Keyless Access: Door locks that require a pincode make it easier to access without fumbling for keys. Many keyless locks are smart and can be set to allow contractors limited one time PIN access.

Remote Control Alarms: For a few extra bucks you can add remote controls to an alarm system that allow you to activate or deactivate from the driveway or online.

Robot Cameras: New and very expensive robotic camera equipped technologies will roam your property taking full day and night video.

Remote Monitoring: Having someone monitor a video surveillance system 24/7/365 is close to having feet on the ground. These same systems come equipped with speakers used to yell at the trespassers.

Bullet Proof: If you’re especially concerned about flying bullets then installing bullet proof glass, doors and shoring up your walls with bullet proof steal is a must.

Panic or Safe Rooms: A safe room provides a space where you can survive a tornado, hurricane or home invasion with little or no injury. Residents can hide out in a relatively bullet proof, well stocked room equipped with wireless communications and wait for law enforcement to show up.

16 or 32 Camera Surveillance System: Once you go beyond 8 cameras prices start to rise. However 16 or even 32 cameras will provide you with a bird’s eye view of every single nook and cranny of your home extending into your neighborhood.

Robert Siciliano personal security expert to Home Security Source discussing Self Defense on Fox Boston

The load isn’t getting any lighter for the IT manager. While corporations are still trying to figure out the long term marketing benefits of social media, the security issues faced are a right now a problem.

Many companies restrict internal access. Others prevent employees from discussing or mentioning the company in social media during private time.

All of a sudden we’ve gone from print media, radio, television, Internet and now social media. This isn’t a fad or craze that will go away like Beanie Babies or talking Elmo. Social media is the 5^th media that encompasses all forms of media and it can all be accessed on a mobile phone. The interconnectedness is in everything and deserves the marketing department’s attention and freaks out IT.

Part of the issue is social medias allure. We’ve been hearing more and more about internet addictions. Well, social media is part of that. Then there’s the disconnect between generations. Baby-boomers see the 9-5 day as work, work, work and there shouldn’t be any distractions i.e. fun. Younger generations are connected and don’t know how not to be.

Companies who eliminate access to social media open themselves up to other security issues. Employees who are bent on getting access, often skirt security making the network vulnerable.

Computerworld reports “Part of the problem is that people’s comfort level with Facebook, Twitter and MySpace makes them easy marks for cybercriminals, who are jumping on social networking sites with gusto, dumping spam, launching phishing attacks, stealing identities and installing malware. The same people who have learned to be very wary of phishing attacks, enticing links and sales pitches for cheap Viagra in their inboxes allow themselves to be seduced on Facebook and Twitter.”

There is a serious disconnect between secure online behaviors and the playfulness of social media. Facebook is the adult version of Chuck E Cheeses, and who doesn’t lose their mind at Chucks? The problem is Timmy is five and likes to eat at Chuck E. Cheese. George is thirty-five and likes to eat there too. But George is a freak.

Bad guys are in social media and you CANNOT let your guard down.

Implement policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do too.

Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.

Limit social networks. In my own research, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure. Knowem has a mind blowing list of 4600 as of this writing.

Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.

Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.

Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

Register company name and all your officers at every social media site. You can do this manually or by using a very cost effective service called Knowem.com.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Media on Fox Boston.

Readers of these posts are familiar with ATM skimming. ATM skimming is a billion dollar problem and growing. A relatively new scam over the past few years is electronic funds transfers at the point of sale (EFTPOS ) skimming. People commonly swipe both credit and debit cards through the in-store machines to pay for goods and services at these outlets. In Australia, Fast-food, convenience and specialist clothing stores are bearing the brunt of the crime. McDonald’s is among the outlets whose EFTPOS machines have been targeted.

Last year, legitimate EFTPOS devices at McDonald’s outlets across Perth Australia were replaced with compromised card-skimming versions, with 3500 customers cheated of $4.5 million. They actually replaced the entire device you see at the counter when you order your Big Mac!

Officials say the problem is so bad they urged people to change credit and debit card pin numbers weekly to avoid the possibility of having their account balances wiped out, as it was likely more cases would be identified.

In the United States a similar scam was pulled off at the Stop and Shop Supermarket chain.

