Your employee's online life could open your business to some serious dangers.

Many small businesses recognize the benefits of having a social media presence for customer service and long-term marketing purposes. However, many are slow to recognize social media's security issues and how employees’ own social presence can add to the company's security issues.

Some companies restrict internal access. Others may prevent employees from having any corporate association outside of work on their own social platforms. This is due to the fact that whatever an employee says outside of work publicly can have a significant impact on the organization.

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer.

Last year I presented a robbery response program to a credit union. My presentation came after a mock robbery was staged, using real cops acting as masked robbers with guns. The robbers came in, guns blazing and screaming profanities, and, quite frankly, were very disturbing in their delivery. Some tellers cried, others cowered. Pregnant women were not allowed to participate and for good reason: Cops make great robbers!

At the end of the robbery, we all circled and discussed what happened. The teller who received the robbery note read it aloud, stating: “Your husband works at the Main Street Garage. We intercepted him when he was opening this morning. He is in a trunk at an undisclosed location. If you hit the silent alarm and the police come, we will kill him.”

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer. Once done, they looked up her spouse’s place of employment. They were able to learn what time he opened and closed the shop. Scary.

Follow these social media security tips for small business to prevent security issues just as scary:

Institute a policy. Social media policies must be in place to regulate employee access and establish guidelines for appropriate behavior. Policies must specifically state what can and cannot be said, referring to slang, abusive language, etc. Employers should train their employees on proper use, as well. At this point, many of the mistakes have already been made; a quick search for “social media policy” will return lots of great ideas.

Consider a no-employment disclosure. Request employees leave their employment status blank when setting up a social site profile. Employees represent their employer 24/7/365, so what an employee says on or off the job and online directly reflects on his or her employer and, as stated in my credit union story, can be used against the organization.

Limit access to social networks. There are numerous social networks serving different uses, from wine and recreation to music to movies, used for everything from friending to finding a job. Some are more or less appropriate, and others are less than secure. Employee association with a social network that is considered off-color in any way will come back and haunt the company.

Train IT personnel. Policies and procedures begin from the top down. Managers and IT personnel responsible for managing technology need to be fully up to speed with social media security risks and set leadership examples.

Maintain ongoing monitoring and security. Once a policy is in place, it needs to be updated and enforced, and employees’ online lives must constantly be scrutinized. Invest in consulting, hardware, software and anti-virus protection, and update critical security patches for your operating system to make sure your business network is up to date.

Lock down social settings. Require employees to learn about and incorporate maximum privacy settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

Don’t completely eliminate social media. Eliminating access to social media opens an organization up to other business security issues. Employees who want access will get it—and when this happens, they sometimes go around firewalls, making the network vulnerable.

How do you ensure social media security in your business? Share your experiences in the comments.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen.

Schlage is all about safety and security. But you need not be in the profession of security analyst to be vigilant about your home and family’s security. And when it comes to security, this doesn’t just mean protection from home invasions and burglaries, but anything and everything, such as online security and guarding against viruses, hackers and other fraudulent invasive cyber crimes that can really mess things up for you or a family member.

Be your family and home’s Chief Security Officer, even if your job outside the home is unrelated to security measures. Make sure everything is safe and sound inside your home. This includes child-proofing the house; senior-proofing if there are elderly occupants; and just in general, making the environment safe—e.g., cleaning up spills on the floor to prevent a disastrous fall.

I won’t lie: This kind of vigilance requires a lot of thought to get it rolling. It’s not second nature to many people, but they can work on that element and improve over time so that it’s automatic to put the alarm system on when going to bed.

You must be fierce so that fires don’t start in your home, and so that you don’t end up in the news as a victim of a crime.  

Sometimes, a person’s greatest enemy is themselves. So you have all the windows penetration-proofed, triple bolts on all the doors, maybe a protection dog and an extensive video surveillance system…but one second…you get lazy and don’t lock your doors and after you leave and you took the dog with you, then some bad guy chooses your home simply because he saw you leave. Locking your doors, that little extra effort might have saved all kinds of heartache.

So it takes a little extra time to create a safety system, and then stick with it, to prevent bad things from happening. If you can’t make time for safety and security, you’ll have to make time for catastrophe. When you make security a habit, it really doesn’t require that much effort after a while. Lead your family and home as its Chief Security Officer.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover.

“Ransomware” is what holds data hostage by invading one’s computer when the user clicks on a malicious link in an e-mail or downloads an infected attachment. Visiting a fraudulent web site can also trigger an attack.

Ransomware then goes to work at putting your files on lockdown so you can’t access them—but the hacker sure can. The crook will then have full access to your computer and all of your private information stored in it.

Ransomware in some cases masquerades as “Anti-Adware” or “Browser Security” claiming that the security product license has expired. Ransomware on Windows shows as a full-screen “error alert” like message. Though ransomware is uncommon, it’s a rising star in the world of malware.

