Bankers on the Front lines of Cyber Defense

There was once a time when the only threat to a bank’s security was when that innocent-looking man hands a note to the bank teller that makes her face go ashen. And the only security, save for video surveillance, was the armed guards and the silent alarm that the teller triggers.

2DNowadays, terms like firewalls, encryption, anti-virus and cloud providers are just as important to a bank’s security as are the armed guards, huge windows, security cameras and steel vaults. No longer is the masked robber who says “Hand over the money” a bank’s biggest threat. ATM skimming, where nobody is ever shot at, is at the top of the list.

The Three Directions of Banking Security

  • Analyzing big data and assessing potential threats
  • Banks joining forces by sharing information relevant to protection against cybercrime
  • Focusing more on fast recovery and less on prevention of crime

That last point is because breaches are always going to occur no matter how thick the security is, and there’s a lot of room to improve in terms of recovery speed. So it makes sense that this shift in attention is developing at an increasing rate.

A New Breed of Locks

Banks require many layers of protection, and this includes keycards, which allow select employees through specific doors at specific times. Just stick the card in a slot and the door opens (a common device also used in hotels).

Keycards are also used by extraneous service people. A lost card can be immediately turned off, and cheaply replaced, whereas traditional locks would cost a bundle.

Customized badges are another way that financial institutions have improved security measures, replacing keys and keycards. Employees can be “add onto” a badge, and a lost and found badge can be deactivated and activated, respectively.

Anti-Skimming Devices

Anti-skimming devices can significantly reduce this crime, when a thief puts a phony reader over an ATM device to capture a customer’s card data. The volume of skimming crimes is enormous, yet many ATMs still have no anti-skimming protection.

Cloud Storage for Data

More and more financial organizations are relying upon cloud computing, though this technology also brings with it some concerns, since the cloud involves a third-party provider—which can turn bank data over to the government without the bank’s permission.

A way around this is for the bank to encrypt data prior to placing it in a cloud, and to keep encrypting it even when at rest, and retain the encryption keys.

Biometrics

Fingerprint swiping to withdraw money is one of the latest security tactics: multispectral imaging (MSI). Who can possibly “skim” that? This is biometric technology and is already in thousands of ATMs. This “inner fingerprint” is immune to breakdown from grime, wear or moisture, making it very tamper resistant.

Look for even more progress in the multilayered security of financial institutions in the years to come—technologies that right now we can’t even comprehend.

For more information about this shifting industry, visit:

securitymagazine.com/articles/print/85356-banking-battlegrounds-cyber-and-physical-security-risks-today

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Convict heads back to Jail for Burglary

Criminals do what they do because that’s their nature. Once bad, there’s hardly a chance they can be good.

1GJeffrey L. Patton, 43, said, “I’ve been scared to death of this day right here,” in reference to being put on trial for two unrelated crimes. So Patton pleaded guilty to the two crimes he was charged with and got four years in prison.

The two crimes: Patton had burglarized a woman’s residence outside the town of Willard on March 11, 2013 while she was asleep. He was also convicted of tampering in an unrelated crime.

As for the burglary, Patton and his accomplice had been rummaging through a drawer of jewelry when the woman awakened. They fled after she yelled at them.

At first, Patton denied involvement in either crime and even said, “I never burglarized a home in my life.” Patton’s lawyer, David Longo, believes that his client was not the primary offender. Longo says that Patton insisted that the burglary wasn’t even his idea.

The way Patton and his accomplice were pursued by authorities sounds like a scene from a cops-and-robbers movie. They fled into a hotel. Authorities surrounded most of the building, including 17 sheriff’s deputies. But the burglars escaped through an emergency exit. Eventually the pair was caught.

As for the tampering situation, evidenced showed that Patton had hidden a syringe in the back seat of his sister’s car where he was a passenger. His DNA was present on the drug paraphernalia, but the defendant was angered at the prosecutor’s accusation. “I don’t tamper with evidence,” insisted Patton.

