Years ago, having “the talk” with your kids meant telling them where babies come from. Nowadays, “the talk” has a whole new meaning. Your kids may be able to explain in detail how a baby is created, but may be clueless (because so many adults are) about something called “data permanence.”

Don’t beat around the bush. Tell your kid outright, “If you post any racy images of yourself online—it will be there for the next million years for anyone to see. And it can be used against you.” Give this same warning about comments your child might post to an article. Things that your kids put online can come back to bite them many years later when they’re applying for employment. Tell them that.

Of course, warning your adolescent that something they post could come back to haunt them 20 years from now might not have much of an impact on them—kind of like telling your kid—who has endless energy—that smoking could cause heart disease 20 years from now. So how can you get through to your kids?

• The more open the lines of communication are between parent and child, the more likely your message will get through about data permanence. Don’t make communication one-sided.
• When your kids ask you how things work, even if it’s not related to cyber space, never act annoyed. Never make them feel it was a silly question. Never show impatience or judgment. If you don’t know the answer to their techy question, say, “I don’t know; let’s find out.” Don’t fudge a half-baked answer in an attempt to sound smart. Admit when you don’t know an answer, then hunt it down.
• If you think it’s time to have “the talk” with your child, it is.
• There’s never a perfect time to have “the talk.” Stop putting it off. Stop saying, “I’ll have it when…” Just do it.
• Emphasize that raunchy images or nasty comments can come back to bite them in the near future. For example, they might have a crush on someone in a few years. What if that person googles them? What might they find? Ask your child, “What would you like them NOT to discover?”
• Don’t be all lecture. Get your child thinking and talking opportunities. Ask them open-ended questions, such as the example in the previous bullet point. Get their brain cells working.
• The privacy talk should be a process, not an event. That is, it should be a work in progress, ongoing, rather than a single event.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

First off, how NOT to fix a hacked credit report: signing on with a service that promises to correct the problem in a jiffy—a “sounds too good to be true” advertisement. A company that claims they will 100% fix your bad credit by removing negative information from your credit report is a bit scammy. In fact, whatever a credit repair company CAN legally do, you yourself can do.

Tips to Know Ahead of Time

• If a company takes action against you, you’re entitled to a free credit report if you request it within 60 days of being notified.
• Experian, Equifax and TransUnion are required to provide you, free of charge, your credit report every year.
• It’s free to question anything on your credit report.
• Credit reporting agencies are required to investigate your disputes, if valid, within 30 days.

Credit Reporting Agency

• Send the reporting company a document explaining your issues. Include copies of documents for evidence.
• Your mailed packet (use certified mail) should include an itemized list of your disputes and associated details.
• The agency will send your material to the entity that provided the information in question. This entity must investigate the issues, then provide feedback to the credit reporting agency, and that includes corrections in your report if it’s deemed that the suspicious information was, in fact, inaccurate.
• You will then hear back from the reporting agency: an updated report (free) and the results in writing. The agency will send a copy of the revised report, at your request, to anyone in the previous 24 months who had received the erroneous one.

Creditors

• Inform them in writing of your dispute.
• Include copies of all evidencing documents.

Repairing errors and getting rid of accurate but negative information are not the same thing. Time heals wounds; you’ll need to let time (usually seven years) completely get rid of the bad stuff.

Should you decide to use a credit repair company, know that it’s against the law for them to lie about their services or charge you before they’ve done their job. By law they must provide a contract explaining your rights and their services, plus many other details including total cost.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Haste certainly doesn’t make waste if you’ve suffered from an entity getting hacked resulting in a data breach. Don’t waste a single minute delaying notifying affected accounts! In the case of a credit card company, they will investigate; you won’t have to pay the fraudulent charges. The breached card will be closed, and you’ll get a new one. And there is more.

All sounds simple enough, but the experience can be a major hassle. Below is what you should do upon learning your card has been breached:

• If a SSN is breached, place a credit freeze or fraud alert with the three big credit bureau agencies. Placement of the credit freeze or fraud alert will net you a free copy of your credit reports; review them.
• See if you can find companies that have accounts in your name—that you didn’t set up. Notify and cancel them. Make a list of entities that might be affected by your ID theft, then contact them.
• If your identity is actually stolen, you may need documents to show creditors proof of your ID theft, you should file a report with the police and FTC.
• Keep vigilant documentation of all of your relevant correspondence.

If your credit card was compromised, you also must contact every company or service that was on autopay with the old card. This includes quarterly autopays (e.g., pesticide company) and yearly autopays, like your website’s domain name. Don’t forget these! You now have to transfer all the autopays to your new card.

But you also must consider the possibility that your credit card breach is only the beginning of more ID theft to come. You now must be more vigilant than ever. If it can happen once, it can happen again.