“One reason POS machines are so vulnerable is that nearly all of the estimated 12 million devices in the U.S. employ a 40-year-old magnetic stripe technology that industry experts say is largely defenseless against the high-tech wizardry available to fraudsters today. These experts say that thieves can buy skimming gadgetry on the open market. Right now you can walk into a computer store in Malaysia and buy one of these devices for about $200”

The solution to this type of crime may be with authenticating the card or the card holder. Today this is out of the hands of the consumer. There are a number of new technologies that if banks/retailers/industries adopt to identify the actual card/user at the POS or even online, then most, if not all, of the card fraud problems will be solved. There is a race going on right now to see who gets there first. In the next 1-5 years we may see new cards being issued such as “chip and pin” which are standard in Europe. Or no new cards at all but changes in the system that identifies a fraudulent card making the data useless to the thief, or a 2 card system that requires a second swipe of another authenticating card the hacker doesn’t have access to. We will see how this all plays out.

You can’t protect yourself from these types of scams. However, by paying attention to your statements and refuting any unauthorized transactions within 60 days, you can recover your losses. When using any POS, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, or error messages, don’t use it.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ATM skimming on ExtraTV

In the University of Cincinnati’s Journal of Homeland Security and Emergency Management, the authors write “The general population must be engaged as active security providers, not simply beneficiaries of security policy, because their practices often create the threats to which government responds.” Somebody is saying to take personal responsibility and start doing things securely opposed to expecting it to all be done for you. What a revelation!

Just because everyone has access to the Internet, doesn’t mean they are using it securely. If a person decides to login, they should take some basic courses or read about how to login securely. And the education doesn’t stop there. New scams pop up every day and one has to be aware of their options. I write almost every day and there is never a shortage of topics for me to discuss.

The Internet can be a dangerous neighborhood with bad people around every corner. I got an email from a colleague today who is in the security business. He asked me if the email he received from Facebook to change his password was a fake or real. This is a smart guy, who obviously never heard of the Facebook phishing scam before.

“NetworkWorld reports They cite the coordinated attack that overwhelmed U.S. and South Korean government sites last July as being the type of attack that individuals can unwittingly participate in by allowing their computers to be taken over by botnets, the authors say. The awareness they call for has to go beyond simply “if you do not protect yourselves bad things will happen to you” and create a sense that cyber security is a civic duty. Most users remain unaware that not only is their computer data vulnerable, but that their insecure access to cyberspace can be exploited by others turning them into unwitting agents of coordinated cyber threats [both criminal and disruptive attacks],”they say. “Cybersecurity must become a national civic responsibility.”

Frankly, we as citizens HAVE TO do something. Richard Clarke, the president’s cybersecurity adviser, recently wrote that the Department of Homeland Security “has neither a plan nor the capability” to protect the U.S.’s cyber infrastructure. He said companies and individuals “almost uniformly believe that they should fund as much corporate cybersecurity as is necessary to maintain profitability and no more.”

Whether you realize it or not, your computer is one of the biggest threats to your personal security. The Obama administration believes that your computer is also one of the biggest threats to national security.

The message is: Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius identity theft protection and prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU. (Disclosures)

3. Make sure your anti-virus is up to date and set to run automatically.

4. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

5. Check your bank statements often, online, at least once a week.

6. Visit US-Cert here

Robert Siciliano identity theft speaker discussing the mess of data security on Fox News

A Texas bank is suing one of its customers who was hit by an $800,000 online bank theft that could determine who is to be held responsible for protecting their online accounts from fraud.

Computerworld reports Romanian and Italian based criminal hackers launched numerous wire transfers out of the client’s back account. The bank recovered $600,000 of the $800,000.

The victim wanted all its money back and sued the bank to be reimbursed of the $200,000. The bank in turn filed a lawsuit requesting the bank certify it had adequate security that was considered “commercially reasonable”. The bank doesn’t want anything more than to be absolved of the $200,000.

The bank states all transfers originated from unauthorized wire transfer orders that had been placed by someone using valid Internet banking credentials belonging to the victim. How the victim’s credentials fell into he wrong hands has not been disclosed. It seems it was the victim’s lax security opposed to the banks. There are numerous ways this can happen. What is evident is there were wire transfers of various dollar amounts ranging from $2500.00 to $100,000 made to different accounts all overseas. The bases of the victim’s lawsuit are that the bank should have systems in place to detect such activity.

