4 Strategies for CEOs to Win Their Cyber Security Tug of War



The cyber security tug of war is never ending even though chief executive officers and board members now get the importance of protecting their companies’ information assets. They’ve learned to fear cyber-security threats because they could lose their jobs.

If this is all true, why then are there incessant, worldwide cyber attacks? Business Web sites are facing an increasingly intense full-court press from cybercriminals – cybercrime now costs businesses $1 trillion.

thinking-272677_1280Ostensibly, executives still don’t understand all the nuances and methods used against their companies’ assets. And yet there are plenty of ways to understand the risks.

Companies face cyber-security issues in countless ways — from customer service and finance to human resources.

Often, companies and their employees self destruct. For instance, an epidemic of social-networking attacks represents unprecedented dangers to companies. In just one case, a Facebook user cost her company a $1 million loss.

The uninsured million-dollar loss wouldn’t have occurred if the company incorporated the right safety measures.

While it’s important to secure business assets but CEOs still can’t calculate their returns on security investments.

You’ve heard of the old saying: “Garbage in, garbage out,” right? Human conduct – intentional or otherwise — is the reason for most security risks. But for many people, old habits are hard to break.

CEO leadership is vital

President Harry Truman was famous for saying, “The buck stops here.” That’s true for CEOs in cyber security. The CEO has to see to it that their companies manage the risks and that they stay in close communication with their information technology managers.

While it’s important to secure business assets but CEOs still can’t calculate their returns on security investments.

But it’s a difficult task because CEOs don’t have reasons to respect their chief information officers. Indeed, CEOs have long complained to me about information technology.

They complain about high-priced consultants, and that IT projects are too expensive and fail to yield a return on investment.

And two studies underscore the need for IT professionals to become more businesslike.

So, CEOs must act.

To guard against cyber risks, here are four must-do strategies:

  1. CEOs must communicate proactively in cyber-risk management. Communication with IT professionals must improve – dramatically. Analysis should include priorities, the potential dangers to information assets and the tradeoffs.
  1. CEOs must direct security initiatives at every level and opportunity. This includes being transparent with customers and potential customers in the marketplace before and after any cyber attack.
  1. CEOs must be role models in security. They must walk the talk in cyber security matters. Only then will they be effective in motivating staff to use security measures.
  1. CEOs must make sure all employees and vendors employ security controls and diligent follow policies. It should be an ongoing process to monitor security issues to insure progress.

Short of implementing these four strategies, companies will not be able to innovate and prosper.

From the Coach’s Corner, here‘s more:

Do BYOD Headaches Outweigh Benefits? Yes — More than half — 53 percent — of surveyed global businesses admit they’re not ready to defend against attacks on their employees’ bring their own device (BYOD) devices. Nearly all say their devices might have been attacked, according to a 2014 study.

4 Recommendations to Avoid Spending Too Much on IT — To take advantage of big cost savings in information technology, a study says businesses need to change their buying habits. Here’s how.

4 Keys So Marketing and IT Can Create Business Revenue — Businesses will generate more revenue if their information technology and marketing professionals strategize more effectively. For instance, success in e-commerce is increasingly challenging for companies that want to dominate in brand preference, customer loyalty and word-of-mouth advertising.

 How to Enhance Security in Your Company’s Wireless Network — Do you take it for granted that your wireless network is secure? Don’t make that assumption. Wireless routers present dangers. Your router is vulnerable to hackers and, hence, security issues. If you’re really serious about security, WIFI might not be for you.

“Unless and until our society recognizes cyber bullying for what it is, the suffering of thousands of silent victims will continue.”

-Anna Maria Chavez

 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Secure Your Android from Viruses and Malware with 5 Tips



Hopefully, you haven’t had the nightmarish inconvenience on your Android from viruses and malware, which have plagued many users.

Countless headlines detail the cyber dangers associated with Android-based devices. However, don’t for a second assume you’d be safer with an iPhone. Cyber criminals chew up Apple products, too.

