educate your employees on cyber security risks. Keep employees aware of the types of risks they should look out for and have an open door policy for employees to contact your IT team. Here is a list of the top 10 internet and email scams of 2013 for employees to be aware of.
  2. Build and enforce a strong social media policy. The blurred lines between personal and professional social media use can serve as a weak link in a business’s armor of defense. We recently held a reputation management webinar on this topic – see what our expert panelists suggest when it comes to employee social media use.
  3. Encourage strong passwords and require employees to change them frequently. Employees should never use the same passwords for work and personal use.

Are you surprised at these report findings? How can businesses reduce the amount of human error in cyber security? Let us know what you think on Twitter, Facebook and be sure to check our Tumblr for daily news updates.


Cyber security by the numbers

October is National Cyber Security Awareness Month – And We’re Participating!

By | October 16th, 2013|Uncategorized|

National Cyber Security Awareness Month (NCSAM) brings our industry together for a common cause– to build awareness about cyber security and provide people with the tools they need to protect themselves from risk. It is an important topic for businesses and consumers alike.

To honor NCSAM, we’re teaming up with STOP. THINK. CONNECT. and a number of other industry experts for an official NCSAM Twitter chat on cybercrime. Join us October 24 at 3 PM EST to talk about how online activities increase risk for identity theft, fraud and abuse by following and tweeting with the hashtag #ChatSTC. We will be sharing our expertise and listening to your questions, concerns and comments about cybercrime.

What: Cybercrime Twitter Chat for NCSAM

Hashtag: #ChatSTC

When: Thursday, October 24 at 2 PM CT/3 PM EST

Guests: CSID (@CSIdentity), ESET (@ESET), Visa (@VisaSecurity), AT&T (@ATTBusiness), Federal Trade Commission (@FTC), STOP. THINK. CONNECT. (@STOPTHNKCONNECT), U.S. Department of Homeland Security (@cyber), National Cyber Security Alliance (@StaySafeOnline)

More info: https://stopthinkconnect.org/get-involved/twitter-chats/

What are you—as a business or individual—doing to honor NCSAM? We’d be happy to get involved with your venture. Let us know on Facebook or Twitter, and be sure to join in NCSAM conversations on social media using the hashtag #NCSAM.

In addition to our participation in the Twitter chat, we’ve become an official NCSAM Champion and have been active with NCSAM conversations on social media, posting daily security tips, including:

1

2

3

4

Taking Measures Against Affordable Care Act Scams

By | October 2nd, 2013|Uncategorized|

This guest post comes from Michael Cahill, editor of the Vista Health Solutions Blog. He writes about the health care system, the health insurance industry and the Affordable Care Act.

For many American families, the Affordable Care Act (ACA) is going to make health insurance costs that much better. However, stories of scammers have made many people worried that they will be on the receiving end of a health care con. This does not have to be you. By putting the following information into action you can be sure that you won’t be a sitting duck for cyber criminals.

#1: Knowing Is The Best Defense

The ACA may seem like an intimidating piece of legislature, but the basics are not too hard to get a grasp of. Realize what your options are inside and outside of the marketplace, and understand how the ACA is affecting Medicaid, employers and individuals. The government has provided a lot of great resources for learning about the new law. The Department of Health & Human Services has a good primer here, and healthcare.gov has a ton of information. For those feeling ambitious, you can read the bill itself at the first link.

#2: Stay Skeptical

One of the most common scams is people pretending to be government workers. In short, if they ask for information that they should know or that they don’t need, they are probably scammers. When it comes to sensitive personal information, government workers know what they need to know, and that certainly doesn’t include your bank account number. The navigators working for the government are there to help you understand the new system and choose the plan that is right for you, not to sell you a plan.

#3: Don’t Be An Easy Target

You might think that stealing your online identity requires someone to have a great deal of finesse and skill. In fact, it isn’t that complicated. A lot of sites use secret questions to make password recovery more secure. However, secret questions that ask for things like your father’s middle name or your mother’s maiden name can likely be answered after someone spends a few minutes on Google. For added security you can try a few things with your secret questions. For one, you can choose questions that don’t have easy to find answers such as your childhood best friend’s first name. Alternatively, you could make up an unrelated answer that functions as another password of sorts. It could even just be a string of random letters and numbers.

#4: Put Your Information To Use

The reality is that you have had a long time to get ready for the ACA’s changes to the healthcare system. If you haven’t sat down and worked out what you are going to do, you still have time. The marketplace will offer many options to choose from. Figure out how much coverage your family will need and how much you are willing to pay.

Before looking at the marketplace’s offerings, you might want to see if you qualify for options like Medicaid. Some states have chosen to accept the federal Medicaid package which will allow thousands more to be covered by the program.

By knowing what is available to you and having an idea of what you are going to choose, you can ignore all the noise from scammers trying to push a “discount health plan” as health insurance.