Small businesses and banks are losing money via attacks on their online banking accounts. It’s very simple: criminal hackers send an e-mail with a link to a malicious site or download to employees who handle their company’s bank accounts. These malicious links then steal the username and passwords the employees use to log in to their online banking accounts. Done.

So, if my PC is compromised because I don’t have adequate security and $800,000 goes missing from my account, whose fault is it? At first glance some may say the victims, others may say the banks. The fact that there are so many ways passwords can be compromised and accounts can be taken over, and banks know this, it should motivate banks to have redundant security in place. Hacks like this undermine people’s confidence in the system.

Here is a similar story being played out. I’m a big believer in taking action and making sure my systems are secure. And, the bank has some responsibility here too. I, we the public, have limitations on what we can do to be secure. I bet anything the bank will tighten up regardless of what the outcome of the lawsuit is because they have to see there is a weakness in their system. If they don’t, they are stupid.

I’ve been trying to transfer money from one bank account to another. My bank has made it difficult to do so. Painful even. It’s a customer service and a security issue. Ultimately they provide an option to do so and it requires paperwork, online authentication, phone calls and text messages. It’s not a matter of logging in and transferring money by entering another account. Even with my own login details I’m having a hard time transferring money.

Check to see how easy or difficult your bank makes it. Because if it’s easy peazy, that could be an issue if your PC is hacked.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius identity theft protection and prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU. (Disclosures)

3. Make sure your anti-virus is up to date and set to run automatically.

4. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

5. Check your bank statements often, online, at least once a week.

Robert Siciliano Identity Theft Speaker discussing online banking insecurity

Police believe they may have uncovered an international ATM “skimming” ring responsible for stealing money from hundreds of local accounts. Izaylo Hristov, 28, of Ontario, Canada, a Bulgarian citizen, was arrested at an ATM in the Boston area along with Viadiclav Vladevo and Anton Venkov. Venkov had $99,100 in $20 bills in his car when he was arrested. One of them had Dunkin’ Donuts gift cards and American Express cards with post-it notes that had “PIN’’ and various numbers written on them. These cards were used to write the stolen data on, and then used to make withdrawals.

It was not too long ago that I bought an ATM north of Boston from a dude named Bob at a bar and rolled it through the streets of Boston nabbing unsuspecting users who entered their debit cards and PINS. I performed this crazy stunt to demonstrate how easy it is and how vulnerable we are. As a writer/blogger/speaker my primary motivation is to educate and inform, so the public and industry doesn’t get scammed.

Apparently a few more than a few people in the Boston area didn’t watch this on Fox Boston, or this on NBC Boston or read this in the Boston Globe. Because many of them got scammed over the course of the past few weeks. I’m trying here people. All you have to do is pay attention.

You can protect yourself from these types of scams first by covering your pin!! Scammers have a difficult time turning your 16 digit account numbers into cash without the PIN. Consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages or the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations. Ultimately you must pay close attention to your statements. Refute unauthorized transactions within 60 days. Check with your bank to determine what their timeframe is to refute unauthorized withdrawals. In some cases an can be as early as a week.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the Bulgarian ATM scammer getting busted on Fox Boston

For $400-$700 you too can be a criminal hacker. Phishing hacking and spoofing software has been around for a few years. Heres what may be an example.

The ease and availability of this good for nothing other than crime software has made it easier, cheaper and more user friendly than ever to get into the cybercrime business.

Anyone with moderate computer skills that can navigate around the web and upload or download files is pretty much capable of accessing and implementing the crimeware.

Todays crimeware kits are designed so a person who is new to the criminal hacking business can quickly get up to speed and snare victims rapid fire.

USA Today reports they’ve been blasting out fake e-mail messages crafted to look like official notices from UPS (UPS), FedEx (FDX) or the IRS; or account updates from Vonage, Facebook or Microsoft Outlook (MSFT); or medical alerts about the H1N1 flu virus.

The faked messages invariably ask the recipient to click on a Web link; doing so infects the PC with a banking Trojan, a malicious program designed to steal financial account logons. Often, the PC also gets turned into a “bot”: The attacker silently takes control and uses it to send out more phishing e-mail.