It’s vital to avoid the applications that hurt your Android’s software with exposure to viruses and malware.

woman smartphoneHere are five tips:

1. Do your research before installing apps

Just because you see several promotional messages for an app doesn’t mean it’s a good idea. Advertising scams are skyrocketing.

Four example, advertising scams that prey on Internet consumers have prompted four Internet companies to band together to fight the abuse.

The scams use harmless-looking ads to trick consumers into using phony tech support that actually enable cybercriminals to invade the unsuspecting owners’ devices.

So avoid advertising scams that trick you into asking for tech support.

Meantime, if you’re uncertain of the source for any of the apps, remember the phrase: “When in doubt, don’t.”

2. Install only from Google Play

Avoid the myriad of online download locations. Avoid the temptation to install free apps. For the safest downloads, use Google Play.

3. Prevent installation with the lock system

Uncheck “install from unknown sources.” Your Android should have access to Google Play. It should also have a locking mechanism that prevent apps from downloading on your phone.

In your settings, enable “verify apps from unknown sources.”

4. Read the fine print

You must check out the permissions. Even if you download from Google Play, the app will proclaim permissions. That means permissions to your phones other options.

Such accessibility is important for certain apps, but be sure to read the reasons for the access.

5. Install an anti-virus software

Downloading apps from Google Play isn’t a 100 percent guarantee of safety, despite Google’s precautions. So to be sure, install a reputable anti-virus software.

From the Coach’s Corner, here are more mobile security tips:

Security Steps for Your Mobile Device in Online Banking, Purchases — Almost 90 percent of Americans use a cell phone and more than 50 percent have smartphones, according to published reports. They also indicate 28 percent of smartphone owners use their devices for online banking.

Tips to Prevent Hacking of Your Bluetooth — Bluetooth technology, of course, allows you freedom when talking on your cell phone. But you’ll lose other freedoms if you don’t prevent scammers from exploiting your system via a trend called “bluebugging.” Beware, cybercriminals using software, are able to intercept your Bluetooth signal to hack into your phone.

8 Tips to Avoid Being Victimized by Phishing Scams — Despite all the publicity about phishing scams, even employees at a major health provider and university system are guilty of risking personal data, including medical information and Social Security numbers, for thousands of people.

BYOD, Mobile-Banking Warnings about Security Prove Prophetic — Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

Do BYOD Headaches Outweigh Benefits? Yes — More than half — 53 percent — of surveyed global businesses admit they’re not ready to defend against attacks on their employees’ bring their own device (BYOD) devices. Nearly all say their devices might have been attacked, according to a 2014 study.

We’ve gotten to that perfect crossing point where all of the things which have prevented criminals from leaping into the wireless space have been eroded.

-Gareth Maclachlan 

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

8 Tips to Avoid Being Victimized by Phishing Scams



Despite all the publicity about phishing scams, even employees at a major health provider and university system are guilty of risking personal data, including medical information and Social Security numbers, for thousands of people.

The Franciscan Health System notified more than 12,000 patients nationwide in March 2014 their personal information may have been shared with computer scammers who accessed staff email accounts. About 8,000 are in the Pacific Northwest.

Similarly, the University of Washington found it necessary to warn its employees.  

The University of Washington has been a target of some high-profile ‘phishing’ attacks recently, and the Office of the UW Chief Information Security Officer is offering some tips to protect personal, financial and institutional information stored on personal computers,” wrote Bob Roseth at www.washington.edu/news in February 2013.

“Phishing is a form of email or Internet fraud in which cybercriminals entice victims to provide personal information, including login credentials, that can be used to gain access to UW or personal systems, bank accounts and other financial assets, as well as other sensitive information,” he explained.

“Phishing messages often include distressing or enticing statements to provoke an immediate reaction, or they may threaten consequences if you fail to respond,” Mr. Roseth added.

Just as it appeared that phishing has been a heavily publicized topic, the university’s warning serves as a reminder not to be complacent.

We can never assume that everyone is cognizant of dangers posed by cybercriminals.

Franciscan and the UW joined a long list of victimized organizations.

