In the movies, the good guys always get the bad guys. In cyber reality, no such thing exists.

A survey of 5,000 IT security professionals turns up the following:

• 63% doubt they can stop data breaches.
• 69% think threats slip through the cracks of their security systems.
• 57% believe their company lacks protection from advanced attacks.
• 80% think their company’s leaders fail to connect the dots between a data breach and potential profit loss.

A survey of customers shows:

• 59% are quite concerned about credit and debit card information theft.
• 57% are very concerned about ID theft.
• About 60% believe that a data breach involving their credit card or personal details would make them less likely to conduct business at a store or bank they usually use.

That last point leads to reputation smearing and loss of customer trust. But what about customer responsibility when it comes to security breaches? The “blame the customer” mentality seems more appropriate in the workplace when employees bring to work their own devices to assist in their jobs. This lets the data-breach cat out of the bag.

Though a significant percentage of employees have admitted (in surveys) to having a security problem with their device, a remarkably small percentage of these users felt compelled to report this to their boss. A very statistically significant number of employees who bring their devices to work haven’t even signed a formal contract that outlines security procedures. The bottom line is that taking security seriously is a rare find among employees who do the BYOD thing.

Another survey turned up an unsettling result: 76% of the 700+ consumers (who were affected by a breach) who were surveyed experienced stress from the event—but more than half didn’t even take steps to prevent ID theft afterwards.

Maybe this complacency can be in part explained by the fact that the losses from breaches are mostly absorbed by the companies involved.

The consumer, customer and employee need to step up to the plate and do their fair share of taking security measures seriously, rather than sitting back and letting businesses and banks take the entire burden.

It’s like getting attacked by a shark. Is the shark entirely to blame if the swimmer jumped into water near a sign that says “Beware of Sharks”? Then again, someone has to take the responsibility of putting the sign there in the first place…

All entities must pull together, stop finger pointing and accusing, and try to get a step ahead of the real villains.

Mashable.com says that recently over 98,000 photos have been leaked from Snapsaved.com, which has shut down. The Snapchat app makers won’t take any credit, even though previously, 4.7 million phone numbers and usernames were leaked. The company seems indifferent, though this May, they reached a settlement with the FTC.

Snapchat blames third-party sites and apps for the leakage, and also users of Snapchat (mostly teens), rather than their servers being hacked, but can’t explain how this is. Nevertheless, there’s a problem with Snapchat’s product.

Third parties can come up with their own applications to interact with Snapchat. Anyone can construct an application to the Snapchat service. People like these apps even though they violate the TOS. And Snapchat, thanks to its flawed infrastructure, can’t tell legitimate traffic from third-party traffic.

Snapchat doesn’t consider that users could be communicating with people who are using third-party apps. To date, people using Snapchat to send an image can’t trust that privacy won’t be compromised. How would the user know that the receiver of the image isn’t using a third-party app that ultimately can unleash the images for all to see?

But Snapchat insists that the images can disappear rather than be shared. Snapchat is failing to inform users that their images can be leaked. Though the way that Snapchat’s terms of use is worded protects them legally, there’s a morality issue when the company expects its users (mostly ages 13-17) to have the wits to know about third-party users violating terms of use.

Snapchat says it has removed dozens of third-party apps from key app stores. But this doesn’t stop new websites and apps from appearing. And you can’t rid an app from every app store. What users can do in the meantime is realize that Snapchat is not secure, and to be careful whom you Snap with. Snapchat is about fun, not privacy.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

One of history’s great literary classics is Homer’s Iliad, which tells the story of the Trojan horse—the wooden horse that the Greeks hid in to enter the city of Troy and take it over. Two thousand and some odd years later, hackers use a digital Trojan horse to hide malicious files in seemingly harmless files with the intent to attack or take over your device. A Trojan horse (or Trojan) is one of the most common and dangerous types of threats that can infect your computer or mobile device. Trojans are usually disguised as benign or useful software that you download from the Internet, but they actually carry malicious code designed to do harm—thus their name.

