Robert Siciliano

Loading...
    • Media Contact:
      Robert Siciliano
    • Member Type(s): Expert
    • Title:Identity Theft Expert
    • Organization:IDTheftSecurity.com
    • Area of Expertise:
    •  
    • Member:ProfNet

    To become a ProfNet premium member and receive requests from reporters looking for expert sources, click here.

    Top 12 Tips to Destroy Your Sensitive Data

    Thursday, May 18, 2017, 8:22 AM [General]
    0 (0 Ratings)

    Believe it or not, you just can’t shred too much. If you aren’t destroying your sensitive data, my best advice is for you to start now. There are people out there who make a living diving into dumpsters in search of credit card info, bank account number, mortgage statements, and medical bills; all things they can use to steal your identity.

    Here are 12 tips that you can use to help you destroy your sensitive data:

    1. Buy a shredder. That said, I don’t own a shredder. I’ll explain shortly. There are a number of different brands and models out there. Some even shred CDs. This is important if you keep your documents saved on a computer, which you then saved to a CD. Don’t, however, try to shred a CD in a shredder that isn’t equipped to do this job. You will definitely break it.
    2. Skip a “strip-cut” shredder. These shredders produce strips that can be re-constructed. You would be surprised by how many people don’t mind putting these pieces together after finding them in trash. Yes, again, people will go through dumpsters to find this information. Watch the movie “Argo” and you’ll see what I mean.
    3. Shred as small as you can using a cross cut shredder. The smaller the pieces, the more difficult it is to put documents together again. If the pieces are large enough, there are even computer programs that you can use to recreate the documents.
    4. Fill a large cardboard box with your shreddables. You can do this all in one day, or allow the box to fill up over time.
    5. When the box is full, burn it. This way, you are sure the information is gone. Of course, make sure that your municipality allows burning.
    6. You should also shred and destroy items that could get you robbed. For instance, if you buy a huge flat screen television, don’t put the box on your curb. Instead, destroy, shred, or burn that box. If it’s on the curb, it’s like an invitation for thieves to come right in.
    7. Shred all of your documents, including any paper with account numbers or financial information.
    8. Shred credit card receipts, property tax statements, voided checks, anything with a Social Security number, and envelopes with your name and address.
    9. Talk to your accountant to see if they have any other suggestions on what you should shred and what you should store.
    10. Shred anything that can be used to scam you or anyone. Meaning if the data found in the trash or dumpster could be used in a lie, over the phone, in a call to you or a client to get MORE sensitive information, (like a prescription bottle) then shred it.
    11. Try to buy a shredder in person, not online. Why? Because you want to see it and how it shreds, if possible. If do buy a shredder online, make sure to read the reviews. You want to make sure that you are buying one that is high quality.
    12. Don’t bother with a shredder. I have so much to shred (and you should too) that I use a professional document shredding service.

    I talked to Harold Paicopolos at Highland Shredding, a Boston Area, (North shore, Woburn Ma) on demand, on-site and drop off shredding service. Harold said “Most businesses have shredding that needs to be done regularly. We provide free shredding bins placed in your office. You simply place all documents to be shredded in the secure bin. Your private information gets properly destroyed, avoiding unnecessary exposure.”

    Does your local service offer that? Shredding myself takes too much time. And I know at least with Highlands equipment (check your local service to compare) their equipment randomly rips and tears the documents with a special system of 42 rotating knives. It then compacts the shredded material into very small pieces. Unlike strip shredding, this process is the most secure because no reconstruction can occur.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Malware Hack Attacking the Grid…BIGLY

    Tuesday, May 16, 2017, 8:25 AM [General]
    0 (0 Ratings)

    For more than four years, malware has been posing as legitimate software and infecting industrial equipment across the globe.

    The malware, which looks just like the Siemens control gear software, has affected at least seven plants in the US. According to security experts, the malware was specifically designed to attack this industrial equipment, but what it does is not totally known. It is only described as a type of “crimeware.”