• Check every charge on every statement. If you don’t remember making that $4.57 charge…investigate this. Thieves often start with tiny purchases, then escalate.
• Use apps that can detect anomalous behavior with your credit card account. These applications are free and will alert you if there’s a purchase that’s out of the norm, such as there’s a charge to the card in your home town, but an hour later another charge occurs 800 miles away.
• See if your card carrier will let you set up account alerts, such as every time a purchase exceeds a set amount, you get notified.
• Never let your card out of your sight. The thief could have been someone to whom you gave your card for a payment—they used a handheld “skimming” device and got your data. If you don’t want to hassle with, for instance, the restaurant server who wants to take your card and go off somewhere to get your payment, then pay cash (if possible).
• Never use public ATMs; ones inside your bank are less likely to be tampered with with skimming devices.

Other than tampered ATMs and retail clerks taking your card out of your view to collect payment, there are tons of ways your personal information could get into a thief’s hands. Here are steps to help prevent that:

• Shred all documents with any of your personal information, including receipts, so that “dumpster divers” can’t make use of them.
• When shopping online, use a virtual credit card number; your bank may offer this feature.
• When shopping, patronize only sites that have “https” at the start of the Web address.
• Never save your credit card number on the site you shop at.
• If a retail site requires your SSN in order to make the purchase, withdraw from the site and never go back.
• Never give your credit card or other personal information to online forms that you came to as a result of clicking a link in an e-mail message. In fact, never click links inside e-mail messages.
• Make sure all your computer devices have a firewall, and antivirus/antimalware software, and keep it updated.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Perhaps you’ve read that “HTTPS” at the start of a website address means that the site is secure, encrypted. However, a feature of the HTTPS can track you, says an article at theregister.co.uk.

HTTP is not secure. Carnegie Mellon University in a Register article states “HSTS”, which is “Strict Transport Security”  redirects users to HTTPS. The HSTS authors decided that this redirection every single time was a bit much, so they came up with a feature that browsers could remember regarding the HSTS policy of visited sites. I know, a LOT OF INFORMATION.

The Register article goes on to explain that this feature is a “super cookie.” If you use a redirected site, an HSTS “pin” is set. It’s unique to you and the site you visit. Sam Greenhalgh says, as quoted in the article, “Once the number is stored it could be read by other sites in the future. Reading the number just requires testing if requests for the same web addresses are redirected or not.”

The browsing modes of incognito or private have no effect, continues the article. IE doesn’t support HSTS, but Chrome, Firefox and Opera browsers permit HSTS flags to be cleared.

Safari is a different story, says Greenhalgh. The article quotes him: “When using Safari on an Apple device there appears to be no way that HSTS flags can be cleared by the user. HSTS flags are even synced with the iCloud service so they will be restored if the device is wiped. In this case the device can effectively be 'branded' with an indelible tracking value that you have no way of removing.”

Think of all of this as a kind of fingerprinting of the user, you. A crook who runs a malicious site is capable of exploiting this feature. However, Google has reported to Greenhalgh that it’s “not practical” to “defeat such fingerprinting.”Its not practical getting hacked either.

Protect your privacy:

• Don’t send any sensitive information when connecting over public Wi-Fi (e.g. don’t do banking or shop online)
• Use private browsing mode on your Internet browser or at least turn off your browser cookies.
• Never reply to spam or unknown messages, whether by email, text, IM or social networking posts from people you don’t know—especially if it’s for an offer that sounds too good to be true.
• Only friend or connect with people online you know in real life.
• Make sure when you’re providing any personal information online that the site uses encryption (look for https:// in the URL) and check to see how they are using your personal data in their privacy policy.
• Be aware of location services with your smartphone or tablet. Turn off the GPS on your mobile device’s camera and only allow 

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Smartphones are picking up popularity. You can now access email, social media, and other things from a device that fits in your pocket (most of the time). And, although we hear about breaches and security flaws in the news, it seems like a lot of us don’t think it applies to our mobile device. Here are some of the most common mobile security myths.

