8 Tips to Avoid Being Victimized by Phishing Scams



Unfortunately, it’s a familiar story worth remembering to protect you and your customers.

Despite all the publicity about phishing scams, even employees at a major health provider and university system are guilty of risking personal data.

That includes losing medical information and Social Security numbers, for thousands of people, to cybercriminals.

The Franciscan Health System warned more than 12,000 of its patients nationwide in March 2014.

What was the warning?

That their personal information may have been shared with computer scammers who accessed staff email accounts.

About 8,000 patients are in the Pacific Northwest.

Similarly, the University of Washington found it necessary to warn its employees.  

The University of Washington has been a target of some high-profile ‘phishing’ attacks recently, and the Office of the UW Chief Information Security Officer is offering some tips to protect personal, financial and institutional information stored on personal computers,” wrote Bob Roseth at www.washington.edu/news in February 2013.

“Phishing is a form of email or Internet fraud in which cybercriminals entice victims to provide personal information, including login credentials, that can be used to gain access to UW or personal systems, bank accounts and other financial assets, as well as other sensitive information,” he explained.

“Phishing messages often include distressing or enticing statements to provoke an immediate reaction, or they may threaten consequences if you fail to respond,” Mr. Roseth added.

Just as it appeared that phishing has been a heavily publicized topic, the university’s warning serves as a reminder not to be complacent.

We can never assume that everyone is cognizant of dangers posed by cybercriminals.

Franciscan and the UW joined a long list of victimized organizations.

To avoid being victimized, here are eight tips:

1. Take great care in sending e-mails

You shouldn’t ever e-mail passwords or other sensitive information. If you’re forwarding an important e-mail with a password-protected attachment, make sure it’s challenging for anyone to open it.

2. Be strategic if you’re asked to set up security questions and answers

Many questions are easy to answer for cybercriminals if they know anything about you, especially if you are active on social media. People put all kinds of information on their Facebook page.

So don’t answer with information that can easily be found by cybercriminals– in other words, don’t answer the questions directly. In other words, if a question is “What was the name of your high school?” answer with the name of your most disliked subject or most-inspirational teacher.

3. Be skeptical when a cybercriminal tries to get your attention

Mr. Roseth was right when he wrote that authors of phishing methods know how to use fear to get your attention. They also use other methods.

4. Take extra precautions when an e-mail that appears to be a legitimate Web site asks for information

Savvy organizations don’t send such requests for your information. Many illegitimate Web sites are copycats. Look closely at the URLs and check for slight variations in the spelling.

Better still, I always ignore such requests. Instead, I enter the site’s address in the URL and go to the Web site in-question, just to be sure.

5. When you receive e-mails asking for information or for you to click on a link, first consider the circumstance

If you don’t recognize the e-mail address, even if it’s supposedly from an acquaintance or your bank, don’t open it. Certainly, don’t click on such links or open attachments.

As this article was being written, I received this cybercrime e-mail:

From: JP Morgan Chase Bank [webexxxoffice42@att.net]

Please open the attachment for more information Mr. James Dimon CEO JP Morgan Chase Bank Fax:1-847-496-8147

Note: the discrepancy between the the alleged bank and e-mail address — a bonafide bank would not have an ATT.net email address.

6. Guard against scams from overseas

Usually, such scams have grammatical and spelling errors. They’re often been translated poorly into English. They also include weird-looking phrasing or out-of-character letters in e-mails to get past spam filters.

7. As Mr. Roseth stated, phishing scams try to get your attention with urgent statements for you to take action

Ignore them. They also pretend to send you important personalized information, but they mistakenly reveal that the same e-mail is being sent to others. Often, they don’t address you by name.

Or, they hack Twitter or Facebook and pretend to send you e-mails from your acquaintances. So check the context of such e-mails – they don’t use the same verbiage as your friends.

8. Take precautions with your smartphones, mobile applications and social media

Watch out for illegitimate apps that want to access your device in order to steal your personal or sensitive information.

Note: Android has had countless security issues. Identity fraud has escalated in smartphones and social media.

Once considered perfectly safe, even Macs have had security issues, too.

From the Coach’s Corner, for dozens of security tips, click here.

And remember, if you read e-mails carefully and take great care, you’ll minimize any threats.

Be careful about reading the fine print…there’s no way you’re going to like it.


 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.





