Worried about finding a job after you graduate from college? Worried about paying off your debts? It gets uglier: New college grads need to think about their identities being stolen. One-third of identity theft complaints come from young adults.

A new college graduate will often have a clean credit history. If the new college graduate discovers, however, that their credit score is inexplicably low, it’s probably because their identity has been stolen. This can be a nightmare.

Compounding the issue is that some businesses will check the job applicant’s credit report and use this information against them by not hiring.

Prior to graduation, the college student should do a credit check; it can be done annually online free of charge. Young adults should never have an “It can’t happen to ME” approach to one of life’s raw realities: the proliferation of identity theft.

College students should always shred all of their bank related statements, credit card statements and all other documents that contain very personal information.

College students should avoid posting their birthdates, phone numbers and addresses on social media.

Additional Tips

• Ask your parents to explain whatever they know to you about online scams like malicious e-mails (phishing), suspicious pop-up ads, buying apps from third party sellers, etc.
• Avoid debit cards; use only a credit card because thieves prefer to steal identities through debit cards.
• Memorize your SSN so you can keep your SSN card in a safe place at all times.
• Check your credit card statements every month for suspicious charges.
• Never give out your SSN, even if the clerk at the retail store insists they need it so that they can give you an intro 15 percent off with the store’s credit card.
• Go to www.annualcreditreport.com to check your credit report every year.
• Get identity theft protection and a credit freeze.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

There was once a time when the only threat to a bank’s security was when that innocent-looking man hands a note to the bank teller that makes her face go ashen. And the only security, save for video surveillance, was the armed guards and the silent alarm that the teller triggers.

Nowadays, terms like firewalls, encryption, anti-virus and cloud providers are just as important to a bank’s security as are the armed guards, huge windows, security cameras and steel vaults. No longer is the masked robber who says “Hand over the money” a bank’s biggest threat. ATM skimming, where nobody is ever shot at, is at the top of the list.

The Three Directions of Banking Security

• Analyzing big data and assessing potential threats
• Banks joining forces by sharing information relevant to protection against cybercrime
• Focusing more on fast recovery and less on prevention of crime

That last point is because breaches are always going to occur no matter how thick the security is, and there’s a lot of room to improve in terms of recovery speed. So it makes sense that this shift in attention is developing at an increasing rate.

A New Breed of Locks

Banks require many layers of protection, and this includes keycards, which allow select employees through specific doors at specific times. Just stick the card in a slot and the door opens (a common device also used in hotels).

Keycards are also used by extraneous service people. A lost card can be immediately turned off, and cheaply replaced, whereas traditional locks would cost a bundle.

Customized badges are another way that financial institutions have improved security measures, replacing keys and keycards. Employees can be “add onto” a badge, and a lost and found badge can be deactivated and activated, respectively.

Anti-Skimming Devices

Anti-skimming devices can significantly reduce this crime, when a thief puts a phony reader over an ATM device to capture a customer’s card data. The volume of skimming crimes is enormous, yet many ATMs still have no anti-skimming protection.

Cloud Storage for Data

More and more financial organizations are relying upon cloud computing, though this technology also brings with it some concerns, since the cloud involves a third-party provider—which can turn bank data over to the government without the bank’s permission.

A way around this is for the bank to encrypt data prior to placing it in a cloud, and to keep encrypting it even when at rest, and retain the encryption keys.

Biometrics

Fingerprint swiping to withdraw money is one of the latest security tactics: multispectral imaging (MSI). Who can possibly “skim” that? This is biometric technology and is already in thousands of ATMs. This “inner fingerprint” is immune to breakdown from grime, wear or moisture, making it very tamper resistant.

Look for even more progress in the multilayered security of financial institutions in the years to come—technologies that right now we can’t even comprehend. 

For more information about this shifting industry, visit:

securitymagazine.com/articles/print/85356-banking-battlegrounds-cyber-and-physical-security-risks-today

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. 

A data breach can slug below the belt and knock a healthcare business flat on its back, as was the case with Columbia University and the New York and Presbyterian Hospital.

They paid a $4.8 million settlement (the biggest HIPAA settlement to date) after the electronic records of 6,800 patients (including vital stats, medications and even lab results) were accidentally leaked into cyberspace.