To avoid being victimized, here are eight tips:

1. Take great care in sending e-mails.

You shouldn’t ever e-mail passwords or other sensitive information. If you’re forwarding an important e-mail with a password-protected attachment, make sure it’s challenging for anyone to open it.

2. Be strategic if you’re asked to set up security questions and answers.

Many questions are easy to answer for cybercriminals if they know anything about you, especially if you are active on social media. People put all kinds of information on their Facebook page.

So don’t answer with information that can easily be found by cybercriminals– in other words, don’t answer the questions directly. In other words, if a question is “What was the name of your high school?” answer with the name of your most disliked subject or most-inspirational teacher.

3. Be skeptical when a cybercriminal tries to get your attention.

Mr. Roseth was right when he wrote that authors of phishing methods know how to use fear to get your attention. They also use other methods.

4. Take extra precautions when an e-mail that appears to be a legitimate Web site asks for information.

Savvy organizations don’t send such requests for your information. Many illegitimate Web sites are copycats. Look closely at the URLs and check for slight variations in the spelling.

Better still, I always ignore such requests. Instead, I enter the site’s address in the URL and go to the Web site in-question, just to be sure.

5. When you receive e-mails asking for information or for you to click on a link, first consider the circumstance.

If you don’t recognize the e-mail address, even if it’s supposedly from an acquaintance or your bank, don’t open it. Certainly, don’t click on such links or open attachments.

As this article was being written, I received this cybercrime e-mail:

From: JP Morgan Chase Bank [webexxxoffice42@att.net]

Please open the attachment for more information Mr. James Dimon CEO JP Morgan Chase Bank Fax:1-847-496-8147

Note: the discrepancy between the the alleged bank and e-mail address — a bonafide bank would not have an ATT.net email address.

6. Guard against scams from overseas.

Usually, such scams have grammatical and spelling errors. They’re often been translated poorly into English. They also include weird-looking phrasing or out-of-character letters in e-mails to get past spam filters.

7. As Mr. Roseth stated, phishing scams try to get your attention with urgent statements for you to take action.

Ignore them. They also pretend to send you important personalized information, but they mistakenly reveal that the same e-mail is being sent to others. Often, they don’t address you by name.

Or, they hack Twitter or Facebook and pretend to send you e-mails from your acquaintances. So check the context of such e-mails – they don’t use the same verbiage as your friends.

8. Take precautions with your smartphones, mobile applications and social media.

Watch out for illegitimate apps that want to access your device in order to steal your personal or sensitive information.

Note: Android has had countless security issues. Identity fraud has escalated in smartphones and social media. Once considered perfectly safe, even Macs have had security issues, too.

From the Coach’s Corner, if you want information on other security subjects, chances are you’ll find what you want in this portal’s Tech section. Remember, if you read e-mails carefully and take great care, you’ll minimize any threats.

Be careful about reading the fine print…there’s no way you’re going to like it.

 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Surprise — Cyber Criminals Chew up Apple Products, too



For years in terms of security, Windows has been considered inferior to Macs. But no longer thanks to malware security epidemics.

If you’ve got an iPhone, get busy. Apple continues to have bugs and security issues.

Apple was forced to release an update just a few days after the rollout of its iOS 8 in late Sept. 2014 (Apple issues iOS 8.0.1 for bug fixes, knocks out cell service and Touch ID for some).

ID-10024302 Salvatore VuonoBut just after going live – within 90 minutes – Apple canceled the update that was suppose to fix the software glitches because it had numerous problems.

There were hundreds of tweets by Twitter users complaining they could get any cell signals right after the update.

Apple was forced on Feb. 21, 2014 to fix a vulnerability with iOS 7.0.6 (Why Apple’s Recent Security Flaw Is So Scary – Gizmodo).

Apple was under increasing pressure starting in 2012 to take preventative security measures by cyber experts in the wake of 600,000 malware-infected Macs.

“Myths die hard,” writes nationally known security guru Stan Stahl, Ph.D. “Users can no longer naively claim that they don’t need to be concerned with security because they use a Macintosh.”