Photo courtesy jk1991 at www.freedigitalphotos.net

Identity Fraud Escalates in Smartphones, Social Media



Skyrocketing mobile malware threats amid widespread use of BYOD, bring your own devices, were on track for a $1.88 billion services market in 2013. That’s according to ABI Research.

Cybercriminals are successfully attacking vulnerabilities in individual devices and networks to an ABI report.

“Isolated and standalone security solutions will work for the individual consumer, but for organizational applications and carriers, mobile security services will take the lead,” says Michela Menting, ABI Research’s senior analyst in cyber security.

ID-100279342 tiramisustudioThe epidemic isn’t new.

There’s been another global cybercrime assault on smartphones, according to a government task force, which includes the FBI. The Internet Crime Complaint Center (IC3) waived a big red flag. In particular, it’s a threat to Android users. As a result, IC3 issued security tips for users.

Wait, there’s more.

Identity fraud jumped by 13 percent – claiming 11.6 million American adult victims in 2011, according to a study. The report indicates smartphone and social media users were heavily victimized.

The study shows seven percent of smartphone users were affected. Javelin Strategy & Research (www.javelinstrategy.com), a San Francisco bay area firm, conducted the study.

“Consumers must be vigilant and in control of their personal data as they adopt new mobile and social technologies in order to not make it easier for fraudsters to perpetrate crimes,” said James Van Dyke, president of Javelin.

Here’s an excerpt of Javelin’s four main takeaways:

Identity fraud incidents increased, amount stolen remained steadyThe number of identity fraud incidents increased by 13 percent over the past year, but the dollar amount stolen remained steady.

Social behaviors put consumers at riskSpecifically, 68 percent of people with public social media profiles shared their birthday information (with 45 percent sharing month, date and year); 63 percent shared their high school name; 18 percent shared their phone number; and 12 percent shared their pet’s name – all are prime examples of personal information a company would use to verify your identity.

Smartphone owners experience greater incidence of fraudThe survey found seven percent of smartphone owners were victims of identity fraud. This is a one-third higher incidence rate compared to the general public.

Part of this increase may be attributable to consumer behavior: 32 percent of smartphone owners do not update to a new operating system when it becomes available; 62 percent do not use a password on their home screen—enabling anyone to access their information if the phone is lost; and 32 percent save login information on their device.

Data breaches increasing and more damaging – One likely contributing factor to the fraud increase was the 67 percent increase in the number of Americans impacted by data breaches compared to 2010. Javelin Strategy & Research found victims of data breaches are 9.5 times more likely to be a victim of identity fraud than consumers who did not receive such a data breach letter.

So, hang onto your smartphone — and consider precautions with your smartphone security and social media sharing.

From the Coach’s Corner, here are related resources:

Our Mobile-Banking Warnings about Security Prove Prophetic

Using Starbucks’ WIFI? Security Pro Issues Warning and Security Checklist

5 Safety Measures to Thwart Mounting Social-Network Attacks

Who Profits from Android’s Security Issues? Not Users.

Internet Criminals to Pose Bigger Threat than Terrorists – FBI

New Cyber Attacks: Tips For Internet Security

New Cybercrime Serves as Warning to Take Defensive Precautions

Lesson about Passwords after Theft of 16,000+ UCLA Patient Records

Cyber Security: Is Your Business Prepared with Precautions and Response Philosophy? 

“There’s a lot of weirdos on the Internet.”

-Miss Texas Teen USA (1998 pageant)

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Photo courtesy of tiramisustudio at www.freedigitalphotos.net

Internet Criminals Pose Bigger Threat than Terrorists – FBI



Feb. 4, 2012 –


Web security study has found the vast majority of organizations that allow employees to freely access the Web are experiencing high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords.

Web-borne attacks are impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities.

Little wonder the U.S. government along with state and local agencies, businesses and consumers should all heed ominous testimony before Congress. Then-FBI Director Robert Mueller warned “the cyber threat will equal or surpass the threat from counter terrorism in the foreseeable future.”

That was his January 2012 message to U.S. House Permanent Select Committee on Intelligence  in discussing the importance of the Internet.

“The theft of intellectual property, the theft of research and development, the theft of the plans and programs of a corporation for the future, of all which are vulnerable to being exploited by attackers,” Mr. Mueller testified.

Mr. Mueller warned it’s imperative for the FBI and federal government to get more proficient in analyzing, gathering and sharing information. He also requested appropriate legislation.