There are a variety of types of Trojans, many of which can launch sophisticated and clever attacks. Here are some types to be aware of:

• Password-stealing Trojans—These look for saved passwords on your computer and email them to the hackers. Some can even steal passwords cached in your browser history.
• Remote access Trojans—These are quite common, allowing the attacker to take control of your computer and access all of your files. The hacker could potentially even access your online banking and credit card sites if you have your password stored in your browser memory or on your computer.
• Destructive Trojans—These Trojans destroy and delete files from your computer
• Antivirus killers—These Trojans detect and kill your antivirus and firewall programs to give the attacker easier access to your computer

A Trojan can have one or multiple destructive uses—that is what makes them so dangerous. It’s also important to realize that unlike viruses, Trojans are not self-replicating and are only spread by users who mistakenly download them, usually from an email attachment or by visiting an infected site.

Here are some steps you can take to avoid downloading a Trojan horse:

• Beware of suspicious emails. Don’t open an email attachment if you don’t recognize the sender of the email
• Use comprehensive security software. Protect all your devices with McAfee LiveSafe™ service as well as stay protected from spam, sketchy files, and viruses
• Separate the good from the bad. Use an email program with a built-in spam filter to decrease the chance of a malicious email getting into your inbox
• Know the threats. Keep current on the latest threats so you know what to look for when you receive suspicious emails

Remember that Trojans are common because they are so successful. Hackers use social engineering techniques, such as mentioning a current news topic or popular celebrity, to get you to click on their email. Just being aware of what they are and how they work can prevent you from having to deal with financial loss, identity theft, damage to your computer, and significant downtime.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  

Identity theft gets all kinds of buzz in the news. It’s not hard to see why—in 2012, over 16.6 million Americans were victims of identity theft. What most people don’t know is that identity theft is much more than just stealing your credit card number. In other posts, I discussed how thieves use your identity to get free healthcare or your child’s identity to apply for credit. Today, I want to introduce you to another kind of identity theft—criminal identity theft—where the criminal uses your identity to make you look like the criminal.

Criminal identity theft involves impersonation and it’s the worst kind of identity theft and the hardest to clean up. You don’t want to end up like Jason Bateman’s character Sandy Patterson, in the movie Identity Thief, where his identity was stolen and used by another individual and he finds out because he owes a bunch of money and has a warrant out for his arrest.

Basically, a thief takes over your identity and assumes it as his or her own. But instead of using your identity to access your bank account or apply for a credit card, the thief uses your identity to commit crimes and get off scot-free.. How? They can give your personal information (like your name, identification number, or date of birth) to law enforcement officials during an investigation or an arrest. They could also use your information to create fake identification for themselves.

Criminal identity theft can lead to a very nasty headache for you. A thief could get caught for a traffic violation or a misdemeanor and sign the citation with your name. Then you get stuck paying those annoying fees and fines. If a thief uses your name when getting arrested for a crime, you could end up with a criminal record, which could affect your ability to get a job or buy property. Another case is when the thief commits a crime using your identity, and then a warrant is issued for your arrest.  But instead of looking for the criminal, they are looking for you—you could have a warrant out for your arrest and not even know it!

Criminal identity theft can have some pretty drastic consequences. Here’s some ways to protect yourself from this dastardly form of identity theft:

• Shred all sensitive documents. This can prevent thieves from getting their hands on your personal information.
• Report missing identification cards. Most criminal identity thieves get your information from stealing your driver’s license or other personally identifiable information (PII) like Social Security numbers or Identification cards. If you report a missing driver license, your state might flag your license number and in the event that another driver is pulled over by law enforcement and presents your license as their own they could be questioned for further information
• Get a background check on yourself. If you feel like someone may be impersonating you, get a background check done. This can be done via online services or by a private investigator.
• Check State and National criminal databases. Search your name in criminal databases like the FBI’s National Crime Information Center (NCIC) database to see if you have a criminal record.