The crimeware software business models the manufacturing and distribution of the legitimate software industry. Criminals are also getting more sophisticated in marketing their wares and doing it openly online. Just because they sell crimeware, doesn’t mean the software is illegal. It only becomes illegal when it’s used to scam people.

The fundamentals of how to prevent phishing are presented here by the Anti Phishing Work Group

• Be suspicious of any email with urgent requests for personal financial information
  • unless the email is digitally signed, you can’t be sure it wasn’t forged or ’spoofed’
  • phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
  • they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
  • phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure
• Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle
  • instead, call the company on the telephone, or log onto the website directly by typing in the Web adress in your browser
• Avoid filling out forms in email messages that ask for personal financial information
  • you should only communicate information such as credit card numbers or account information via a secure website or the telephone

  Additionally

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.
3. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing identity theft on Fox News

In my quest to learn more about what makes a criminal hacker tick, I came across Mr Chiesa when he commented on a blog post I wrote “How I Wasted 4 Hours with a Criminal Hacker”. He warned me I was treading on dangerous ground due to the fact that when communicating with the blackhat, I used my real name and provided my web address. His concern was a revenge hack that would clear the hackers name amongst his hacker peers.

I’ve danced with the devil a few times in my life and don’t mind the occasional walk on the ledge. And I’ll heed his advice in the future. After a closer look, I learned he is from the United Nations, based in Italy. (Road trip anyone?). That’s a cat I want to talk to who is fighting the battle 24/7/365 against the bad guy.

What do you do?

Since 2005 I’ve worked with the United Nations Interregional Crime & Justice Research Institute (UNICRI), where I am a Senior Advisor on Cybercrime Issues & Strategic Alliances. We develop new strategies, techniques and methodologies in order to support the Member States fighting cybercrime-related issues, supporting policy-makers, end-users and States.

I’m also an entrepreneur in the Information Security arena. I run 2 vendor-neutral consulting firms, specialized in Penetration Testing, Audit & Compliances, while the second firm supplies Digital Forensics services. I’m into IS since 1997, while I began my interest in it – and the hacking’s underground – back in 1986.

Why do you do it?

Mainly it’s because of the passion. I love my job, I love what I do everyday…and this is not so common so…I’m feeling really lucky. Talking about my role at UNICRI, I decided to join them in order to support a neutral organization that is really trying to achieve important goals.

What’s your process?

Mainly building an international network of contacts; attending a huge amount of IT events all around the world, often as a speaker; trying to build an “informal communication and alert network” among LEAs, in order to simplify and speed-up the process of information exchange. We’re working on various R&D projects, that help and benefit the IT and ICT community all around the world. Our main research is HPP – Hackers Profiling Project (http://www.unicri.it/wwd/cyber_crime/hpp.php), where we’ve been able to interview more than 1200 hackers from five different continents. It’s a really huge research program, that will last five years more. It’s something never done before.

What are the “politics” with it world wide?

Politics – especially USA and EU – are driving towards issues related to privacy, Lawful Interception, copyright, etc. I’m a technical guy, with a technical background: I don’t like politics, though it’s clear to me that it’s something we need, somehow.

In my humble opinion, the common mistake when politics meet IT, is that politicians are obviously not IT people, they do not have an IT background, and often they misunderstand the logistics of IT…in this scenario, (big or small) mistakes may always happen.

What is next? What’s the future look like?

We are observing in incredible rise in cybercrime. New profiles of attackers arrived in the so-called “hacking underground”, and the hacking world – sometimes – is meeting with organized crime and State-sponsored attacks. The world is changing and, basically, the keyword is “the information”. In today’s world, “Information is the Power”, that’s the sole reason why all of this is happening.

Sum up a profile of the criminal hacker today vs. 10 years ago.

There are huge differences between hackers in the past and hackers nowadays. Hackers from the past were not “mandatory” criminals. While their actions were illegal (note: during the 80’s and the 90’s, “hacking” was not a crime in many countries of the world. I.e. in Italy it became a crime only in 1993/1994), the global approach was much more on the “challenge”, the “curiosity”, as well as “teens actions”.