Cybercriminals don’t discriminate

He believes cybercriminals see no difference between Mac OS X and Windows.

“It’s cold comfort that this particular vulnerability surfaced in Java-so well known as a source of attack exploits that we recommend users disable it,” he writes.

“The lesson we need to take away from the Mac OS X story is humility in the face of software complexity,” he adds.

As one of the nation’s leading authorities, Dr. Stahl is a principal at Citadel Information Group, www.citadel-information.com, in Los Angeles.

“In the 1980s I was a staff security engineer at TRW when my manager gave me a piece of wisdom that applies to the myth of Mac security,” he writes:

“There are three kinds of knowledge,” he said. “There’s what you know that you know you know. There’s what you don’t know that you know you don’t know. And there’s what you don’t know that you don’t know that you don’t know.”

Dr. Stahl warns about the dangers of the third category of what we don’t know.

“It’s this third category that is most dangerous — what we don’t know that we don’t know we don’t know,” he writes. “This-our hidden ignorance — is what gets us into trouble. Believing the myth of Mac security-jumping to the conclusion that Macs are secure because we don’t know about their insecurities-is dangerous because the myth keeps us from taking the actions necessary to protect sensitive information on our Macs.”

More about myths

“There is the myth that IT can effectively manage cyber security; that senior management doesn’t need to get involved,” believes Dr. Stahl. “There is the myth that antivirus and anti-malware solutions provide sufficient security.

“There is the myth that ‘we have nothing of interest to a cyber criminal.’ And the most dangerous myth of all-that we can be secure if we simply do A, B and C, whatever A, B and C happen to be,” he warns. “It is these and other myths that keep us from being open to what we don’t know that we don’t know we don’t know.”

His parting shot:

“When it comes to cyber security management, myths are particularly dangerous,” he writes. “Our greatest security weakness-our greatest vulnerability-lies in the security myths we believe. That’s why the stories of more than 600,000 Macs infected by the Flashback malware is so important, for it serves as a warning about the dangers of all cyber security myths.”

From the Coach’s Corner, here are more security insights:

— Our Mobile-Banking Warnings about Security Prove Prophetic

— 5 Safety Measures to Thwart Mounting Social-Network Attacks

 Who Profits from Android’s Security Issues? Not Users.

 Lesson about Passwords after Theft of 16,000+ UCLA Patient Records

— Cyber Security: Is Your Business Prepared with Precautions and Response Philosophy?

“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”

-Richard Clarke 

 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Image courtesy of Salvatore Vuono at www.freedigitalphotos.net

Who Profits from Android’s Security Issues? Not Users



A government task force, the Internet Crime Complaint Center (IC3) has issued a dire warning about malware. In particular, it’s a threat to Android users. As a result, IC3 issued security tips for users as early as 2011.

There’s also a version of the OpFake malware for Android – it’s incorporated in the Opera Mini mobile browser, according to ZDNet.

Users don’t know anything’s wrong until they use the legitimate software.

adamr readingAndroid user beware: other security applications are fakes, too – they’re Zeus malware. Known as “Android Security Suite Premium,” they confiscate new SMS messages to the Android user.

Messages can include passwords and other sensitive data, according to Kapersky Lab Security News Service.

Countless headlines detail the cyber dangers of Android-based devices, which is why it was announced that 22 applications were taken off the market by Google. The operating system’s issues stemmed from malware infections.

So who can benefit? Certainly it isn’t Android users.

“We continue to advise readers to be very cautious in downloading Android applications,” wrote Stan Stahl, Ph.D., on his blog. “Applications should be downloaded only from ‘official’ stores and only after they have been ‘vetted’ as legit,” wrote the nationally known security expert.

Google removed the apps from its Android market after they fooled users into accepting hidden, fraudulent charges.

“Applications should be downloaded only from ‘official’ stores and only after they have been ‘vetted’ as legit.”

The biggest operating-system competitor to Google’s Android: Apple’s iOS.

Published reports indicate Microsoft is actively pursuing opportunities to capitalize on Android’s woes.