How can you protect your computer from an infection?

• Ensure your computer is running the most up-to-date version of your chosen operating system.
• Use updated antivirus software.
• Never click links in e-mails. Always go to the source or use your password manager.
• Never go to unfamiliar web sites, as they can initiate the virus cascade.

Keep in mind that although malware and ransomware usually affect PCs running on Windows, malware can be created for any operating system and for mobiles. In fact, Android malware has been picking up steam. But Mac users should not breathe easy; they too, should be on the alert, says the McAfee Threat Report.

The best way to implement protection of your computer and devices is to install a comprehensive measure of security—in addition to sticking to that never-repeated-too-often rule of never click a link in an e-mail.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. 

2013 was the year of 740 million records involving data breaches. And that number may be erring quite on the conservative side, according to the Online Trust Alliance. The records come from a list on the Privacy Rights Clearinghouse Chronology Data Base.

The list is that of publically disclosed breaches, including the alleged 110 million that struck the big retailer December 13. Many of the listed breaches are of a non-descript number.

The more electronically connected everything becomes, the greater the potential for data breaches—it’s almost as though all this advancement in online data storage and transmission is setting us backwards.

Cybercriminals are good at keeping pace with the progression of online security tactics, matching every leap and bound. This is why organizations must put security and data protection at the top of their priorities and be ready to handle a major breach.

Unfortunately, no one-size-fits-all defense against cyber-fraudsters exists. Nevertheless, there do exist best practices that can optimize a company’s protection against cybercrime.

Let’s take a look at some highlights of the data breaches of 2013.

• Though that conservative 740 million records was disclosed, 89 percent of the breaches and loss of data incidents could have been thwarted.
• 76 percent of breaches were due to stolen or weak account credentials.
• In 2013 alone, 40 percent of the top breaches were recorded.
• Insider mistakes or threats accounted for 31 percent of insiders.
• Social engineering was responsible for 29 percent of breaches.
• Physical loss such as forgetting where one placed a device, flash drive, etc., was responsible for 21 percent of the data loss incidents.

The 2014 Data Protection & Breach Readiness Guide can help service providers and app developers for businesses grasp the issues, factors and solutions that will fire up data protection tactics and bring about a development of strategies for managing a data breach incident.

Smart businesses think proactively:

Smart businesses are investing in their client’s security. Consumers want to know they are being protected before, during and after a transaction.

Banks know security just about better than anyone. Find out what they can teach you about safeguarding your small business.

Security is a journey, not a destination. This is a security industry axiom that means we can strive for security, and by making this effort, we can put ourselves on a path to security. But while we may achieve a relative degree of security, our businesses will never be 100 percent secure—the destination we all strive for. Even Fort Knox, the White House and the New York Stock Exchange are vulnerable.

But that doesn't mean we shouldn't strive to reach our destination. In order to protect our businesses, we can apply strategies that significantly reduce our risk level. One of the best security techniques is layering. Layers of security make a criminal’s job more difficult, as they are forced to address all the vulnerabilities in our business.

Helen Keller once said, “Security is an illusion; life is either a daring adventure or nothing at all.” Her quote has significance, although it’s not entirely accurate. That's because security is part illusion and part theater. The illusion, like a magic act, seems believable in many cases.

Security theater, on the other hand, refers to security intended to provide a sense of security while not entirely improving it. The theater gives the illusion of impact. Both play a role in deterring criminals, but neither can provide 100 percent security, as complete security is unattainable. Hence, security is a journey, not a destination.

Banks know security, both the illusion and the theater. They have to, because robbers target these buildings daily. Because banks want to promote a friendly and inviting environment, consumers are mostly oblivious to the various layers of security that financial institutions utilize to protect their bank accounts. And that's not a bad model to follow.

What Banks Know About Security

Banks have multiple layers of security. The perimeter of most banks are often designed to include large windows, so passersby and law enforcement can easily see any problems occurring inside. The bank’s doors also have locks. There is, of course, an alarm system, which includes panic buttons, glass-break detectors and motion sensors. These are all layers, as are the security cameras, bulletproof glass and armed guards. Ideally, the tellers and members of management should have robbery-response training. Many banks also use dye packs or GPS devices to track stolen cash.

All banks have safes, because banks know that a well-constructed safe is the ultimate layer of security. A safe not only makes it extremely difficult for a bank robber to steal the bank’s money, but it also protects the cash in the event of a fire.

And then there are the multiple layers of computer security. The basics include antivirus, antispyware, antiphishing and firewalls. However, there are numerous additional layers of protection that monitor who is accessing data and why, and numerous detectors that look for red flags which indicate possible identity theft.