1. “Antivirus protection isn’t worth it for a smartphone.” Just because this device fits in the palm of your hand doesn’t mean it’s not worthy of as much protection as your computer. It should have comprehensive security that includes, antivirus, anti-malware and anti-spyware. Think of how often and indiscriminately you use that little thing, even while you’re in between bench press sets or stuck in line somewhere. The more you use it, the more important protecting the information on it becomes.
2. “If I lose my phone I’ll just call it to find it.” A better way to locate it is to use an app with global positioning system (GPS), like McAfee® Mobile Security. With GPS, you can see the location of your device on a map, much easier than trying to hear your ringtone.
3. “Smartphones don’t get phishing scams.” Actually, phishing scams can occur via text (also known as SMiShing ) and social media apps. Plus, the mobile device’s smaller screen makes it harder to detect suspicious links.
4. “Apps for my phone are safe if they’re from trusted brands.” Fraudsters can easily make a malicious app look safe, and can even find its way into a reputable app store. McAfee Labs™ found that over 80% of Android apps track you and collect your personal information. Apps are also the main way that malware can be downloaded to your smartphone or tablet.
5. “As long as my phone has PIN protection, it’s fine to have apps automatically log into my accounts.” A PIN is incomplete protection because hackers may guess the PIN code or use software to nail the four-digit sequence. You’d be surprised how many people’s PINs are 1234 or 2222. Even if you have a longer PIN or passcode on your device, it’s good practice to not have your apps automatically log you in, even though this may be convenient. You don’t want something to be able to easily access your bank accounts or post random messages on your social accounts.
6. “SMS” adds protection. The short message service does not provide protection or monitoring of any kind. This means that text messaging is not secure and in fact, it’s often subject to spam.

Keep your mobile device safe with McAfee® Mobile Security, available on both Android andApple devices. The Android version includes antivirus and anti-malware software, an app manager, anti-theft features, and web protection. The Apple version includes Secure Vault to protect your pictures and videos from prying eyes.

You can’t change your fingerprint like you can change your password. But why would you want to change your fingerprint? The thought might cross your mind if your fingerprint gets stolen.

How the heck can this happen? Ask Starbug. He’s a hacker who demonstrated just how this could happen at an annual meeting of hackers called the Chaos Communication Congress, says an article at thegardian.com. His “victim” was defense minister Ursula von der Leyen.

Starbug (real name Jan Krissler) used VeriFinger, a commercial software, with several photos of von der Leyen’s hands taken at close range. One of the photos he took, and the other was from a publication.

And this gets more fun, total and complete James Bond stuff: The conference showed that “corneal keylogging” can happen. Reflections in the user’s eyes occur as they type. Photos of these reflections can be analyzed to figure out what they typed. This is another lovely gateway to getting passwords.

But back to the fingerprint thing. In 2013, says The Guardian article, Starbug took a fingertip smudge from a smartphone, and using a few clever techniques, printed an imposter finger. He used the fake thumb to get into the phone. This shows it’s possible to crack into a mobile device with a stolen fingerprint—obtained without even having to be near the victim.

Biometrics is a groundbreaking advance in security, and it was just a matter of time before hackers would figure a way to weaken it. All is not lost. Hacks like this aren’t easy to accomplish and there’s always multi factor authentication available as another layer of protection. 

Biometrics can certainly be a replacement for passwords, but again should include, a second-factor authentication. Passwords are secrets, stored inside people’s heads (ideally, rather than written on hardcopy that someone could get ahold of), but biometric features, such as fingerprints, photos and voice IDs, are out there for all to perceive. Though it’s hard to imagine how a hacker could figure out a way to fool voice recognition software, don’t count this out.

If you plan on getting a new smartphone, have you ever thought of what the next user of your old smartphone will find on it?

This assumes you’ll be selling or donating it, of course. Are you SURE those risqué photos are totally gone, or that your diary entries have been wiped clean? Experiments have been conducted in which someone buys used smartphones for the sole purpose of seeing how much personal data was left behind by the previous owner. I’ve done one, it wasn’t pretty. We found data on half the devices we bought in the second hand market.

It’s unbelievable how much data was retrieved in these experiments, including addresses, e-mails, passwords and text messages. A factory reset is not a totally reliable way to wipe clean your smartphone, either, as shown by the fact that some Android phones, despite the factory reset, still contained the previous user’s data.

Before taking the first step in getting rid of your mobile phone, back up all of its data.  This can be done with a flash drive or automated PC service. For Android and iOS, use Apple’s iCloud or Google’s Auto Backup.

Next, wipe your phone squeaky clean. No, not with a rag and bleach, but “wipe” means destroy all the data using a specific method. This is NOT done by hitting the delete button or even reformatting the hard drive. What you don’t see isn’t necessarily not there.

A reformatted hard drive can still contain your data. To wipe an Android or iOS, use Blancco Mobile. To wipe a Mac computer, use the OS X Disk Utility or WipeDrive. For Windows PC use Active KillDisk. If you use a factory reset for a smartphone, remove any SIM cards too.

What if you can’t wipe your device? If you don’t wish to give it to someone else, then literally destroy it. Don’t just toss it in the trash. Take out the hard drive and mutilate it with a hammer. If you do want to sell it or donate it (get the receipt if you do donate it for an IRS return), realize that your data will still be on it. You never know who will end up getting their hands on the device.

If the idea of hammering at the hard drive isn’t your cup of tea, then find out from the recycling company who conducts the downstream recycling. You don’t want your device—containing your data—getting into a foreign landfill. The recycling company should be part of R2, or “responsible recycling,” or be part of e-Stewards certification programs.