    The malware was first hinted at in 2013, but at that time, it was not seen as dangerous, and many anti-virus programs were flagging it as dangerous, but it was considered a false positive. Eventually, it was seen as a type of basic malware, and upon further inspection, it was found that there are several variations. The most recent flag was in March 2017.

    This particular infestation is only one of many malware infections that target industry. Approximately 3,000 industrial locations are targeted with malware each year, and most of them are Trojans, which sometimes can be brought in by staff on found or compromised USB sticks.

    Most of these programs aren’t extremely harmful, meaning they won’t shut down production. However, what they could do is pave the way for more dangerous threats down the road. It also allows for sensitive information to be released.

    It is not easy for hackers to infiltrate an industrial plant, and it takes good knowledge of layout, industrial processes, and even engineering skills to pull something like that off. This goes way beyond a simple malware attack.

    However, these attacks have also brought to light the issue of how many legitimate files are being flagged as malware and vice versa. This means that the files can be used by the bad guys, who can then target a specific industrial site. There are thousands of these programs out there, ripe for the picking by observant hackers.

    What can they do if they get this information? They could find out where the site is, who operates it, the layout and configuration, what software they have, and even what equipment they are using. Though this wouldn’t give them everything they need, it would be enough to plan a bigger, more dangerous attack.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Second Hand and Discarded Devices Lead to Identity Theft

    Wednesday, May 10, 2017, 8:31 AM [General]
    0 (0 Ratings)

    A new study was just released by the National Association for Information Destruction. What did it find? Astonishingly, about 40% of all digital devices that are found on the second-hand market had personal information left on them. These include tablets, mobile phones, and hard drives.

    The market for second hand items is large, and it’s a good way to find a decent mobile device or computer for a good price. However, many times, people don’t take the time to make sure all their personal information is gone. Some don’t even understand that the data is there. This might include passwords, usernames, company information, tax details, and even credit card data. What’s even more frightening is that this study used simple methods to get the data off the devices. Who knows what could be found if experts, or hackers, got their hands on them. It wouldn’t be surprising to know they found a lot more.

    Here are some ways to make sure your devices are totally clean before getting rid of them on the second-hand marketplace:

    • Back It Up – Before doing anything, back up your device.
    • Wipe It – Simply hitting the delete button or reformatting a hard drive isn’t’ enough. Instead, the device has to be fully wiped. For PCs, consider Active KillDisk. For Macs, there is a built in OS X Disk Utility. For phones and tablets, do a factory reset, and then a program called Blancco Mobile.
    • Destroy It – If you can’t wipe it for some reason, it’s probably not worth the risk. Instead, destroy the device. Who knows, it might be quite fun to take a sledge hammer to your old PC’s hard drive, right? If nothing else, it’s a good stress reliever!
    • Recycle It – You can also recycle your old devices, just make sure that the company is legitimate and trustworthy. The company should be part of the e-Stewards or R2, Responsible Recycling, programs. But destroy the hard drive first.

    Record It – Finally, make sure to document any donation you make with a receipt. This can be used as a deduction on your taxes and might add a bit to your next tax return.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Getting Rid of an Electronic Device? Do This First…

    Wednesday, May 3, 2017, 8:35 AM [General]
    0 (0 Ratings)

    A shocking study by the National Associated for Information Destruction has revealed some terrifying information: 40% of electronic devices found on the second-hand market contains personal information. This information includes usernames and passwords, personal information, credit card numbers, and even tax information. Tablets were the most affected, with 50% of them containing this sensitive information, while 44% of hard drives contained the info.

    What does this mean for you? It means that all of those old devices you have laying around could put you in danger.

    Deleting…Really Deleting…Your Devices

    Many of us will haphazardly click the ‘Delete’ button on our devices and think that the information is gone. Unfortunately, that’s not how it works. You might not see it any longer, but that doesn’t mean it doesn’t exist.