Indeed, we see proof of his admonition in news headlines almost daily, which has prompted countless Biz Coach articles about cyber attacks with tips for Internet security.

WIFI warning

The most-read Biz Coach article of all time quoted Stan Stahl, Ph.d., a nationally recognized security expert, in using Starbucks’ WIFI, a security pro issues warning and security checklist.

Also highly read is our mobile-banking warnings about security prove prophetic.

Don’t forget about healthcare. It’s vital to understand why many healthcare workers are responsible for an alarming trend: Medical ID theft.

Here’s a lesson about passwords after the theft of 16,000+ UCLA patient records.

“We’ve seen Israeli and Palestinian cyber-vigilantes launch DDoS attacks against each other’s web sites,” he explained.

“What happens when radical organizations discover they can launch a DDoS attack against their enemies?” he asked. “We should not be surprised to see the Internet become a battleground in America’s culture wars.”

Stan Stahl on Bloomberg

Key questions for organizations

Dr. Stahl recommends that all organizations answer four key questions:

  1. Are we gathering the information we need to understand our cyber threat and the quality of our cyber defenses?
  2. Are we effectively analyzing this information, using it to better secure our information?
  3. Are we sharing it with the necessary parties?
  4. In particular, is management getting the information they need to proactively manage information risk?

“One highly critical defensive measure, for example, is to rigorously keep software patched,” he added. One of the easiest ways for a cyber criminal to take control of a computer is to exploit a vulnerability in unpatched software.”

Dr. Stahl’s firm, Citadel Information Group, is regularly asked to help businesses.

“Patching needs to be on the weekly must-do list of every IT department and IT vendor,” he explained. “Yet, when we assess the patch levels of organizations, we are not surprised to often see more than 100 unpatched vulnerabilities on desktops.”

Questions for IT departments

To information technology departments, he poses these five questions:

  1. Does IT gather vulnerability information?
  2. Do they analyze it, taking appropriate action to keep vulnerabilities to a minimum?
  3. Is it shared with senior management?
  4. Does senior management know that IT must patch vulnerabilities to comply with laws like HIPAA HITECH or contractual obligations like the payment card industry’s data security standard?
  5. Does senior management regularly monitor “weekly vulnerability trends?”

“Human nature being what it is, cyber crime and hacktivism will likely get worse before things get better,” he concluded. “While we can hope to avoid cybergeddon, we also have to remember that hope is not a strategy.”

Amen. You can keep yourself updated by subscribing to Dr. Stahl’s Weekend Patch and Vulnerability Report.

From the Coach’s Corner, here are more Internet security resource links:

Don’t Wait for Cyber Security Legislation that Affects Your Business — Not likely to pass, a data-breach bill has been re-introduced in the U.S. Senate that would regulate how businesses behave – informing customers when their personal information has been stolen. Passage or not, businesses should act on their own. It’s the right thing to do.

5 Safety Measures to Thwart Mounting Social-Network Attacks — Sally, the accounting manager of a medium-sized business, regularly checked her Facebook account while at work. One day she received an e-mail. The e-mail said that a long-lost friend, Bob, had added her as a friend in Facebook. By clicking on the e-mail link, Sally cost her employer nearly $1 million.

Security Precautions to Take Following Citibank’s Second Reported Online Breach — Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps. The bank’s May 2011 security breach wasn’t reported until weeks later. Originally, Citibank said 200,000 accounts were affected.

“Security is, I would say, our top priority because for all the exciting things you will be able to do with computers…organizing your lives, staying in touch with people, being creative…if we don’t solve these security problems, then people will hold back. Businesses will be afraid to put their critical information on it because it will be exposed.”

-Bill Gates

 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Most Small Businesses Make You Vulnerable to Credit Card Fraud, ID Theft



A whopping 79 percent of companies in the U.S. and U.K. experienced Web-borne attacks. These incidents continue to represent a significant threat to corporate brands.

Results from a Web security study in 2013 show that almost all of the Web security administrators agreed that Web browsing is a serious malware risk to their companies.

Despite the obvious awareness of the risks, only 56 percent of participants said they had implemented Web security protection and more than half of companies without Web security had Web sites compromised.

ID-100162777 stockimagesAnother study discloses a disturbing trend – nearly four out of five small companies are storing unsecured data about their customers.

That’s an indictment of such businesses, and is alarming news for consumers about their vulnerability to credit card fraud and identity theft.