21st century hacking has moved towards criminality. This leads us to Cybercrime, that is de-facto composed by many different “subsections”, where hacking is often related. I am talking about spam, carding, zero-day attacks (and all the black-market there connected), obviously Identity Theft, scams & economical fraud, that leads us to the so-called “Underground Economy”.

The on-going economical global crisis too has something to do with this: each time there’s a global crisis, criminality raises up. This is exactly what’s happening now, since 2009, and that will continue in 2010: people that basically are NOT criminals, may be forced/pushed to “accept” a crime deal, linked to cybercrime actions.

This happens because cybercrime does not involve “straight” criminal actions such as killing somebody with a knife or a gun, stealing a mobile phone from somebody’s hands, etc… It’s a not-physical crime, involving actors to think that they are not doing anything “bad”. Also, cybercriminals ALWAYS think that they will “never be busted”, since they rate themselves “much better, more skilled” than LE agents.

Last issue (of a really huge, huge picture!) is related to State Sponsored attacks. Recent attacks from China, Estonia and Georgia are showing us how much hacking techniques are involved in all of this. Governments are starting to hire hackers (USA, UK, China, Korea, Iran….) and set up Information Warfare: this will be one of the hottest keywords in the near future.

More info on our book on Hackers Profiling: http://www.amazon.com/Profiling-Hackers-Science-Criminal-Applied/dp/1420086936

Raoul Chiesa, OPSA, OPST, ISECOM International Trainer, CLUSIT, ISECOM, TSTF, OWASP Italian Chapter: Board of Directors Member Osservatorio Privacy & Sicurezza – OPSI-AIP, Comitato Esecutivo

Thank you Raoul. We appreciate your contributions.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.
3. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing identity theft on Fox News

Advancements in technology over the past decade have created a tremendous amount of opportunity for the savvy businessperson. Whether it’s mobility, streamlined processes, marketing, or the ability to sell to a global market, there’s never been a better time to be in business.

Like anything good, there is always a negative. While there are certainly many negatives in technology, like the headaches when something doesn’t work correctly and the constant learning curve we must all endure, the biggest negative is security issues.

So for the SMB (that’s you, the savvy businessperson), here are ten considerations for the new decade:

Back up your back up. Numerous reports of cyber-war, thousands of new viruses weekly, and even Mother Nature reeking havoc on the Internet, have caused concern among industry professionals. Doing business in the cloud is fantastic; however, make sure you have redundant local backups of your data.

Anti-virus will not fully protect you. The sheer volume of attacks and new viruses created will keep the anti-virus vendors busy. But there is no way they can keep up the pace 100% of the time. There are numerous technologies that will immunize your PC and make whatever virus or spyware impotent, and any data on your machine typed in a browser useless to the thief.

Social media identity theft is the act of creating a blog or social media site that models your day to day operations. At any time someone can register domains or social media sites with your brand as the face. They then sell product that they never ship and/or do things to damage your brand. Scoop up your social media identities with Knowem.com

Social network nitwits. One of the easiest ways into your companies’ networks is via social media. The explosion of “I just made a tuna” communications has brought out the dumb in many people. The simple act of setting up a group on Facebook and getting your employees to join can open up a treasure trove of data that can facilitate social engineering attacks. Create policies and procedures that involve appropriate use.

Social engineering, the ruse of a confidence man, is back in full force. It never really went away, but with the amount of security in place, sometimes the path of least resistance is simply asking your cleaning crew for the keys to the building. By gaining the trust of employees over the phone, via email or in person, a con-man can get almost anything he needs to get whatever he wants. The best defense is effective policies coupled with ongoing awareness training.

Insider identity theft can ruin your business. Most companies have done their due-diligence to keep the bad guy from hacking from the outside. But many organizations have neglected the risks associated with employees gone bad and the internal damage that can be done. Numerous technologies monitor and control access to sensitive information. But preventing bad employees from doing bad things starts with not hiring bad people.

Phishing scams still work. Despite consumer and employee awareness, a carefully crafted and well designed email that looks like its coming from another employee is probably the most effective spear phish. Going after the CEO or high level executive or “whaling” can often be even more successful. The bigger they are the harder they fall as they say. From my experience it’s often the smartest ones in the room that lack all common sense. Test your employees; see what they will fall for. Then test them again.

