If I had a dime for every time I’ve been asked, “How do I protect my credit card number?” I’d be living on my own island in the Pacific. My response has always been, “Use your card whenever and wherever and don’t worry about it, but pay close attention to your statements,” because that’s really all you can do. But due to most people not carefully checking their statements, my sage advice has fallen on deaf ears.

The good news is, the agony associated with checking credit and debit card statements from different banks and painstakingly reviewing each charge is as close to being solved as ever. BillGuard, a personal finance security service, analyzes millions of consumer billing complaints to find deceptive and unwanted charges that result from misleading sales and billing practices on your credit and debit card statements all in one place.

All you do is register the cards you want protected by granting BillGuard secure, read-only access to the credit issuer’s website that displays your credit card’s transaction activity. BillGuard then scans your card activity daily, running each transaction through over 100 automated security tests, including checking the web and banks, for complaints about the merchants and charges that appear on your bills and statements. BillGuard identifies hidden charges, billing errors, misleading subscriptions, scams and fraud on your bills and statements and alerts you via email when your attention is required. A scan report email is sent monthly, providing a quick overview of your cards—and, along with it, much-needed peace of mind.

BillGuard provides a beautifully combined view of all your credit and debit cards in one place and makes it easy to understand every charge on your statements. No more painstaking calls to the bank to explain unrecognized charges! BillGuard saves you both money and time, even helping you get your money back when needed.

I’ve been using BillGuard since 2011 and it has alerted me to numerous charges that required my attention. Having a personal finance security company watching my cards (and watching my back), has helped me understand my statements and the various strange charges that most people don’t acknowledge, often resulting in hundreds of dollars lost each year.

Robert Siciliano is a personal security expert & adviser to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. 

Congress and the Federal Trade Commission (FTC) have taken special steps to ensure that children under 13 years of age don’t share their personal information on the Internet without the express approval of their parents. Congress passed the Children’s Online Privacy Protection Act (COPPA) in 1998 and the FTC wrote a rule implementing the law. The FTC currently is conducting a review of what changes, if any, should be made to COPPA to reflect the changes that may have been brought about from technology, such as the rapid adoption of mobile devices.

Parents who lack experience with the Internet, computers, or mobile devices must learn the basics before they can adequately monitor their children’s habits. A parent’s discomfort or unfamiliarity with technology is no excuse to let a child run wild on the Internet. In fact, in McAfee’s study, “The Digital Divide: How the Online Behavior of Teens is Getting Past Parents” showed that an alarming 70% of teens have hidden online behavior from their parents.

As with any task, one should start with the fundamentals. Spend as much time as possible with kids in their online world. Learn about the people with whom they interact, the places they visit, and the information they encounter. Be prepared to respond appropriately, regardless of what sort of content they find. Remember, this is family time.

Here’s some tips to help you protect your kids:

Narrow down devices: In the past, many of us set up our family computer in a high-traffic area, like the family room, but this becomes less feasible as more children have their own laptops and mobile phones. I recommend limiting time online and also limiting the number of devices your child has.

Teach then appropriate online behavior: Kids will be kids, but that doesn’t mean it’s okay to say cruel things, send racy pictures, make rude requests, or suggest illegal behavior, just because they are online. If it isn’t okay in the physical world, it isn’t okay on the Internet. Also discuss with your kids what is and is not okay with regards to the kinds of websites they may visit and what type of content is ok to share or not share. They should also be taught to not open attachments or click on links from people they don’t know.

Use parental controls: Consider investing in software with parental controls, which limit the sites your kids can access, times they are allowed online and the amount of time they spend online each day.

Discuss stranger danger: Just like in the real-world, kids should be taught to never meet someone they know only online in person and that they should not chat or friend people they do not know.

The Internet is forever: You and your kids need to understand that once things are posted online, they could live on forever. You no longer have control over that photo or video and it could come back to haunt them. They should follow the rule of thumb that they should not post or share anything they would not share with everyone.

The key to good online parenting lies in the basics of good offline parenting. Talking to your kids about the “rules of the road” for the Internet is just as important as talking to them to about things like looking both ways before they cross the street.

Robert Siciliano is an Online Security Evangelist to McAfee.

Do you take a close look at all your bills and statements every month? Do you look at all the charges? Are you familiar with each charge—where, when and to whom? Do you recognize monthly recurring charges? Did you know that nine out of 10 people don’t check their bills, or merely skim them quickly for large purchases?

Did you know that by federal law, after 60 days if there is a fraudulent credit card charge or a “grey charge” that you didn’t authorize, you can be held liable and responsible for the charge? Did you know that by federal law it’s only two days where your bank’s debit card is concerned?