The 2011 study was conducted by the National Cyber Security Alliance (NCSA).

“How can this be,” you ask?

Nationally known security expert Stan Stahl, Ph.D., of Citadel Information Group in Los Angeles, knows why.

“Citadel works with small business leaders every day and – based on our experience – the reason small businesses don’t take cybercrime seriously is that they see it primarily as something their IT people are managing, not yet realizing the critical importance of their own leadership,” says Dr. Stahl.

“This includes establishing clear policies and standards for information use, explicitly assigning cyber security management responsibility to a member of the senior management team, providing cyber security awareness training and education to all information users, and ensuring that IT personnel are effectively managing the security of the IT infrastructure,” he adds.

The alarming results in the study first came to my attention after reading Small Businesses Don’t Take Cybersecurity Seriously, which was mentioned in Dr. Stahl’s security blog.

Hopefully, your business is not one of the businesses cited in the study. Cybercrime has become a global nightmare. My question for companies about Cyber Security: Is Your Business Prepared with Precautions and Response Philosophy? 

For NCSA’s tips for small business security, read this post. 

“Seventy-nine percent of businesses are storing consumer information when they don’t need it. It’s not protected. It’s not secure,” Verizon spokesperson Andrea Woroch was quoted in a published report.

For consumers, Verizon offers these tips:

Watch the people swiping your credit or debit card.

“You don’t want to blame or suspect everyone’s trying to steal your information, but there are people who will and are trying to copy your credit card information with extra swipes,” says Ms. Woroch.

Take extra care when you buy on the Internet.

“Don’t mark that little check box that says ‘to store for future purchases.’ you don’t want that organization, that business, that Internet website to hold any of that information,” explains Ms. Woroch.

Consider alternatives to using your credit card, such as gift cards.

Carefully study your billing statements.

“Lots of consumers overlook little charges that are being made on their statement and that’s how people are continually able to trick them and deceive them and steal them and take extra money out of their accounts,” adds Ms. Woroch.

Resource link: Dr. Stahl’s Web site.

From the Coach’s Corner, here are additional cybersecurity tips:

Secure Your Android from Viruses and Malware with 5 Tips — Hopefully, you haven’t had the nightmarish inconvenience on your Android from viruses and malware, which have plagued many users. Countless headlines detail the cyber dangers associated with Android-based devices. Don’t for a second assume you’d be safer with an iPhone.

Security Precautions to Take Following Citibank’s Second Reported Online Breach — Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps. The bank’s security breach wasn’t reported until weeks later. Originally, Citibank said 200,000 accounts were affected.

BYOD, Mobile-Banking Warnings about Security Prove Prophetic — Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

Tips to Prevent Hacking of Your Bluetooth — Bluetooth technology, of course, allows you freedom when talking on your cell phone. But you’ll lose other freedoms if you don’t prevent scammers from exploiting your system via a trend called “bluebugging.” Beware, cybercriminals using software, are able to intercept your Bluetooth signal to hack into your phone.

Surprise — Cyber Criminals Chew up Apple Products, too — For years in terms of security, Windows has been considered inferior to Macs. But no longer thanks to malware security epidemics.If you’ve got an iPhone, get busy. Apple continues to have bugs and security issues. Apple was forced to release an update just a few days after the rollout of its iOS 8 in late Sept. 2014 (Apple issues iOS 8.0.1 for bug fixes, knocks out cell service and Touch ID for some).

“Being good is good business.”

-Anita Roddick


__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.





Photo courtesy of stockimages at www.freedigitalphotos.net

Why Many Healthcare Workers Cause Medical ID Theft



Medical identity theft is skyrocketing. It’s the fast-growing trend in ID thievery.

Health-care providers apparently can’t trust their employees to use best practices in observing The Health Insurance Portability and Accountability Act (HIPAA), which has been in effect since 1996.

You hear the acronym a lot in healthcare.

However, at issue is whether health-care workers keep their mobile devices secure, according to the 2013 HIMSS Security Survey.

ID-10087486Security breaches often occur at nurses’ stations and behind reception desks because of snooping my employees with financial and medical identity theft not far behind.

Hospitals are securing their devices. But most employee devices aren’t secure, and 88 percent of respondents in a Benchmark Study on Patient Privacy and Data Security say employees are allowed to use their private mobile devices to access patient records.

The growing trend of allowing employees to BYOD — bring their own devices — isn’t healthy. It’s bad for the medical profession as well as for other sectors.

