Robert Siciliano

Loading...
    • Media Contact:
      Robert Siciliano
    • Member Type(s): Expert
    • Title:Identity Theft Expert
    • Organization:IDTheftSecurity.com
    • Area of Expertise:
    •  
    • Member:ProfNet

    To become a ProfNet premium member and receive requests from reporters looking for expert sources, click here.

    10 Surefire Staff Security Awareness Techniques

    Thursday, January 18, 2018, 2:50 PM [General]
    0 (0 Ratings)

    Think about how great this would be: Imagine that all of your company data is safe from hackers. Your hardware is totally safe and secure. You have IT specialists at your disposal at all times and have a constant flow of cash to pay them.

    Unfortunately, this is a fantasy for most of us. No matter how secure we think our network is or how much we pay our IT people, there is always a chance for a data breach. Does this mean we should stop the fight, though? No way.

    Instead of throwing in the towel, it’s very important that you start focusing on security awareness, and this starts with teaching your staff how to handle sensitive company data and keep it safe from the bad guys. Here are some strategies that might work to get the message across:

    • Make sure that every employee on your staff understands how important security is, especially at their own workstation. Each employee you bring on in the future should also be instructed in this before being allowed to access the company’s network.
    • Safety, security and privacy policies must be in place and must address all the necessary concerns required to keep all data in check. Review these policies with new and current employees.
    • Set up some fake “phishing” emails to see if any of your staff take the bait. This fake set up will get the point across to your staff without putting your network at risk.
    • Set up a policy that terminates any employee that is involved in a data breach. This is a great incentive to keep company information safe.
    • Install software onto your network that can detect when your staff is doing something that they shouldn’t be doing. This software isn’t meant to discipline staff. Instead, it’s meant to alert them when they are doing something dangerous that could put sensitive information at risk
    • Make sure your staff understands all of the cyber-attack warning signs. This way, they can easily spot anything suspicious.

    Maximize Security Awareness in the Workplace

    Here are eight ways to further maximize security awareness in the workplace:

    1. Create a Baseline – Before you can get any type of awareness training going, it’s important to know where you stand. So, do something like a fake phishing email and see how many employees fall for it. This way, you know how much work you have ahead of you.
    2. Remain Realistic with Social – Thinking that you can totally ban any activity that puts your network at risk, such as social media, isn’t very realistic. Instead, teach your employees to be careful when using these websites. Show them example after example of how social posting has gone south ending up in firings.
    3. Use the Right Tools – Stock your arsenal with the right tools. There are programs out there that can help with security awareness in the workplace. “Phishing simulation training” is a quick search.
    4. Use your Creativity – Even if you don’t have a lot of cash to use, you can still make this a fun learning process for your staff. For instance, if its Christmas time, hand out candy canes to your staff, but around each candy, put a small paper with the company’s security policy printed on it.
    5. Get the Help of High-Ranking Execs – If you can get the execs to help you out, employees are likely to listen. How can you do this? Mention the term “return on investment” and relate it to your company’s security. You can be sure that this will get them moving. And remind them that company officer are being fired left and right when there is a data breach.
    6. Bring in Other Departments – It also is a good idea to bring in other departments to help with security awareness. Even people that might not be connected to your network, such as cafeteria or housekeeping staff, can be helpful. You should also make sure to involve your HR department, because they can usually encourage staff to follow policies. Accounting needs to have a say too.
    7. Evaluate Your Plan Often – Every 90 days, take a look at how your program is doing. This is quite effective. To avoid any type of information overload, you should take it slow, too. Perhaps only introduce security topics every three months or so, and then evaluate employee performance 90 days after.
    8. Provide Security “Appreciation” training – This goes beyond security awareness training into the realm of getting into cultural and societal misconceptions, myths and inaccuracies that perpetuate a lack of accountability. Example: “It can’t happen to Me” is total BS and is a form a denial preventing people from being proactive.
    9. Personalize the Experience – Some employees won’t get serious about things until they are affected. So, make sure that your staff understands that security awareness is about them, too, not only the executives of the company. Make sure they also know that they can use the same practices at home to keep their personal information safe.