Did you know that your bank doesn’t protect you from all credit card fraud or from grey charges? Banks use so-called “anomaly detection software” to seek out charges that might not appear to make sense. For example, if you use your credit card at your local gas station at noon and then 10 minutes later your card’s information is used in Russia, your bank will see that as an anomaly and flag the charge. But banks don’t catch everything, which means that, at some point, you’ve probably paid for stuff you shouldn’t have.

BillGuard—a free service that harnesses our collective vigilance to protect everyone from deceptive and unwanted charges that result from misleading sales and billing practices, such as hidden charges, billing errors, and misleading subscriptions,—estimates the average consumer loses over $300 a year to unwanted charges he or she is not even aware of. Card fraud alone is an $8 billion-a-year crime, with banks catching only a third of it. The rest is up to us as consumers.In contrast BillGuard estimates that grey charges are a much higher dollar amount, simply on the basis that it impacts every consumer.

Every day, tens of thousands of people report bad charges on their credit and debit cards to their banks and merchants. Millions more post their complaints online. Up until now, all that knowledge hasn’t been benefiting the most important person of all—you.

Visit BillGuard and check out your statements online at least every two weeks.

Robert Siciliano is a personal security expert & adviser to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. 

Do you? I do and I’ve been doing it since I said “I do.” And if you are married or at least in a committed lifelong relationship, knowing each other’s passwords is probably expected. Today, sharing passwords has become a sign of commitment, a signal of love and devotion, like a varsity sweater or friendship ring. But what’s happens when the relationship goes sour (with a divorce rate of 50% to back me up here)?

Chances are good, that your significant other (if they have your passwords) will engage in revenge tactics with your account after a breakup. Despite public awareness of data leaks and high profile celebrity photo scandals, we continue to take risks by sharing personal information and intimate photos with our partners and friends, thus putting ourselves at risk for a “revenge”  situation.

28% of people have regretted (once they broke up) sending intimate content and 32% have asked their ex-partner to delete the personal content. But despite these risks, 36% of Americans still plan to send sexy or romantic photos to their partners via email, text and social media on Valentine’s Day.

People need to be more informed about the consequences of sharing so much private information with their partners. Sharing passwords with your partner might seem harmless, but it could and often does result in critical personal information falling into the wrong hands and landing on a public platform for all to see.

Today, McAfee released the study, Love, Relationships, and Technology: When Private Data Gets Stuck in the Middle of a Breakup, which examines at the pitfalls of sharing personal data in relationships and discloses how breakups can lead to exposure of private data.

Of those surveyed, the actions one’s partner took that led to a person exposing personal data are:

Lying (45.3%)

Cheating (40.6%)

Breaking up with me (26.6%)

Calling off Wedding (14.1%)

Posting pictures with someone else (12.5%)

Other (12.5%)

To make sure this doesn’t happen to you, I’ll make it easy for you. Think twice—digital is forever. It will haunt you and follow you. Just don’t do it.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!   

The best thing about the “New Year” is committing to new or old resolutions and starting fresh. Whether you are an individual or a small business, the following applies:

1. Delete. Go through your files, deleting and organizing as necessary. Clutter is confusing. Security and “confusing” don’t work well together. Delete!
2. Back up your data. Back up to a secondary hard drive inside or external of your devices. Utilize cloud-based backups, too. I have my data on four local drives and two cloud-based servers.
3. Reinstall your operating system. Reinstalling your operating system every year or two eliminates bloat and malware and speeds up your PC.
4. Get device savvy. Whether you’re using a laptop, desktop, Mac, tablet, mobile, wired Internet, wireless or software, learn it. Take the time to learn enough about your devices to wear them out or outgrow them.
5. Get social. One of the best ways to get savvy is to get social. By using your devices to communicate with the people in your life, you inevitably learn the hardware and software.
6. Implement social media policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by providing training on proper use—especially what not do too.
7. Get digitally secure. Your security intelligence is constantly being challenged, and your hardware and software are constant targets. Invest in antivirus, anti-spyware, anti-phishing and firewalls.
8. Protect your mobile. Bad guys are paying attention to mobiles and creating thousands of viruses meant to steal your data. There has been a significant increase in Android-related hacking, and Android users therefore must download and install all the latest updates and invest in a mobile security product.
9. Go EMV. EMV, which stands for Euro MC/Visa, also known as “chip and PIN,” is the new more secure credit card and is underway in North America. Both Canada and Mexico are going full-on EMV, and several major banks in the United States are beginning to test and even roll out EMV. EMV cards are far more secure than traditional credit cards, and consumers should embrace these new, more secure cards.
10. Get physically secure. Security cameras, alarm systems and signage are essential to protect the perimeter of your property from vandals, as well as protecting the inventory from theft, or even the cash register from sweethearting or robbery. Security cameras are an essential component to any small business security system.
11. Hire honest employees. Unfortunately, too many people lie, cheat and steal—and when they come to work for you, they drain company resources until they are fired. It’s best to use prescreening services.
12. Upgrade wireless. If your wireless router is more than 2 years old then it’s time to buy new. Security standards continue to be upgraded and old is often not secure.
13. Don’t’ worry about any of the above! Seriously! Now I didn’t say don’t do it, because you should, but don’t needlessly worry. Take action, get secure, keep on top of it, and have a Happy New year!