More than half — 53 percent — of surveyed global businesses admit they’re not ready to defend against attacks on their employees’ personal devices.

Nearly all say their devices might have been attacked, according to a 2014 study (see Do BYOD Headaches Outweigh Benefits? Yes.)

Employees ostensibly assume their iPhone and Android devices are secure, but they’re not. (See: Surprise — Cyber Criminals Chew up Apple Products, too and Who Profits from Android’s Security Issues? Not Users.)

The problem of medical identity theft has been growing for years.

Data shows it adversely impacted 1.42 million Americans in 2010. That’s according to a 2011 study by PricewaterhouseCoopers (PwC) that shows medical ID theft aggregately cost more than $28 billion.

“The root cause of the fraudulent use of someone else’s medical identification is that protected medical information is widely dispersed in multiple information systems where it all too often is inadequately secured,” says nationally known security expert, Stan Stahl, Ph.D.

He’s president of Citadel Information Group, Inc. in Los Angeles, and he authoritatively writes about security issues on his blog.

MedPage Today sheds a bright light on the issue in this article: Medical Identity Theft a Growing Problem.

It reported the three most-common identity breaches:

1. Employees who act unprofessionally – improper use of patients’ data in doctors’ offices, hospitals, insurance company and life sciences companies. They’ve even been caught posting comments about patients on Facebook.

2. Almost 40 percent of hospitals and physicians report they have caught patients using another person’s identity when they seek treatment.

3. Twenty-five percent of insurance companies acknowledge the improper transfer of information in patients’ health files. Unauthorized persons viewed such files.

“Every organization that collects or stores personally identifiable medical information – hospitals, doctors, clinics, pharmacies, billing offices, insurance companies, even employers – has a legal and ethical obligation to properly secure that information,” asserts Dr.Stahl.

In public reports, theft was responsible for 66 percent of medical ID breaches in the recent years. The thefts include notebook computers, smartphones, using another person’s personal information for fraudulent claims, and people using others’ names.

Security breaches often occur at nurses’ stations and behind reception desks because of snooping my employees with financial and medical identity theft not far behind.

More shocking news

Authors of the PwC study indicated most healthcare organizations aren’t equipped to prevent medical ID theft – despite the growing use of information technology in the medical profession.

“Most breaches are not the result of [information technology] IT hackers, but rather reflect the increase in the risks of the knowledgeable insider related to identity theft and simple human error – loss of a computer or device, lack of knowledge or unintended unauthorized disclosure,” said James Koenig, director of the Health Information Privacy and Security Practice at PwC in a press statement.

More than 50 percent of the study’s respondents who work for healthcare organizations said they have known of at least one privacy breach since 2009.

“Doctors need to take measures to assure their patients are who they say they are,” recommends Dr. Stahl. “That can include checking referrals.”

What can patients do?

“Patients need to treat their medical information with the same care that they treat their financial information, including periodically checking with their insurance company to identify fraudulent activity,” advises Dr. Stahl.

The PwC study indicated that most healthcare organizations admit they haven’t even begun to adequately deal with privacy and security issues in this digital-information age.

Obviously, as a business-performance consultant, here’s my sense:

1. The medical profession should emphasize and implement stronger security precautions.

2. All medical employees should undergo privacy-confidentiality sensitivity training.

After all, shouldn’t healthy precautions be part of medical care?

From the Coach’s Corner, you might consider these security-resource links:

How to Enhance Security in Your Company’s Wireless Network — Do you take it for granted that your wireless network is secure? Don’t make that assumption. Wireless routers present dangers. Your router is vulnerable to hackers and, hence, security issues. If you’re really serious about security, WIFI might not be for you. A wired network might be more desirable.

BYOD, Mobile-Banking Warnings about Security Prove Prophetic — Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

Security Precautions to Take Following Citibank’s Second Reported Online Breach — Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps. The bank’s May 2011 security breach wasn’t reported until weeks later.

11 Travel Tips – Save Money, Prevent against Cyber Theft, Fraud — The most vulnerable travelers are businesspeople. That’s because they have to use Internet and e-mail. They’re in danger expressly from vulnerabilities, such as from wirelessly accessible passports to using WIFI.

“If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees.”

-Kahlil Gibran


 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.