    Teach Them Actual Self Defense – Might sound crazy, but understanding how to save their own lives or the life of a loved one in the event of a physical attack provides an enormous amount of perspective. This is one simple way to open one’s mind on the value of security.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Take the Extra Step: 12 Ways to Protect Your Home from Burglars

    Tuesday, January 16, 2018, 10:26 AM [General]
    0 (0 Ratings)

    Though you cannot totally protect your home from getting burgled, you would probably be surprised to know that there are no burglars that are as sophisticated as someone like Ethan Hunt from the Mission Impossible movies. However, when you have the right plan in place, you can almost make your home burglar-proof.

    When most people think about their home’s security, they only think of a couple of things, such as fake cameras. Though these are nice to have, they don’t fully protect you. A fake camera isn’t going to stop a burglar from kicking in the door. Speaking of the door, the only thing that is separating you and your belongings from a thief is ½ inch piece of pine molding. This isn’t enough. A 12-year-old boy could kick that in, in fact. Instead, it’s best to reinforce your door:

    • Install deadbolt/door knob wraps – these devices strengthen the area around the location of the lock
    • Door bar jammer – this device is put under the doorknob to stop it from moving
    • Door brace – this device makes it difficult to use brute force to kick it down
    • Door frame reinforcement – this is installed on the door and is made of steel

    You also might consider something like a Door Devil. This is a kit that features a device molded from steel It is placed over the jamb of the door, and then screwed into the frame. It’s very easy to install, and adds another level of protection for your house. When you combine a device like the Door Devil with other types of security, such as a security system, detection lights, or cameras, it is difficult for a burglar to get in.

    Here are 12 more tips to keep the burglars out:

    1. Keep all of your doors locked, even if you are home, and even if it is light out.
    2. Keep your curtains and blinds shut. This ensures that no one can peek inside of your house to check out your valuables.
    3. Use door reinforcements on each and every door and use top-flight locks.
    4. Place security films on the windows. This helps to strengthen the panes and prevents any object from coming in, including baseball bats and crow bars.
    5. Bring in all newspapers and mail in as soon as they get there.
    6. Give your home a look that it is lived in, even if you aren’t home. Set up automated lights to be on at night.
    7. Put a pair of scuffed and worn men’s work boots at the doors of your house.
    8. If you park your car in the driveway, place a pair of men’s gloves on the dashboard. When burglars see this, they often think twice about breaking in because they believe a large, burly man lives in the house.
    9. Put a large dog bowl outdoors by the door, and make it look real. Add a leash or chewed up dog toys, too.
    10. Trim up any shrubs that hide points of entrance into your home.
    11. Go online to the Google News site. Type in your city and state, and then the phrase “door kicked in.” Take a look at those results. You will likely be shocked by what you read.
    12. Consider buying a new home security system. The best systems out there not only give you a full alarm package, but also offer cameras, police monitoring, and a video feed, that allows you to view what’s happening in your home when you are not there. This way, you can easily watch the cameras from your mobile phone or tablet.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft preventionvideo.

    Top 10 Tips for Securing Your Mobile Devices and Sensitive Client Data

    Thursday, January 11, 2018, 10:22 AM [General]
    0 (0 Ratings)

    Do you have employees who bring mobile phones to work and use those devices on the corporate network? Do they store company data on these “Bring Your Own Devices (BYOD)”?? Does your company have a policy in place for this?

    First, the moment a person brings in their personal phone to work, there is a fusion of personal and business tasks that occur. And, equally as bad, company issued devices are used for personal use as much, if not more than the employees own devices. Not sure you believe this? Here are some stats:

    A recent survey asked 2,000 office workers about their habit of using their personal mobile devices at work. Here’s what it found:

    • 73% of people admit to downloading personal apps to tablets they got from their company.
    • 62% of people admit to downloading personal apps to mobile phones they got from their company.
    • 45% of people admit to downloading personal apps to notebooks they got from their company.
    • The people who were most likely to do this were in the 25 to 38-year-old age group.
    • 90% of people use their personal mobile devices to conduct business for work.

    As you can see, a lot of people are using their mobile devices on the job, and this could not only put your company data at risk, but also the data associated with your clients. Do you have a plan to minimize or even totally prevent how much sensitive company data is wide open to hackers?