Blackberry, of course, has problems with profitability. New products have been slow to market. As Blackberry’s phones age and need to be replaced by business users, Apple’s products might become even more attractive in the corporate world.

And if the vulnerabilities aren’t resolved, both Apple and Microsoft should be in a position to profit.

From the Coach’s Corner, security resource links:

BYOD, Mobile-Banking Warnings about Security Prove Prophetic — Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

New Cybercrime Serves as Warning to Take Defensive PrecautionsCybercrime is only getting worse. From both sides of the Atlantic Ocean, here are three examples of countless crimes: Authorities including the Secret Service are investigating the hacking of retailer Target in 2013 – hackers stole credit and debit card data from 40 million customers.

Identity Fraud Escalates in Smartphones, Social Media — Skyrocketing mobile malware threats amid widespread use of BYOD, bring your own devices, will lead to a $1.88 billion services market in 2013. That’s according to ABI Research. Cybercriminals are successfully attacking vulnerabilities in individual devices and networks to an ABI report.

Tips to Prevent Hacking of Your Bluetooth — Bluetooth technology, of course, allows you freedom when talking on your cell phone. But you’ll lose other freedoms if you don’t prevent scammers from exploiting your system via a trend called “bluebugging.” Beware, cybercriminals using software, are able to intercept your Bluetooth signal to hack into your phone.

Why Many Healthcare Workers Are Alarmingly Responsible for Medical ID Theft — Medical identity theft is skyrocketing. It’s the fast-growing trend in ID thievery. Health-care providers apparently can’t trust their employees to use best practices in observing The Health Insurance Portability and Accountability Act (HIPAA), which has been in effect since 1996. You hear the acronym a lot in healthcare.

“Distrust and caution are the parents of security.”

-Benjamin Franklin

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Photo Courtesy AdamR at www.freedigitalphotos.net


Risk Management – Picking the Best Cloud Storage Provider



There’s been quite a buzz about using the cloud. Personally, I’m still not sold on using cloud services for many businesses.

There have been too many problems, and I prefer to maintain controls to alleviate uncertainty in business.

But companies such as IBM continue to tout what they call success.

IBM explains in this video:

Aside from the pride that IBM shows, one of the lessons I learned very early — when there’s a lot of hype — go slow with due diligence.

Frankly, I’m not alone.

Critical cloud study

A heavily credentialed expert performed a study and provides this surprise: Open source technology is preferable to the cloud.

But if you feel you must go the cloud route, remember choosing the right cloud storage provider is a must for risk management.

You have a vast array of options. Cost is important, of course, but so are your company’s risk-management needs – just like the federal government.

It’s took two years, but the government launched FedRamp, the federal risk and authorization program.

It established security standards for providing cloud services to the government.

FedRAMP also provides agencies with monitoring tools to insure continuous compliance with security standards. Those are important considerations.

Risk-management for your business

Here are 10 questions to ask of your prospective cloud provider:

1. If they’re a large provider, has the vendor been qualified by FedRAMP?

2. What is the company’s financial situation? Bankruptcies are prevalent. Have a frank discussion with the supplier. Find out if they expect to gain or lose business in the next year. And ask about their cash flow, and for references regarding the status of their banking relationships.

3. What would be their total charges? Is it a flat fee? What are the additional costs for storing each gigabyte or for transferring data?

4. What about the security of their services, privacy commitment and data protection, and what does their service level agreement (SLA) provide? Keep in mind commitments for performance and reliability, and what happens if they fail to perform according to the SLA.

5. What do they provide in the way of data availability each month? What will be the percentage of time you will be able to get into your data or add new data?

6. What do they provide in data transfer rates? Data storage is important, but so is your ability to rapidly transfer your data.

7. What level of data durability do they offer? That is the amount of potential data loss from data corruption.

8. Does the vendor provide data shuffle or bare metal service? This service is a hard copy backup. Will you be able to present a hard-drive data copy to the cloud or will you be able to retrieve a copy of your data?