Photo courtesy by imagerymajestic at www.freedigitalphotos.net

11 Travel Tips – Save Money, Prevent against Cyber Theft, Fraud



The most vulnerable travelers are businesspeople. That’s because they have to use Internet and e-mail.

They’re in danger expressly from vulnerabilities, such as from wirelessly accessible passports to using WIFI.

To save you from aggravation and money losses, here are 11 quick tips:

1. There are no free meals.

The adage is applicable to offerings that appear too good to be true. If you get a unique travel offer, do your due diligence.

Scan Internet news pages for scams. It wouldn’t hurt to check the site of the airline trade organization, International Air Transport Association, www.iata.org.

2. Watch for offers from fakes.

Cybercriminals are prevalent in the travel industry, and are publishing sites that look like the real, well-known companies.

3. Don’t use social media to chat about your travel plans.

Don’t alert criminals. Your home-front and business will be vulnerable.

4. Cautions about debit and credit cards.

Unlike debit cards, credit cards protect against fraud and theft. Better yet, before you travel obtain a no-foreign transaction fee card, be sure to alert your credit card company about your trip.

Just in case you might need help on your trip, get the credit-card issuers’ number that you can telephone collect when you’re overseas. Actually, before you travel, click here to see six must-do financial precautions.

5. Guard against currency conversion surprises.

Don’t sign any checks or receipts that aren’t shown in the local currency. Overseas merchants sometimes try to manipulate travelers – they provide their prices in U.S. currency, not their local currency.

6. Be prepared to utilize your passport when making a purchase.

Reputable foreign merchants don’t trust your credit card unless you have acceptable identification. That’s because U.S. credit cards have the old-fashioned magnetic stripe on the back. European credit cards use the chip-and-pin system, which is a modern fraud-security system.

7. Use your own computer.

For data security and privacy, never use public computers. When traveling overseas, you must take four steps to defend against hackers.

 8. Forget WIFI.

Don’t use WIFI. It’s not just a matter of cybercriminals viewing your computers. They’re establishing fake access points, which can give them an entrée to your important files and data.

If you have to use a computer, hook your computer to your smartphone’s service or try MIFI.

9. Protect your e-passport.

They have RFID chips containing your personal information. Cybercriminals can view your information even though you can’t see them. So use an RFID blocking passport.

10. Bluetooth has vulnerabilities.

So turn it off. ”

Wherever you are, cybercriminals use software to intercept your Bluetooth signal to hack into your phone (see these Tips to Prevent Hacking of Your Bluetooth).

11. Think twice about using in-flight mobile phone and SMS services.

They’re just as risky as a WIFI hotspot.

Use these tips to help insure you enjoy your trip and to transact some good business.

Finally, see GlobalEdge,  a site with helpful research information at http://globaledge.msu.edu/.

From the Coach’s Corner, related travel tips:

Travel — How to Avoid Foreign Currency-Exchange Fees — When traveling abroad for vacation or business, foreign currency-exchange fees can get costly for thrifty-minded people. There are steps you can take to avoid extra fees in exchanging currency. The pitfalls to avoid range from using airport exchange tables to using credit cards that surcharge the purchase of products and services.

Take Your Business Globally with These 12 Tips — If you want to export your products to the international marketplace, keep in mind and implement 12 steps. They include: 1. Begin on a small scale in an English-speaking country. Unless you speak other languages fluently, begin in a nation where English is spoken. Identify the country where your product will be in demand.

 If you don’t know where you are going, any road will lead you there.

 

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.





Photo courtesy of Ambro at www.freedigitalphotos.net

Information Security: How to Make the Right Choices



More than ever, businesses, government agencies and consumers are learning costly lessons about due diligence in privacy and data security.

In recent years, more than 100 million Americans have been victimized, according to the Privacy Rights Clearinghouse, a consumer rights organization.

The epidemic is caused by hacking, theft, and unscrupulous employees.

ID-100291074 Stuart MilesIndeed, five years of research by Carnegie-Mellon University’s CERT Coordination Center, and the U.S. Secret Service shows employees and former employees are responsible for much of the information technology sabotage.

Some 80 percent of incidents were caused by workers already known by managers to be discontented.

The individual costs have ranged from $500 to millions of dollars.

In other words, we’re in a state of crisis and it’s time for an update on solutions from a trusted source I’ve quoted in years past, Dr. Stan Stahl, Ph.D., a nationally known security expert.