The leak was caused when a Columbia University doctor (who developed applications for CU as well as NYP) attempted to deactivate a computer server that was personally owned; the server was on the network that contained patient data.

The server lacked technical safeguards, and there’s evidence that neither organization had made any efforts, prior to the data breach, to ensure that the server was properly protected.

In fact, not even any risk analyses had been conducted; there was no risk management plan of substance, and there was a failure on both parties to put in place the policies and procedures for allowing access to databases, among other issues that were failed.

The leak was unveiled when someone discovered and then complained of details of a deceased partner (a former NYP patient) online.

Neither NYP nor CU had taken measures to ensure server integrity.

"When entities participate in joint compliance arrangements,” says Christina Heide, “they share the burden of addressing the risks to protected health information." Heide is Acting Deputy Director of Health Information Privacy for OCR. She goes on to point out that this disaster should be a wakeup call to healthcare organizations that protection of patient data should be paramount.

Part of the judgment is that both organizations will have to overhaul security measures, a major corrective action undertaking that includes developing a risk management plan and providing progress reports.

Find more information about this breach here: http://insurancenewsnet.com/oarticle/2014/05/08/data-breach-results-in-$48-million-hipaa-settlements-a-500992.html

Do you access your various financial or social media accounts, or other private accounts such as e-mails with your doctor, at public computer stations? At the coffee house or hotel, for instance? Boy, are you ever setting yourself up for cybercrime including identity theft.

What usually happens is that the criminals establish Wi-Fi hotspots that trick people into thinking they are legitimate public Wi-Fi locations—people take the bait and log on. The crooks can then watch your communications through their Wi-Fi access points, and steal your personal information like passwords and credit card numbers.

A computerweekly.com report warns that anything you send via a public Wi-Fi may potentially fall into the hands of fraudsters.

One of the scams is that a criminal will get in the middle of a transaction between a user and a website, then intercept in tricky ways to steal the user’s data.

A Few Experiments

• The security firm, First Base Technologies, did an experiment in November 2013. The public participants had no idea that thieves could set up rogue wireless points of access that fake out users as being valid connection points.
• The participants were also shocked to learn that their exchanged information was not encrypted.
• FBT did another experiment using its private wireless network and numerous mobile applications. FBT was easily able to use the apps to invade other smartphones on the same network.
• One of these apps was a setup to get the participants to use the “attacking” smartphone as their portal to the Internet. This meant that the attacking device siphoned all the traffic and was able, in many instances, to remove encryption from supposedly secure connections.

This weakness in knowledge in the user, and in the security of public Wi-Fi, needs to be addressed by—obviously—the user and the providers of public Wi-Fis, plus business organizations that rely on public Wi-Fis.

Another survey in the same article found that 34 percent of PC users said that they do not take special precautions to safeguard their online interactions when using public Wi-Fi. Just 13 percent do take the time to inspect encryption prior to making a connection to a particular point.

So how can you protect yourself when using public Wi-Fi?

• If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
• Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
• Make sure that every device that you own has full protection such as antivirus and a firewal.
• Use a reputable virtual private network such as Hotspot Shield to secure your device for public Wi-Fi use.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America.

A debit card from your business, in the virtual hands of a thief, spells a mountain of trouble. The thief can generate a duplicate of your business debit card, then splurge. A “cloned” card can be swiped in a card reader, appearing legitimate.

Banks are not legally required to reimburse a business’s stolen money from the fraudulent debit card purchases. Nevertheless, some institutions do reimburse, but that’s only after the business owner can prove theft.

Banks are reluctant to believe businesses claiming victimship. A business may spend months, even years, using lawyers, trying to convince a bank of the crime.

Tips from creditcardguide.com for preventing business debit card fraud and getting faster reimbursement:

For purchases, use your business credit card. If theft occurs, the card company will immediately remove the fraudulent charges—and then pursue the matter.

Use the business debit card strictly for a withdrawal or a deposit. The card should be sans the MasterCard or Visa logo; it’s for deposits and withdrawals only. If you make a purchase with it on a tampered-with card reader, the thief could use your data to make purchases—that’s instant cash out of your account.