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . 

We’ve seen this before and it never ends good. This time it’s resulting in an identity theft charge  for Ira Trey Quesenberry III, an 18-year-old student at Sullivan Central High School. A few years ago this would have been looked upon as a victimless prank. But times have changed and as social media sites like Twitter, Facebook, LinkedIn and others have morphed into much more than just recreational websites, it’s not just unacceptable; it’s a crime.

The Twitter account was created with the name and photo of Dr. Jubal Yennie, director of the Sullivan County school district. The account has since been deleted but the tweets sent in Yennie’s name were reported to be of an embarrassing nature and not appropriate for a school administrator. Why would an 18 year old do something like that?

The Smoking Gun reports, “Yennie contacted sheriff’s deputies last Friday to report the phony Twitter account. After investigators linked Quesenberry to the account, the teen reportedly confessed to opening it. Quesenberry was booked today by sheriff’s deputies, and is due to appear tomorrow in General Sessions court.”

Grab your/companies name/products/services, people. Sites like Knowem.com will do this for free or for a small fee. The worst thing you can do is nothing. There are millions of 18-year-olds out there to make you look stupid-er.

Robert Siciliano, personal security and identity theft expert and Advisory Board member to Knowem. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. 

Evaluating risk vs. reward is a process most people go through on a daily basis. For example, you are about to make a left-hand turn but a car is coming. You think you can make it but he’s kind of coming fast. The risk, of course, is misjudging his speed and getting into an accident.

At Ready.gov a risk assessment is a process to identify potential hazards and analyze what could happen if a hazard occurs. A business impact analysis (BIA) is the process for determining the potential impacts resulting from the interruption of time sensitive or critical business processes.

A business impact analysis (BIA) predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment. Operations may also be interrupted by the failure of a supplier of goods or services or delayed deliveries. There are many possible scenarios which should be considered.

Risk is a fundamental part of a small business operation. The question is how much attention you pay to each risk and what the reward is for reducing the risk. The cost/benefit key is to effectively recognize risk and reduce it with as little investment as needed.

Define Risk

Be able to define, articulate and be alert to what risks the organization may face in a given year. If any of these risks could cause loss in any way, they need to be addressed far in advance.

Identify Risk

Risk comes in many forms. Create a list of potential threats from your experiences, others’ experiences or from proper risk assessment plans. Threats come from criminal hackers, employees, customers, competitors and more. What’s at risk may include reputations, digitized information, paper documents, physical hardware, and life and limb.

Create a Risk Assessment Chart.

Compile a list of assets (people, facilities, machinery, equipment, raw materials, finished goods, information technology, etc.) in the left column.

For each asset, list hazards that could cause an impact. Since multiple hazards could impact each asset, you will probably need more than one row for each asset. You can group assets together as necessary to reduce the total number of rows, but use a separate row to assess those assets that are highly valued or critical.

For each hazard consider both high probability/low impact scenarios and low probability/high impact scenarios.

As you assess potential impacts, identify any vulnerabilities or weaknesses in the asset that would make it susceptible to loss. These vulnerabilities are opportunities for hazard prevention or risk mitigation. Estimate the probability that the scenarios will occur on a scale of “L” for low, “M” for medium and “H” for high.

Analyze the potential impact of the hazard scenario. Rate impacts “L” for low, “M” for medium and “H” for high.

Information from the business impact analysis should be used to rate the impact on “Operations.”

The “entity” column is used to estimate potential financial, regulatory, contractual, and brand/image/reputation impacts.

The “Overall Hazard Rating” is a two-letter combination of the rating for “probability of occurrence” and the highest rating that impacts people, property, operations,  environment, and entity.

When evaluating risk and determining where funds, energy and attention are allocated to such risks, a risk scoring system can help determine what is a high or low probability vs. what would cost the company irrevocable harm.

The worst thing any organization can do is…nothing. Taking responsibility and using past experience and prediction methods can properly prepare an organization for the inevitable. As they say, if you fail to plan, you plan to fail.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! .