He has three major concerns in security trends:

The first of which is organized crime, which he calls cyberscum. “Credit cards with pin numbers go for $100 on the black market,” said Dr. Stahl. “With such cyberscum, you have people who spend their days looking for vulnerabilities in software and they build botnets. The Secret Service uncovered one of the botnets that invaded and controlled 150,000 computers.

“Secondly, it used to be that the perimeter was well-defined because it was basically the corporate network,” he explained. “But now Blackberries, smart phones, and remote workers and all of that, the perimeter is no longer well-defined.”

His third concern? “It used to be you just needed anti-virus software, firewalls and passwords, but hackers are attacking anti-virus security so you really need to step back to take a big-picture look of protection to develop a secure program in your technology and culture,” he added.

Although convenient, confidential offsite storage is not guaranteed. Dr. Stahl recommends verifying the security of Web sites. “That’s one of the places the bad guys are looking.”

Small Business Security Checklist

His checklist advice for micro businesses:

  1. Know what information you have that needs to be protected.
  2. Understand the risks that your information is under.
  3. Structure your networking to provide what’s called defense-in-depth. That’s a tiered architecture with network segmentation.
  4. Watch the network.
  5. Train your people.
  6. Perform personnel background and physical security checks.
  7. Manage the security of your third party vendors.

For success in reaching objectives in information-security control in financial institutions, other large companies and public agencies, Dr. Stahl believes a security program is necessary for seven critical success factors:

  1. Executive management responsibility: Senior management has responsibility for the firm’s information security program, and this program is managed in accordance with the enterprise’s information security policies.
  2. Information security policies: The enterprise has documented its management approach to security in a way that complies with its responsibilities and duties to protect information.
  3. User awareness training and education: Information users receive regular training and education in the enterprise’s information security policies and their personal responsibilities for protecting information.
  4. Computer and network security: IT staff and IT vendors are securely managing the technology infrastructure in a defined and documented manner that adheres to effective industry information security practices.
  5. Physical and personnel security: The enterprise has appropriate physical access controls, guards, and surveillance systems to protect the work environment, server rooms, phone closets, and other areas containing sensitive information assets. Background investigations and other personnel management controls are in place.
  6. Third-party information security assurance: The enterprise shares sensitive information with third parties only when it is assured that the third-party appropriately protects that information.
  7. Periodic independent assessment: The enterprise has an independent assessment or review of its information security program, covering both technology and management, at least annually.

His list of credentials is voluminous, and he has a client portfolio ranging from small to large clients in the public and private sectors. He’s also president of the Los Angeles chapter of the Information Systems Security Association (ISSA). Nationwide, ISSA has 15,000 members.

His firm’s Web site and security blog: www.citadel-information.com. You can keep yourself updated by subscribing to Dr. Stahl’s Weekend Patch and Vulnerability Report.

For consumers, he recommends reconciling credit card and bank statements every month. For online security, he also likes the following software: SpySweeper, ZoneAlarm and Sandboxie for special protection for provocative sites like gambling. “Some are becoming more proactive, but they’re just now beginning to emerge and I haven’t had a chance to test them,” he said.

To check your credit report for fraud, here are the bureau telephone numbers:

Equifax – (888) 766-008

Experian – (888) 397-3742

TransUnion – (800) 680-7289

From the Coach’s Corner, here are more of Dr. Stahl’s insights:

Don’t Wait for Cyber Security Legislation that Affects Your Business — Not likely to pass, a data-breach bill has been re-introduced in the U.S. Senate that would regulate how businesses behave – informing customers when their personal information has been stolen. Passage or not, businesses should act on their own. It’s the right thing to do.

5 Safety Measures to Thwart Mounting Social-Network Attacks — Sally, the accounting manager of a medium-sized business, regularly checked her Facebook account while at work. One day she received an e-mail. The e-mail said that a long-lost friend, Bob, had added her as a friend in Facebook. “How great.” thought Sally. “An email from Bob. Let me just follow this link and we can be friends again.” You’ll never guess what happened afterward.

Security Precautions to Take Following Citibank’s Second Reported Online Breach — Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps. The bank’s May 2011 security breach wasn’t reported until weeks later. Originally, Citibank said 200,000 accounts were affected.

“You can’t hold firewalls and intrusion detection systems accountable. You can only hold people accountable.”

– Daryl White

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Photo courtesy of Stuart Miles at www.freedigitalphotos.net

Seattle business consultant Terry Corbell provides high-performance management services and strategies.