    To really make sure your device is totally clean, you have to fully wipe or destroy the hard drive. However, before you do, make sure to back up your information.

    Back Up

    Whether you use a Mac or a PC, there are methods built into your device that will allow you to back it up. You can also use the iCloud for Apple, or the Google Auto Backup service for Androids. And of course you can use external hard drives, thumb drives or remote backup.

    Wipe

    Wiping a device refers to completely removing the data. Remember, hitting delete or even reformatting isn’t going to cut it. Instead, you have to do a “factory reset,” and then totally reinstall the OS. There is third party software that can help, such as Active KillDisk for PCs or WipeDrive for Mac. If you are trying to clean a mobile device, do a factory reset, and then use a program like Biancco Mobile, which will wipe both Android and iOS devices.

    Destroy

    Wiping will usually work if your plan is to resell your old device, but if you really want to make sure that the information is gone for good, and you are going to throw the device away anyway, make sure to destroy it.

    Many consumers and businesses elect to use a professional document shredding service. I talked to Harold Paicopolos at Highland Shredding, a Boston Area, (North shore, Woburn Ma) on demand, on-site and drop off shredding service. Harold said “Theft, vandalism, and industrial espionage are ever increasing security problems. Today’s information explosion can be devastating to your business. Most consumers and businesses may not know that they have a legal responsibility to ensure that confidential information is not disseminated.” The reality is, if security is important to you or your company, then shredding should be as well.

    The goal, of course, is to make it impossible for thieves to access the data you have and/or discard.

    Recycle

    If you want to recycle your device, make sure that you only use a company that is certified and does downstream recycling. Know that recycling offers NO security for your information. They should be part of the R2, or Responsible Recycling program or the e-Stewards certification program. Otherwise, your data could end up in the wrong hands. Also, if you recycle or donate your device, make sure to keep your receipt. You can use it when you file your taxes for a little bit of a return.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Phishing is Getting Fishier

    Tuesday, May 2, 2017, 8:26 AM [General]
    0 (0 Ratings)

    If you are like most of us, you have undoubtedly received an email that has asked you to click on a link. Did you click it? If you did, you are like 99% of internet users because clicking links in normal. But in some situations you may have found that the link took you to a new or maybe spoofed website where you might be asked to log in. If you ever did this, you may have been the victim of a likely phishing attack, and these attacks are getting fishier all of the time.

    A What? Phish? Fish?

    It’s called a phishing attack, and yes, it’s a play on words. When you fish, you throw a hook and worm into the water and hope you catch something. Hackers do the same when they phish. Except, their hook and worm, in this case, is an interesting looking email that they hope you are going to click on…its then, that they can reel you in. There are a few different types of phishing:

    • Spoofed websites – Hackers phish by using social engineering. Basically, they will send a scam email that leads to a website that looks very familiar. However, it’s actually a spoof, or imitation, that is designed to collect credit card data, usernames and passwords.
    • Phishing “in the middle” – With this type of phishing, a cybercriminal will create a place on the internet that will essentially collect, or capture, the information you are sending to a legitimate website.
    • Phishing by Pharming – With phishing by pharming, the bad guys set up a spoof website, and redirect traffic from other legitimate sites to the spoof site.
    • Phishing leading to a virus – This is probably the worst phish as it can give a criminal full control over your device. The socially engineered phish is designed to get you to click a link to infect your device.

    Can You Protect Yourself from Phishing?

    Yes, the standard rule is “don’t click links in the body of emails”. That being said, there are emails you can click the link and others you shouldn’t. For example, if I’ve just just signed up for a new website and a confirmation email is then sent to me, I’ll click that link. Or if I’m in ongoing dialog with a trusted colleague who needs me to click a link, I will. Otherwise, I don’t click links in email promotions, ads or even e-statements. I’ll go directly to the website via my password manager or a Google search.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.


    Page 1 of 41  •  1 2 3 4 5 6 ... 41 Next