9. What do they support in operating systems? Make certain they’re capable of working with all your operating systems.

10. What are their backup services? You’ll have problems if they simply backup your data. You’ll also want assurances that they will back up all your computer applications and operating system, and will provide virtual servers for crashed systems.

From the Coach’s Corner, here are recommended articles:

The New Face of $1 Trillion in Cybercrime on Business – Account Takeovers, Credit Card Fraud — Business Web sites are facing an increasingly intense full-court press from cybercriminals – the aggregate cost of cybercrime annually, which includes prevention strategies, has exceeded $1 trillion. 

Security Steps for Your Mobile Device in Online Banking, Purchases — Almost 90 percent of Americans use a cell phone and more than 50 percent have smartphones, according to published reports. They also indicate 28 percent of smartphone owners use their devices for online banking.

How to Enhance Security in Your Company’s Wireless Network — Do you take it for granted that your wireless network is secure? Don’t make that assumption. Wireless routers present dangers. Your router is vulnerable to hackers and, hence, security issues. If you’re really serious about security, WIFI might not be for you. A wired network might be more desirable. 

How Small Businesses Can Profit from Cyber Strategies — Yes, it’s become important for small businesses to capitalize on cyber strategies for profit. Small and even regional retailers should be cognizant of three realities: Potential customers probably think that national chains have easier-to-shop Web sites. Big retailers have lower prices.

“It’s not a faith in technology. It’s faith in people.”
Steve Jobs

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry. 

Lesson about Passwords after Theft of 16,000+ UCLA Patient Records



Unfortunately, we’ve learned another lesson about passwords at the expense of 16,288 patients who’ve been treated at UCLA’s network of hospitals and clinics.  The patients’ sensitive information are in the wrong hands following a burglary of a doctor.

The information was on the computer hard drive stolen from a doctor’s home, according to an article in the The New York Times (UCLA Health System Warns About Stolen Records). Medical records of the patients included addresses, birth dates and medical information covering July 2007 to July 2011.

The possible good news: The personal medical data was encrypted. But the alarming news: A piece of paper containing the password to the medical records was missing from the doctor’s home.

ID-10070889 imagerymajestic“Rule 1 is never write down passwords,” warns nationally known security expert Stan Stahl, Ph.D., of Citadel Information Group in Los Angeles.

“Rule 2 is – if you’re going to break Rule 1 – do it securely,” he adds.

“If you must write a password down, write it on a piece of paper the size of a credit card and keep it in your wallet with your credit cards and your driver’s license,” explains Dr. Stahl. “And just write the password: write ‘15Blah-blah-blah’ not ‘my laptop password is ‘15Blah-blah-blah’.”

You can get more of Dr. Stahl’s insights on his security blog and his Web site. (Note: Dr. Stahl is a fellow member of Consultants West, www.consultantswest.com, a roundtable of veteran consultants in the Los Angeles area.)

From the Coach’s Corner, here are additional cybersecurity tips:

Most Small Businesses Make You Vulnerable to Credit Card Fraud, ID Theft – Study — A whopping 79 percent of companies in the U.S. and U.K. experienced Web-borne attacks, according to data released in 2013. These incidents continue to represent a significant threat to corporate brands.

Don’t Wait for Cyber Security Legislation that Affects Your Business — Not likely to pass, a data-breach bill has been re-introduced in the U.S. Senate that would regulate how businesses behave – informing customers when their personal information has been stolen. Passage or not, businesses should act on their own. It’s the right thing to do. Here are four precautions to take for your business.

Security Precautions to Take Following Citibank’s Second Reported Online Breach — Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps. The bank’s May 2011 security breach wasn’t reported until weeks later.

BYOD, Mobile-Banking Warnings about Security Prove Prophetic — Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

Protect Your Bank Accounts So You Can Sleep at Night — Imagine for a moment — you’re sitting at your desk enjoying a second cup of morning coffee. Then, your phone rings. It’s a call from your bank to discuss possible fraud. Your bank is concerned about possible suspicious activity with your accounts, and wants to make sure you’re not a victim.