Can you imagine waking to two men in your bedroom? That could have been much worse.

Protect yourself:

  • Get a home security system. A home security system sends off a piercing alarm and a monitored system alerts the police to intruders.
  • Lock and fortify your doors and windows.
  • Consider a protection dog as another layer of security.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Healthcare Firm pays Big Bucks for Breach

A data breach can slug below the belt and knock a healthcare business flat on its back, as was the case with Columbia University and the New York and Presbyterian Hospital.

3DThey paid a $4.8 million settlement (the biggest HIPAA settlement to date) after the electronic records of 6,800 patients (including vital stats, medications and even lab results) were accidentally leaked into cyberspace.

The leak was caused when a Columbia University doctor (who developed applications for CU as well as NYP) attempted to deactivate a computer server that was personally owned; the server was on the network that contained patient data.

The server lacked technical safeguards, and there’s evidence that neither organization had made any efforts, prior to the data breach, to ensure that the server was properly protected.

In fact, not even any risk analyses had been conducted; there was no risk management plan of substance, and there was a failure on both parties to put in place the policies and procedures for allowing access to databases, among other issues that were failed.

The leak was unveiled when someone discovered and then complained of details of a deceased partner (a former NYP patient) online.

Neither NYP nor CU had taken measures to ensure server integrity.

“When entities participate in joint compliance arrangements,” says Christina Heide, “they share the burden of addressing the risks to protected health information.” Heide is Acting Deputy Director of Health Information Privacy for OCR. She goes on to point out that this disaster should be a wakeup call to healthcare organizations that protection of patient data should be paramount.

Part of the judgment is that both organizations will have to overhaul security measures, a major corrective action undertaking that includes developing a risk management plan and providing progress reports.

Find more information about this breach here:

http://insurancenewsnet.com/oarticle/2014/05/08/data-breach-results-in-$48-million-hipaa-settlements-a-500992.html

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

WiFi world wide a Big Security Issue

Do you access your various financial or social media accounts, or other private accounts such as e-mails with your doctor, at public computer stations? At the coffee house or hotel, for instance? Boy, are you ever setting yourself up for cybercrime including identity theft.

3WWhat usually happens is that the criminals establish Wi-Fi hotspots that trick people into thinking they are legitimate public Wi-Fi locations—people take the bait and log on. The crooks can then watch your communications through their Wi-Fi access points, and steal your personal information like passwords and credit card numbers.

A computerweekly.com report warns that anything you send via a public Wi-Fi may potentially fall into the hands of fraudsters.

One of the scams is that a criminal will get in the middle of a transaction between a user and a website, then intercept in tricky ways to steal the user’s data.

A Few Experiments

  • The security firm, First Base Technologies, did an experiment in November 2013. The public participants had no idea that thieves could set up rogue wireless points of access that fake out users as being valid connection points.
  • The participants were also shocked to learn that their exchanged information was not encrypted.
  • FBT did another experiment using its private wireless network and numerous mobile applications. FBT was easily able to use the apps to invade other smartphones on the same network.
  • One of these apps was a setup to get the participants to use the “attacking” smartphone as their portal to the Internet. This meant that the attacking device siphoned all the traffic and was able, in many instances, to remove encryption from supposedly secure connections.

This weakness in knowledge in the user, and in the security of public Wi-Fi, needs to be addressed by—obviously—the user and the providers of public Wi-Fis, plus business organizations that rely on public Wi-Fis.

Another survey in the same article found that 34 percent of PC users said that they do not take special precautions to safeguard their online interactions when using public Wi-Fi. Just 13 percent do take the time to inspect encryption prior to making a connection to a particular point.

So how can you protect yourself when using public Wi-Fi?