    Solutions to Keep Sensitive Business Information Safe

    Decision makers and business owners should always consider their personal devices as equal to any business device. You definitely don’t want your sensitive company information out there, and this information is often contained on your personal mobile or laptop device. Here are some things that you can do to keep this information safe:

    Give Your Staff Information About Phishing Scams

    Phishing is a method that cybercriminals use to steal data from companies. Studies show that it is extremely easy for even the smartest employees to fall for these tricks. Here’s how they work: a staff member gets an email with a sense of urgency. Inside the email is a link. The body of the email encourages the reader to click the link. When they do, they are taken to a website that either installs a virus onto the network or tricks the employee into giving out important company information.

    Inform Your Staff that the Bad Guys Might Pose as Someone They Know

    Even if you tell your staff about phishing, they can still get tricked into clicking an email link. How? Because the bad guys make these emails really convincing. Hackers do their research, and they are often skilled in the principles of influence and the psychology of persuasion. So, they can easily create fake emails that look like they come from your CEO or a vendor, someone your staff trusts. With this in mind, it might be best to create a policy where employees are no longer allowed to click email links. Pick up the phone to confirm that whatever an email is requesting, that the person who sent it is legitimate.

    Teach Employees that Freebies aren’t Always Goodies

    A lot of hackers use the promise of something free to get clicks. Make sure your staff knows to never click on an email link promising a freebie of any kind.

    Don’t Buy Apps from Third-Party Sources

    Apps are quite popular, and there are many that can help to boost productivity in a business setting. However, Apple devices that are “jailbroken” or Android devices that are “rooted” are outside of the walled garden of their respective stores and susceptible to malicious viruses. Make sure your employees know that they should never buy an app from a third-party source. Only use the official Apple App Store or the Google Play Store.

    Always Protect Devices

    It’s also important that you advise your employees to keep their devices protected with a password. These devices are easy to steal since they are so small. If there is no password, there is nothing stopping a bad guy from getting into them and accessing all of the accounts that are currently logged into the device.

    Install a Wipe Function on All Mobile Devices Used for Business

    You should also require all employees to have a “wipe” function on their phones. Even if they are only doing something simple, like checking their work email on their personal mobile device, it could get into the wrong hands. With the “wipe” function, the entire phone can be cleared remotely. You should also require employees to use the setting that erases the phone after a set number of password attempts.

    Require that All Mobile Devices on the Company Network Use Anti-Virus Software

    It’s also important, especially in the case of Android devices, that all mobile devices on the network have some type of anti-virus software.

    Do Not Allow Any Jailbroken Devices on Your Company’s Network

    Jailbroken devices are much more vulnerable to viruses and other malware. So, never allow an employee with a jailbroken phone to connect to your network.

    All Employees Should Activate Update Alerts

    One of the easiest ways to keep mobile devices safe is to keep them updated. So, make sure that all employees have update alerts enabled, and make sure that they are updating their devices when prompted or automatically.

    Teach Employees About the Dangers of Public Wi-Fi

    Finally, make sure your staff knows the dangers of using public Wi-Fi. Public Wi-Fi connections are not secure, so when connected, your devices are pretty open. That means, if you are doing things that are sensitive, such as logging into company accounting records, a hacker can easily follow. Instead, urge employees to use a VPN. These services are inexpensive and they encrypt data so hackers can’t access it.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    The Top 7 Things You Need in Your Survival Kit

    Tuesday, January 9, 2018, 10:27 AM [General]
    0 (0 Ratings)

    Imagine that you are in the middle of nowhere for a few days, or that you are stuck in your home after a disaster, like a hurricane. What do you need to survive? Here are several things that you should have available. Remember, this is only a basic list; things that you might pack in a “go bag” that you can grab in a hurry. If you aren’t sure what something is, Google the keyword to learn more.

    Clean Water/Iodine Tablets/Water Access

    Your body is made of mostly water, so having water available is the number one tool for surviving. For three days, you need about three liters of water per person. To help to expand this, have some iodine tablets that you can use to purify natural water, such as the water you find in a stream. Also, think about investing in a 55-gallon water barrel to store water.

    Food

    Some of the best food to have in your survival kit include energy bars, canned tuna (don’t forget the can opener or a sharp knife), and “backpack meals.”

    Clothing

    • Hooded rain jacket
    • Hiking footwear, or sturdy shoes
    • Bandana
    • Two pairs of pants and two shirts (not cotton, as it retains moisture)
    • Two pairs of socks (wool, if you think it will be cold)
    • Long underwear (choose polypropylene for warmth)
    • Sunglasses
    • Gloves (for the cold and to handle rocks and dirt)
    • Wide-brimmed hat
    • Plastic bags (to place over your socks to keep them dry)
    • Rubber bands (to keep the plastic over your feet.