“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”

-Richard Clarke

 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Photo courtesy of imagerymajestic at www.freedigitalphotos.net


Why Many Healthcare Workers Cause Medical ID Theft



Medical identity theft is skyrocketing. It’s the fast-growing trend in ID thievery.

Health-care providers apparently can’t trust their employees to use best practices in observing The Health Insurance Portability and Accountability Act (HIPAA), which has been in effect since 1996.

You hear the acronym a lot in healthcare.

However, at issue is whether health-care workers keep their mobile devices secure, according to the 2013 HIMSS Security Survey.

ID-10087486Security breaches often occur at nurses’ stations and behind reception desks because of snooping my employees with financial and medical identity theft not far behind.

Hospitals are securing their devices. But most employee devices aren’t secure, and 88 percent of respondents in a Benchmark Study on Patient Privacy and Data Security say employees are allowed to use their private mobile devices to access patient records.

The growing trend of allowing employees to BYOD — bring their own devices — isn’t healthy. It’s bad for the medical profession as well as for other sectors.

More than half — 53 percent — of surveyed global businesses admit they’re not ready to defend against attacks on their employees’ personal devices.

Nearly all say their devices might have been attacked, according to a 2014 study (see Do BYOD Headaches Outweigh Benefits? Yes.)

Employees ostensibly assume their iPhone and Android devices are secure, but they’re not. (See: Surprise — Cyber Criminals Chew up Apple Products, too and Who Profits from Android’s Security Issues? Not Users.)

The problem of medical identity theft has been growing for years.

Data shows it adversely impacted 1.42 million Americans in 2010. That’s according to a 2011 study by PricewaterhouseCoopers (PwC) that shows medical ID theft aggregately cost more than $28 billion.

“The root cause of the fraudulent use of someone else’s medical identification is that protected medical information is widely dispersed in multiple information systems where it all too often is inadequately secured,” says nationally known security expert, Stan Stahl, Ph.D.

He’s president of Citadel Information Group, Inc. in Los Angeles, and he authoritatively writes about security issues on his blog.

MedPage Today sheds a bright light on the issue in this article: Medical Identity Theft a Growing Problem.

It reported the three most-common identity breaches:

1. Employees who act unprofessionally – improper use of patients’ data in doctors’ offices, hospitals, insurance company and life sciences companies. They’ve even been caught posting comments about patients on Facebook.

2. Almost 40 percent of hospitals and physicians report they have caught patients using another person’s identity when they seek treatment.

3. Twenty-five percent of insurance companies acknowledge the improper transfer of information in patients’ health files. Unauthorized persons viewed such files.

“Every organization that collects or stores personally identifiable medical information – hospitals, doctors, clinics, pharmacies, billing offices, insurance companies, even employers – has a legal and ethical obligation to properly secure that information,” asserts Dr.Stahl.

In public reports, theft was responsible for 66 percent of medical ID breaches in the recent years. The thefts include notebook computers, smartphones, using another person’s personal information for fraudulent claims, and people using others’ names.

Security breaches often occur at nurses’ stations and behind reception desks because of snooping my employees with financial and medical identity theft not far behind.

More shocking news

Authors of the PwC study indicated most healthcare organizations aren’t equipped to prevent medical ID theft – despite the growing use of information technology in the medical profession.

“Most breaches are not the result of [information technology] IT hackers, but rather reflect the increase in the risks of the knowledgeable insider related to identity theft and simple human error – loss of a computer or device, lack of knowledge or unintended unauthorized disclosure,” said James Koenig, director of the Health Information Privacy and Security Practice at PwC in a press statement.

More than 50 percent of the study’s respondents who work for healthcare organizations said they have known of at least one privacy breach since 2009.

“Doctors need to take measures to assure their patients are who they say they are,” recommends Dr. Stahl. “That can include checking referrals.”

What can patients do?

“Patients need to treat their medical information with the same care that they treat their financial information, including periodically checking with their insurance company to identify fraudulent activity,” advises Dr. Stahl.

The PwC study indicated that most healthcare organizations admit they haven’t even begun to adequately deal with privacy and security issues in this digital-information age.