Keep tabs on your account daily; weekly at a minimum, even if your bank promises “anomaly detection” in your purchases.

Set up apps in mobile devices to allow account holders to check activity daily.

Use multi-layered protection. Set up spending limits, set up text/email alerts.

Suspicious events, such as exceeding a specified dollar amount in a purchase, should be alerted via e-mail or text.

Implement limited access by employees to your business’s cards.

Get to know your banker or credit union. Having to convince a bank that your money was stolen will be easier if you have a pre-established relationship with the institution. Does your financial institution know you? Or are you merely one of a million customers? Don’t be just another face in the crowd to your bank or credit union; it might someday save your can.

Most of you know how important it is to have security software on your computers to stay protected from viruses, malware, spam and other Internet threats. Unfortunately, cybercriminals also know that it is critical to have security software, and they are using this knowledge to trick us into downloading fake antivirus software that is designed to do harm to your computer.

Fake antivirus software is one of the most persistent threats on the Internet today. It masquerades as legitimate software, but is actually a malicious program that extorts money from you to “fix” your computer. And often, this new “antivirus” program disables your legitimate security software that you already have, making it challenging to remove.

These rogue programs often hook you while you’re browsing the web by displaying a popup window that warns the user that their computer may be infected. Often, the popup includes a link to download security software that offers to solve the problem, or redirects you to a site that sells the fake antivirus software. It is also often also called scareware since the hackers use messages like “You have a virus,” as a way to get you to click on their message.

Because the idea of having an infected machine is alarming to us—it can mean lost data, time, and money—most of us are eager to get rid of any potential problems, and this is what has made the bad guys who make fake antivirus software so successful.

And once you agree to the purchase, the cybercriminals end up with your credit card details and other personal information, and you get nothing but malware in return.

So here’s some steps you can take to protect yourself from the bad guys:

• Never click on a link in a popup window. If you see a message pop up that says you have a virus or are infected, click the “x” in the corner to close it.
• If you are concerned that your computer may be infected, run a scan using the legitimate security software you have installed on your device.
• Make sure you have comprehensive security installed on all your devices, like McAfee LiveSafe™ service, which protects all your PCs Macs, tablets, and smartphones from online threats as well as safeguarding your data and identity.

While it is frightening to think that your computer may be infected, don’t fall for fake alerts that could compromise your personal and financial information. Take a minute to run a scan using your trusted security software rather than give more money to the bad guys.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  

Is it coincidence that Beth Jacob CIO resigned from her job as chief information officer of Target Corporation? Or could this possibly be connected to the data breach that slammed Target in December of 2013, affecting as many as 70 million customers? Being a CIO is no easy task, especially when you have thousands of criminals trying to breach your networks every minute of every day.

Target also announced that its information security procedures and compliance division will be completely revamped. The retail giant will also be seeking an interim CIO.

That’s not all. Gregg Steinhafel, Target’s former chief executive, recently lost his job with the retailer due to the data breach. He had been with the company for 35 years.

Should weaknesses in computer safety be blamed on Chief Executive Officers? Yes, because ultimately, the CEO is responsible for protecting the customer’s sensitive data. For instance, Steinhafel was at the helm when thieves hacked customer data records such as credit card information and home addresses, from the retailer’s computer system.  Boards are also latching onto this issue and will be very influential in the before and after of a breach.

The company CEO isn’t just responsible for sales; this individual is responsible for security. Target’s data breach is a rude awakening for CEOs everywhere; data security breaches influence sales—very negatively—not to mention customer loyalty.

And then there’s the enormous expense of recovering from the breach and regaining customer trust. In Target’s case it rings in at $17 million thus far. And it is growing. Ultimately, the costs for everything related to the data breach is projected to soar into the billions.

The Secret Service, which is involved in the ongoing investigation, reports that it may take years to nail the hackers.

Law Enforcements motto is “Serve and Protect” and people gripe “where’s a cop when you need one” suggesting Law Enforcement is supposed to be there to protect us at all times. This misconception has created an entire culture of “its not my job/responsibility/problem”. YES. IT. IS. As a company front line employee, an officer or a CEO, security is your responsibility. Security is everyone’s responsibility.