  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • Use a reputable virtual private network such as Hotspot Shield to secure your device for public Wi-Fi use.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

6 Ways to remove Junk mail forever

If you’re sick of junk mail, stop putting off putting a stop to it, because you can actually make a difference by implementing the following 6 strategies. Though you won’t be able to completely eliminate junk mail, the following approaches will considerably de-clutter your mail box.1P

  1. Get off marketing lists. This is done by having the Direct Marketing Association contact direct mail companies and instruct them to stop sending you mail. Go to DMACHOICE.org to get started and free yourself of mail offerings from magazines, catalogues and credit card companies, to name a few. To stop credit card offers only, sign up with OptOutPrescreen.com. For optimal results, sign up for both.
  2. Look for a “privacy notice” in the mail from your credit card issuer or bank, because this notice has an opt-out choice to avoid getting marketing material. However, you may have tossed this notice, thinking it was junk mail (it’s actually not), so contact your bank or credit card company and inquire about their privacy policy. Don’t stop there; contact any entity that deals with your money, such as your auto insurance company.
  3. Sign up for the free TrustedID Mail Preference Service. This provides companies that you can seek the opt-out instructions for.
  4. For $35, 41pounds.org will stifle mail offers.
  5. Do not get a print magazine subscription. Otherwise you’ll set yourself up for reams of third-party junk mail. See if there’s a digital version of the magazine or if your gym has it available.
  6. Go electronic. To stop junk mail from coming with your snail mail bills, switch to electronic billing.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Stolen Business Debit Cards at Greater Risk

WE DO NOT SELL DUMPS. DO NOT EMAIL OR CALL US.

WE DO NOT SELL DUMPS

A debit card from your business, in the virtual hands of a thief, spells a mountain of trouble. The thief can generate a duplicate of your business debit card, then splurge. A “cloned” card can be swiped in a card reader, appearing legitimate.

2CBanks are not legally required to reimburse a business’s stolen money from the fraudulent debit card purchases. Nevertheless, some institutions do reimburse, but that’s only after the business owner can prove theft.

Banks are reluctant to believe businesses claiming victimship. A business may spend months, even years, using lawyers, trying to convince a bank of the crime.

Tips from creditcardguide.com for preventing business debit card fraud and getting faster reimbursement:

For purchases, use your business credit card. If theft occurs, the card company will immediately remove the fraudulent charges—and then pursue the matter.

Use the business debit card strictly for a withdrawal or a deposit. The card should be sans the MasterCard or Visa logo; it’s for deposits and withdrawals only. If you make a purchase with it on a tampered-with card reader, the thief could use your data to make purchases—that’s instant cash out of your account.

Keep tabs on your account daily; weekly at a minimum, even if your bank promises “anomaly detection” in your purchases.

Set up apps in mobile devices to allow account holders to check activity daily.

Use multi-layered protection. Set up spending limits, set up text/email alerts.

Suspicious events, such as exceeding a specified dollar amount in a purchase, should be alerted via e-mail or text.

Implement limited access by employees to your business’s cards.

Get to know your banker or credit union. Having to convince a bank that your money was stolen will be easier if you have a pre-established relationship with the institution. Does your financial institution know you? Or are you merely one of a million customers? Don’t be just another face in the crowd to your bank or credit union; it might someday save your can.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Early Detection Will Save Your Life

Early detection. What do these two words bring to your mind? A grain-sized speck on a mammogram? A colonoscopy?

6HHow about a house fire? Without early detection of THIS killer…you could, well…DIE.

House fires can be detected early with an advanced, well-designed fire alarm system. This will help save not only lives, but valuables, which sometimes cannot be replaced (there’s only one photo of you and Great Grandpa on your third birthday a month before he passed away).

Furthermore, losing “everything” in a fire can mean taking up to two years to resettle. Why wait for this to happen when you can have a fire alarm that will trigger a call to a dispatcher ASAP?

Seconds count for the escape, because you have less than one minute to get your entire family and pets outside to safety once that fire erupts. A smoke detector can double your chances of survival.