    Shelter

    • Tent (a tarp works too, but you have to have a way to set it up)
    • Ground tarp (to place your tent or tarp on to insulate against the damp ground)
    • Sleeping bag

    Medical Supplies

    You want to make sure you have a first aid kit, and it’s best to make one. This way, you know what’s in it. Here’s some necessities:

    • Cold pack (chemical kind)
    • Ankle brace
    • Assorted bandaged, gauze, and antibacterial cream
    • Ace bandage
    • Cotton balls
    • Tourniquet
    • Tweezers
    • Sunscreen
    • Small mirror (you can also use this to signal search planes)
    • Vaseline
    • Sawyer extractor (to deal with snake bites)
    • Anything else you personally need for your specific health needs

    Survival Tools

    • A travel chainsaw
    • At least three different types of fire starters
    • Camp stove and propane
    • Small cooking pot
    • Two flashlights with extra batteries
    • A good quality knife
    • Compass and map (know how to use these!)
    • Cell phone with extra battery or power source
    • Topographical map
    • Survival GPS app
    • Solar powered charger

    Weapons

    • A shotgun or other firearm
    • Pepper spray (The big cans of “bear spray” are excellent)
    • Whistle
    • Air horn
    • Golf club, baseball bat, or other blunt object

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Your Social Security Card Gets Stolen: Now What?

    Thursday, January 4, 2018, 10:24 AM [General]
    0 (0 Ratings)

    You might be shocked to know that when Social Security numbers were first given in the 1930s, the intention was never to use them as a form of identification. However, most of us use our Social Security numbers all of the time, from doing transactions at the bank to visiting our doctor’s office.

    You need your SSN to apply for jobs, to open credit cards, and even to marry the love of your life. Since we use this number of often, what happens if you lose your card, it gets stolen or it’s leaked in a big data breach? Here’s what to do:

    Contact the 3 Credit Bureaus – The first thing you should do is to contact one of the three major credit monitoring bureaus. You have to put a fraud alert on your credit report. By doing this, a lender or creditor uses much stricter guidelines when they receive an application for credit. These alerts only last for 90 days, but you can also get an extension when that 90 days passes. But there’s better:

    Freeze Your Credit – Another step that is even more secure is to freeze your credit. When this happens, you can’t use your credit to open a line of credit or refinance until you go through a simple “thaw” or unfreeze process. Keep your credit frozen for the remainder of your life and thaw when needed.

    Get Identity Theft Protection – Also, consider getting identity theft protection. This might be a bit of an investment for some people, but it also ensures that someone is monitoring your credit all day, every day. These experts can also quickly get you back on track if your identity is stolen.

    Watch Your Credit – If 90 days has passed, and you don’t see anything strange on your credit report, that doesn’t mean that you are safe. Thieves can use your information in other ways, too, so you should continue to watch your credit report. You can get a free credit report each year at AnnualCreditReport.com

    Use Caution When Online – Finally, make sure that you are being careful when browsing the internet. Cybercriminals are sneaky, and people fall for their tricks quite often. Here are some things to keep in mind:

    • Don’t click on any link you get in an email. This is the case even if you believe that it’s from someone you know. Unless you’ve just signed up for a website and you need to confirm your email address.
    • Don’t open any email that is in the spam folder.
    • Don’t open any email that has a subject line that is exaggerated or sensational.
    • If you can use two-factor authentication with your online accounts, you should.
    • Use an antivirus program, anti-malware software, and a firewall.
    • Create a different password for each account. Make sure they are difficult to remember and stay away from those containing your name, date of birth, or even 123456.
    • Use a password manager.
    • Shred your personal documents before throwing them in the garbage. This is especially important if the document contains information like your SSN or an account number.
    • Don’t give your SSN out to anyone unless it is totally necessary, such as on a job application or when applying for a loan or credit card.

    I give out my SSN all the time. But, I omit it from applications often. And if the applications administrator says “we can’t process your request without the SSN”, I may briefly question them, but inevitably give them my SSN. I have a credit freeze and identity theft protection. I’m not worried.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.


    Page 1 of 46  •  1 2 3 4 5 6 ... 46 Next