Tighten up employee remote access. Allowing Suzy Admin to access the companies VPN from a home PC that Suzy’s son Steve uses to play games on servers hosted in North Korea will end up bad. Malware on a home computer can compromise usernames and passwords resulting in spyware on the network. Set up Suzy with her own laptop that’s fully locked down and prevents Steve from doing anything fun.

Peer to Peer (P2P) file sharing is a fantastic way to leak company and client data to the world. Obamas helicopter plans, security details and notes on congress members being deposed were all leaked on government controlled computers via P2P. Setting admin privileges and installing numerous technologies that will prevent P2P is essential.

Identity theft will get worse before it gets better. And whether it’s your identity, your families or your employee’s identity that is stolen, it can be a huge time suck and a costly event. The best defense involves a 3 legged stool. First, awareness training of all the scams that lure people in, and how to appropriately respond to numerous communications. Second involves a little time and investment in a “credit freeze” or “security freeze”. Learn how to do it HERE. Third is an annual investment in identity theft protection. In today’s cyber crime climate, and with the recession making people desperate to make money any way they can, NOT investing in identity theft protection is, in my opinion, irresponsible. The worst thing you can do is nothing.

Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

Robert Siciliano Identity Theft Speaker discussing identity theft on Fox News

Everywhere you go there is a privacy advocate screaming to protect your privacy. Privacy advocates, bless them, are a dying breed. They fight for whatever privacy rights there are left and do their best to remain watchdogs. If your gig is privacy, my guess is you have lost all your hair and are popping Prozac to relieve the stress of todays anti-private society. And you are fully employed and very very busy.

My gripe, people are freaking about full body scanners at the airports and the privacy issues involved. This isn’t a privacy issue, it’s a security issue. If you have to show a black and white image of your bum bum to avoid the plane from being blown up, so be it. Otherwise don’t fly.

“Privacy is dead, deal with it,” Sun MicroSystems former CEO Scott McNealy was widely reported to have declared over a decade ago. Scott hit the nail on the head and shortly after Tila Tequila became a famous lesbian pinup on MySpace, the Real World of reality TV was born, and we’ve been tweeting tuna sandwiches ever since.

Mark Zuckerberg CEO of Facebook who was around 13 years old when McNealy made his statement recently re-affirmed it by saying “… in the last 5 or 6 years, blogging has taken off in a huge way and all these different services that have people sharing all this information. People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that’s evolved over time.”

The fact is, “Privacy is an illusion, said Robert Siciliano CEO of IDTheftSecurity.com, “the focus today should be security, not privacy” he continued. That right there is a ready made quote for you to copy/paste and make me a sage like my two counterparts ~

Think of it like this: from birth you have a medical and birth record. These docs follow you everywhere in life and are filed and viewed by many. You can’t get admissions to schools, jobs or insurances without presenting these records. You are granted a Social Security number shortly after birth and that IS your National ID. Nine numbers that are connected to every financial, criminal and insurance record that makes up who you are and what you’ve done. But none of these docs are connected to you physically, which results in identity theft, a security issue.

Further, every time you visit a website with cookies enabled, use an ATM, credit card, RFID transponder on the highway toll, public transportation pass, make a call on a mobile phone, order a pizza over a home phone or simply use a computer to denote you ate that tuna, chances are – someone, somewhere – is recording that transaction and determining your location.

If you want to participate in society you have no choice but to give up your privacy. Fundamentally this is a trust issue. Humans lie and can’t be automatically trusted. We have considerable checks and balances in place to prevent lying from going unnoticed. Anonymity is dead due to the fact that bad guys try to hide or not pay. Transparency makes their chances of getting caught more likely. If you kill someone then drive down the highway, your chances of getting caught increase because your license plate is recorded through the toll. This is a good trade off for the family of the victim.

Knowing all this and understanding technologies impact on what you thought was privacy, should make you resigned to the fact that privacy is in-fact dead and an illusion. Now your focus needs to be security. Secure your financial identity so no-one can pose as you. Secure your online social media identity so no-one can pose as you. Secure your PC so no-one can take over your accounts. And please, there is no sense in telling the world what you are doing and where you are every minute of the day. When you do this, you aren’t relinquishing privacy; you are compromising your personal security.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.
3. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano identity theft speaker discussing cookies and privacy issues on FOX News