Have you taken precautions to prevent, or to detect early, a life-threatening actual disease that kills less than 3,000 Americans a year? Why not also take measures to prevent dying from a house fire—which kills 3,000 Americans every year? Of these fatalities, 40 percent involve homes without a working smoke alarm.

Most fire fatalities are from smoke inhalation rather than being engulfed in flames. Your view to the exit can be blocked by furiously thick, choking smoke. How often do you hear a report that says, “So-and-so died of smoke inhalation?” vs. “So-and-so died from third-degree burns over 90 percent of his body”?

Though people DO get trapped and their bodies burn, autopsy reports usually show that they were dead from smoke inhalation before their bodies became consumed by flames. Awful. Drowning in smoke.

Preparation

  • Safety begins by getting a smoke detector that always stays activated, even when you’re cooking. The device is designed to detect smoke first, not fire, for a reason. If the alarm goes off, get out of the house/apartment before your lungs get poisoned. And stay out.
  • Call 9-1-1 from outside.
  • For the hearing impaired and heavy sleepers, smoke detectors are available that flash lights and set off a vibration beneath a pillow.
  • What about retrieving family members and pets? You won’t need to if you’ve previously run fire drills for the entire family.

Fire Drills

  • For every room, establish two ways to escape (e.g., window and door). Then have all household members physically practice as fast as possible these escapes—which all lead to a single, predetermined meeting place outdoors.
  • Run the drills in the middle of the night, during heavy rain, frigid cold, sweltering heat, because a fire doesn’t care how comfortable or awake you are.
  • The escape plan should take into consideration babies, children, the disabled and elderly, and of course, Prince and Cupcake.
  • Make sure that everyone knows how to get out of a second story window. Have a collapsible ladder on hand.
  • Don’t forget about your smoke alarm. No fewer than two times a year, clean it and push its test button. To remember to change the batteries, coincide this with changing your clocks. If you’ve had an alarm all along, replace it if it’s more than 10 years old or you’re not sure of its age.
  • The National Fire Protection Association says that pets can start a fire. A cat might start playing with an electrical cord, knocking down its lamp, which is already turned on…need you read more to figure out how this ends?
  • A dog, cat, even a bird can knock over a burning candle. It’s hard to keep a candle out of reach from a cat unless it’s in storage. So either don’t use your candles or get rid of them.
  • Cats also jump onto stoves. Of course, you can’t get rid of your stove. But you don’t want to get rid of Cupcake, either. There are several devices on the market that can train cats to stop jumping on things. A stove knob can be accidentally turned by a cat. See if you can remove these knobs.

Heaters can be knocked down by dogs and cats, though this won’t be a problem if the unit has an automatic switch-off that’s triggered when the device is knocked down. If your heaters lack this sensor, replace them with units that have it.

What is Fake Antivirus Software?

Most of you know how important it is to have security software on your computers to stay protected from viruses, malware, spam and other Internet threats. Unfortunately, cybercriminals also know that it is critical to have security software, and they are using this knowledge to trick us into downloading fake antivirus software that is designed to do harm to your computer.

6DFake antivirus software is one of the most persistent threats on the Internet today. It masquerades as legitimate software, but is actually a malicious program that extorts money from you to “fix” your computer. And often, this new “antivirus” program disables your legitimate security software that you already have, making it challenging to remove.

These rogue programs often hook you while you’re browsing the web by displaying a popup window that warns the user that their computer may be infected. Often, the popup includes a link to download security software that offers to solve the problem, or redirects you to a site that sells the fake antivirus software. It is also often also called scareware since the hackers use messages like “You have a virus,” as a way to get you to click on their message.

Because the idea of having an infected machine is alarming to us—it can mean lost data, time, and money—most of us are eager to get rid of any potential problems, and this is what has made the bad guys who make fake antivirus software so successful.

And once you agree to the purchase, the cybercriminals end up with your credit card details and other personal information, and you get nothing but malware in return.