Banks also recognize that a simple username/password is insufficient, so they require their clients to adopt multifactor authentication. Multifactor authentication is generally something the user knows, such as a password or answers to knowledge-based questions, plus something the user has, such as a smart card, token or additional SMS password, and/or something the user is, such as identification through a biometric fingerprint, facial recognition, hand geometry or iris scan. In its simplest forms, multifactor authentication occurs when a website asks for a four-digit security code from a credit card or installs a cookie on your machine, or when a bank requires a client to add a second password to his or her account. Some institutions also offer or require a key fob that provides a changeable second password (a one-time password) to access accounts, or it might require a reply to a text message in order to approve a transaction.

Every layer of protection the bank adds is designed to make it harder for a criminal to get paid.

Consider a layered approach for your small-business security plan. Think about the current layers of business protection you have in place, and then consider how many more layers you might want to install to ensure a seamless customer experience and a security-minded culture.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. 

The U.S. Consumer Confidence Index, released by TRUSTe®, shows an alarming trend: A high percentage of U.S. people over age 18 are unnerved about their online privacy, and this trend is worsening.

This survey was conducted online among 2,019 U.S. adults and reveals that 92 percent of the participants are on edge, at least some of the time, concerning online privacy. Nearly three-quarters of Internet users in the U.S. are worried about privacy more so than a year ago. And more users worry about business data collection versus government surveillance programs.

Many businesses are not taking measures to mitigate this concern among users. This can backfire on businesses, e.g., more people not willing to download apps or click on ads. Protecting consumers is crucial to a company’s success—not just with customers but with competitors; companies should not cut corners here.

What are the top reasons for privacy concerns? The top two responses: 1) Businesses sharing personal data, and 2) Businesses tracking online behavior.

More specific findings:

• 58 percent of respondents were worried about businesses giving out their personal information with other businesses
• 47 percent worried about businesses tracking their online actions
• Only 38 percent named media attention to government surveillance programs as a cause for concern.

What are consumers doing about all this?

• 83 percent are leery of ad clicking.
• 80 percent won’t use smartphone apps that apparently don’t protect privacy.
• 74 percent aren’t comfortable enabling location tracking on their smartphone.

Other findings of the TRUSTe survey:

• User concerns over online privacy are climbing: 92 percent of users worry about privacy.
• Trust with businesses is declining, coming in at 55 percent currently.
• 89 percent of consumers will refrain from conducting business with a company they don’t feel is protecting their online privacy.

The public wants more:

The tides of privacy are turning and the public is waking up. Businesses who fail to take action will surely be met with customer defection.

Robert Siciliano is an Identity Theft Expert to AllClearID. 

Unfortunately in today’s world, scammers are coming at us from all angles to try and trick us to get us to part with our hard earned money. We all need to be vigilant in protecting ourselves online. If you aren’t paying attention—even if you know what to look for—they can get you.

There are numerous ways to detect fake sites or emails, phishing, etc. Here are 10 you should know about:

1. Incorrect URL. Hackers use fake sites to steal your information. Watch to make sure the URL is actually the one you want to be going to— if you notice the URL is different, that’s a good indication that the site is fake and you should NOT enter your information. There’s a number of ways you can protect yourself from this:
   1. If you’re on a computer, hover your mouse over the link to see a preview of the link URL in the status bar. Then check to see if the link site matches the site that it should be from. So for example if your email comes from North Bank or you type in North Bank into the Google search bar and the link is not going to www.northbank.com but something like www.banking-north.com you should not click.
   2. If you’re on a mobile device, use a link preview to see the actual URL before you click.
   3. You can also use McAfee® SiteAdvisor® on both your computer and mobile device to make sure the links you are going to are not bad links.
2. Nosy Requests. Your bank won’t ask via email for your PINs or card information. Be suspicious of sites (or emails) requesting your Social Security number, identification number or other sensitive information.
3. Sender’s Email Address. You can also check who sent the email by looking at the send address. It may say it’s from North Bank, but the email may be something strange like This email address is being protected from spambots. You need JavaScript enabled to view it.. The sender’s email should not be using a public Internet account like Hotmail, Gmail, Yahoo!, etc.
4. Your Name. A legitimate email from your bank or business will address you by name rather than as “Valued Customer” (or something similar).
5. Typos. Misspellings or grammatical errors are another sure sign that the message or site is fake.
6. Fake Password. If you’re at a fake site and type in a phony password, a fake site is likely to accept it.
7. Low Resolution Images. A tip-off to a false site is poor image quality of the company’s logo or other graphics.

Additionally…Hit delete. How about just hitting the delete button whenever an email comes to you from an unfamiliar sender? After all, if any legitimate entity needs to contact you about something urgent or crucial, they would have your phone number, right? They know your name, too. Remember, “just say no” to opening unfamiliar or suspicious looking emails.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!Disclosures.