Obviously, as a business-performance consultant, here’s my sense:

1. The medical profession should emphasize and implement stronger security precautions.

2. All medical employees should undergo privacy-confidentiality sensitivity training.

After all, shouldn’t healthy precautions be part of medical care?

From the Coach’s Corner, you might consider these security-resource links:

How to Enhance Security in Your Company’s Wireless Network — Do you take it for granted that your wireless network is secure? Don’t make that assumption. Wireless routers present dangers. Your router is vulnerable to hackers and, hence, security issues. If you’re really serious about security, WIFI might not be for you. A wired network might be more desirable.

BYOD, Mobile-Banking Warnings about Security Prove Prophetic — Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

Security Precautions to Take Following Citibank’s Second Reported Online Breach — Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps. The bank’s May 2011 security breach wasn’t reported until weeks later.

11 Travel Tips – Save Money, Prevent against Cyber Theft, Fraud — The most vulnerable travelers are businesspeople. That’s because they have to use Internet and e-mail. They’re in danger expressly from vulnerabilities, such as from wirelessly accessible passports to using WIFI.

“If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees.”

-Kahlil Gibran

 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Photo courtesy by imagerymajestic at www.freedigitalphotos.net

Internet Security Is Still an Issue, but 2010 Was a Year of Historic Malware Levels



You might be getting spam and malware these days, but fortunately it isn’t nearly as bad as it was from 2009 to 2010. On “Patch Tuesday” in August of 2010, Microsoft issued an alarmingly massive security update.

Meanwhile McAfee was publicizing its second-quarter date. It showed malware permeating the Internet on a mega scale in 2010, according to Website Magazine.

The magazine reported McAfee isolated six million malware cases in Q2 – that’s 10 million for the first half of 2010, alone.

ID-10074457 chanpipatMicrosoft’s security update included 14 security bulletins. Eight were designated as “critical” and six were deemed “important.”

In all, there were 34 vulnerabilities in Microsoft Office, Microsoft Windows, Internet Explorer, Silverlight, Microsoft XML Core Services and Server Message Block.

“The most frequently used malware included threats on portable storage devices, fake anti-virus software, software specifically targeted at social media users, AutoRun malware and password-stealing Trojans,” wrote Linc Wonham, Website Magazine’s associate editor.

“McAfee reported that approximately 55,000 new pieces of malware appeared every day around the world,” he explained.

He reported spam was down after peaking at almost 175 billion messages per day in Q3 2009.

“The most popular forms of spam in the U.S. were delivery status notifications or non-delivery receipt spam, which was also the case in Great Britain, China, Australia, Italy, Spain, Germany and Brazil.

Argentina had the world’s highest number of different spam topics with 16, according to McAfee’s report,” he explained.

The moral:

Whenever Microsoft hasn’t updated your computers, get busy. Manually download the security update.

By the way, Microsoft and Windows aren’t the only targets now. Cyber criminals chew up Apple products, too.

Identity theft has escalated in smartphones and social media. That includes Google’s security issues with its Android products. 

From the Coach’s Corner, for more tech-security information, see:

The New Face of $1 Trillion in Cybercrime on Business – Account Takeovers, Credit Card Fraud Business Web sites are facing an increasingly intense full-court press from cybercriminals – the aggregate cost of cybercrime annually, which includes prevention strategies, has exceeded $1 trillion.

Most Small Businesses Make You Vulnerable to Credit Card Fraud, ID Theft — A whopping 79 percent of companies in the U.S. and U.K. experienced Web-borne attacks in 2012, according to data released in 2013. These incidents continue to represent a significant threat to corporate brands.

What Your Company Can Do to Combat the Malware Epidemic — The nation’s leading Internet security expert, Stan Stahl, Ph.D. agrees with McAfee that an epidemic of malware has been unleashed on the Web, and he provides solutions.

“Everything yields to diligence.”
-Antiphanes

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Photo courtesy of chanpipat at www.freedigitalphotos.net

Seattle business consultant Terry Corbell provides high-performance management services and strategies.