#5: Realize That The ACA Isn’t Set In Stone

The ACA, like most pieces of legislation, is a long document. The truth is that won’t know what those hundreds of pages really mean until we see the law in action. We can expect to see some modifications happen. When the marketplaces open on October 1st, take note of what is being talked about in the media. Whatever surfaces as a big talking point may just be where you can expect to see some change.

It is no fault of the ACA that scammers are trying to take advantage of it. It is only you who can protect yourself.

Security Insights: Email Security – Internet and Email Scams

By | September 12th, 2013|Uncategorized|

emailEmail and internet scams are just some of the top ways cyber criminals manipulate everyday users to click on a malicious link or visit a hacked website. These scams not only put individuals users at risk, companies are also at risk as these scams often target employees at all types of companies. About.com recently put together a list of the top 10 internet and email scams of 2013 – take a look at the list below as well as tips to protect yourself and your company.

The Top 10 Internet/Email Scams of 2013

1. The Nigerian Scam, Also Known As 419 – Most of you have received an email from a member of Nigerian family with wealth. In every variation, the scammer is promising obscenely large payments for small unskilled tasks. This scam, like most scams, is too good to be true. Yet people still fall for this money transfer con game.

2. Advanced Fees Paid For A Guaranteed Loan Or Credit Card – If you are thinking about applying for a “pre-approved” loan or credit card that charges an up-front fee, ask yourself: “why would a bank do that?” These scams are obvious to people who take time to scrutinize the offer.

3. Lottery Scams – Chances are you will receive at least one intriguing email from someone saying that you did indeed win a huge amount of money. This scam will usually come in the form of a conventional email message. It will inform you that you won millions of dollars and congratulate you repeatedly. The catch: before you can collect your “winnings”, you must pay the “processing” fee of several thousand dollars.

4. Phishing Emails And Phony Web Pages – This is the most widespread Internet and email scam today. “Phishing” is where digital thieves lure you into divulging your password info though convincing emails and web pages. These phishing emails and web pages resemble legitimate credit authorities like Citibank, eBay, or PayPal.

5. Items For Sale Overpayment Scam – This one involves something you might have listed for sale such as a car, truck or some other expensive item. The scammer finds your ad and sends you an email offering to pay much more than your asking price. The reason for overpayment is supposedly related to the international fees to ship the car overseas. In return, you are to send him the car and the cash for the difference. The money order you receive looks real so you deposit it into your account. In a couple of days (or time it takes to clear) your bank informs you the money order was fake and demands you pay that amount back immediately.

6. Employment Search Overpayment Scam – You have posted your resume, with at least some personal data accessible by potential employers, on a legitimate employment site. You receive a job offer to become a “financial representative” of an overseas company you have never even heard of before. You will be paid 5 to 15 percent commission per transaction. If you apply, you will provide the scammer with your personal data, such as bank account information, so you can “get paid”. Instead, you will experience some, or all, of the following: identity theft, money stolen from your account, or may receive fake checks or money orders for payments which you deposit into your account but must send 85–95 percent of that to your “employer”.

7. Disaster Relief Scams – What do 9-11, Tsunami and Katrina have in common? These are all disasters, tragic events where people lose their lives, lose their loved ones, or everything they have. Scammers set up fake charity websites and steal the money donated to the victims of disasters.

8. Travel Scams – You will receive an email with the offer to get amazingly low fares to some exotic destination but you must book it today or the offer expires that evening. If you call, you’ll find out the travel is free but the hotel rates are highly overpriced.

9. “Make Money Fast” Chain Emails – A classic pyramid scheme: you get an email with a list of names, you are asked to send 5 dollars (or so) by mail to the person whose name is at the top of the list, add your own name to the bottom, and forward the updated list to a number of other people. Should you risk to participate, you risk being charged with fraud.

10. Turn Your Computer Into a Money-Making Machine! – You send someone money for instructions on where to go and what to download and install on your computer to turn it into a money-making machine… for spammers.

Read the full article on The Top 10 Internet/Email Scams from About.com.

How to protect yourself and your company

The best way to protect yourself and your company is to stay aware of these types of email and Internet threats and stay educated on how to mitigate them. The following tips are for handling suspicious emails:

  • Pay attention to sender and message subject
  • If an email is from an unrecognized sender or domain, consult someone from your IT or Security department, as they will verify the type of email and if it should be deleted
  • NEVER Open or forward a suspicious email
  • Pay attention to filenames attached to emails
  • Do not open email attachments from people that you do not know or trust and/or that look suspicious
  • Be aware that files can come as email attachments in the format of zip files in order to trick your anti-virus
  • Do not download executable (.exe) files that are sent to you

– Kristin Badgett, CSID Information Security Officer

Be sure to check out our other blog posts on security. Share your tips for protecting your business with us on Facebook and Twitter.

Load More Posts