So here’s some steps you can take to protect yourself from the bad guys:

  • Never click on a link in a popup window. If you see a message pop up that says you have a virus or are infected, click the “x” in the corner to close it.
  • If you are concerned that your computer may be infected, run a scan using the legitimate security software you have installed on your device.
  • Make sure you have comprehensive security installed on all your devices, like McAfee LiveSafe™ service, which protects all your PCs Macs, tablets, and smartphones from online threats as well as safeguarding your data and identity.

While it is frightening to think that your computer may be infected, don’t fall for fake alerts that could compromise your personal and financial information. Take a minute to run a scan using your trusted security software rather than give more money to the bad guys.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Burglary leads to Murder

The routine was well-grounded: Helen Van Orden, 79, worked as a housekeeper from 8 a.m. till noon Monday through Friday at Emeritus at College Park in Manatee. Then she’d go straight home and walk her dog.

2BOne day, she was waiting for her son, Charles Van Orden, 61, to call at 9 pm as he did every night to check on her. She didn’t answer, so Charles went to her small apartment next day and found his mother’s dead body in the living room.

The suspect in the murder is Richard Wayne Matthews, Jr., 32. Charles believes his mother was killed for her credit cards, purse and car. The victim’s daughter, Mary Ann Layhew, believes a connection existed between Matthews and her mother, in that the suspect knew Layhew’s son.

Crushed by the tragedy, Charles took his mother’s dog to an animal shelter, being unable to care for her.

Matthews is no stranger to a life of crime; he has numerous felony convictions. He’s been charged in Helen’s murder, plus burglary with assault and battery, and auto theft. This sounds like a slam-dunk case, as Matthews was dumb enough to tell three people he murdered Helen.

Ronald Ellison, Matthews’ godfather, told the sheriff’s office that Matthews told him he had “killed a lady at the Burgundy Apartments [where Helen lived],” and that he had stolen her credit cards and car. The ditched car was eventually found.

Matthews is being held without bond in the Manatee County jail.

Charles wants to confront his mother’s killer in court and ask him why on earth he would ever commit such a heinous crime. Charles was quoted as saying that he wants Matthews “to get everything you deserve.”

Yes, let’s definitely hope that this ruthless killer gets the harshest punishment.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Data Breaches Equal Job Loss

Is it coincidence that Beth Jacob CIO resigned from her job as chief information officer of Target Corporation? Or could this possibly be connected to the data breach that slammed Target in December of 2013, affecting as many as 70 million customers? Being a CIO is no easy task, especially when you have thousands of criminals trying to breach your networks every minute of every day.

4DTarget also announced that its information security procedures and compliance division will be completely revamped. The retail giant will also be seeking an interim CIO.

That’s not all. Gregg Steinhafel, Target’s former chief executive, recently lost his job with the retailer due to the data breach. He had been with the company for 35 years.

Should weaknesses in computer safety be blamed on Chief Executive Officers? Yes, because ultimately, the CEO is responsible for protecting the customer’s sensitive data. For instance, Steinhafel was at the helm when thieves hacked customer data records such as credit card information and home addresses, from the retailer’s computer system. Boards are also latching onto this issue and will be very influential in the before and after of a breach.

The company CEO isn’t just responsible for sales; this individual is responsible for security. Target’s data breach is a rude awakening for CEOs everywhere; data security breaches influence sales—very negatively—not to mention customer loyalty.

And then there’s the enormous expense of recovering from the breach and regaining customer trust. In Target’s case it rings in at $17 million thus far. And it is growing. Ultimately, the costs for everything related to the data breach is projected to soar into the billions.

The Secret Service, which is involved in the ongoing investigation, reports that it may take years to nail the hackers.

Law Enforcements motto is “Serve and Protect” and people gripe “where’s a cop when you need one” suggesting Law Enforcement is supposed to be there to protect us at all times. This misconception has created an entire culture of “its not my job/responsibility/problem”. YES. IT. IS. As a company front line employee, an officer or a CEO, security is your responsibility. Security is everyone’s responsibility.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.