Stay safe!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  

Cyber storage does not always = secure backup. Users of cloud storage have many potential tools at hand to beef up security. And just because cloud services have some loopholes doesn’t mean you should just throw in the towel, as the saying goes, and figure “What’s the point?”. Here are some ways to beef up cloud storage security and manage your online backup.

• Take inventory of what’s stored in your cloud account. Evaluate how important each data item is. If the cloud service can access your data, you may want to make some adjustments, since some of your data might not be compatible with the service’s terms.
• Consider encrypting your most sensitive data if you don’t want to remove it from the cloud and then back it up locally.
• Don’t put all your data in one basket, either. Suppose all your data is stored in one cloud service, and that service gets hacked or something else happens and you lose your data—or it’s in the hands of thieves. If you use more than one cloud service, then at least if one gets hacked, you’re not totally screwed. Think of this as being like having your precious jewels locked in several small safes throughout your house, rather than in one giant safe. What are the odds that an intruder will find all the safes and get into all of them?
• If your cloud account has any devices, services or applications linked, very carefully inspect and modify their settings to optimize security. Discard useless, old, unused connections so they don’t become portals to your data.
• Use two-factor authentication on every cloud password when available. If the service doesn’t offer two-factor, consider dumping it.
• Make your answers to security questions crazy-nutty, but also memorable.
• Assess your cloud passwords. They should be very different from each other. If you can’t handle memorizing a bunch of long, convoluted passwords (which are the best kind), use a password manager.

Hackers are hell-bent on busting into the network of their targets. They are persistent—never giving up. When you build your defense against cyber criminals, it must be done with the idea that they WILL succeed. When you operate on this assumption rather than thinking that your anti this and anti that are all you need, you’ll have the best cyber security in place.

Another mistake is to assume that hackers hound only small businesses or weak networks. The cyber criminal doesn’t care so much about vulnerabilities; he wants the goods. It’s like a burglar wanting a million dollars worth of jewels that he knows is stashed inside a mansion surrounded by a moat filled with crocodiles. This won’t stop him. It will only determine the dynamics of how he penetrates.

Yes, less sophisticated hackers will target more vulnerable networks, but there’s a lot of hefty hackers out there who aren’t intimidated by persistence. If cyber thieves want a goal badly enough, they’ll get into every nook and cranny to achieve their mission.

Hackers also determine ahead of time how the victim might respond to an attack. The crime ring will invest time in this, going well-beyond the intended target’s IT tactics. They’ll go as far as learning employees’ after-hour leisure activities. To make it harder for hackers to mine all this information, a company should keep things unpredictable like work routines and not embrace social media.

The hacker creeps around quietly, going undetected while spreading damage. To catch below-the-radar cyber invasions, a business should employ a system that can spot and stamp out these murmurs.

Finally, cyber criminals usually launch a secondary attack as a distraction while the major attack gets underway—kind of like that newsworthy operation of some years ago involving pairs of thieves: One would approach a woman with a baby and tell her the baby was ugly. This distracted her so much that she had no idea that the accomplice was slipping off her purse and scrambling away with it. You must anticipate decoy operations.

Remember, install layers of protection:

• Antivirus, antispyware, antiphishing, firewall
• Set up encryption on your wireless router
• Use a VPN when on free wireless
• Keep your devices software, apps, browser and OS updated

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

For anyone who goes online, it’s impossible to hack-proof yourself, but not impossible to make a hacker’s job extremely difficult. Here are three things to almost hack-proof yourself.

Two-factor authentication. Imagine a hacker, who has your password, trying to get into your account upon learning he must enter a unique code that’s sent to your smartphone. He doesn’t have your smartphone. So he’s at a dead-end.

The two-factor authentication means you’ll get a text message containing a six-digit number that’s required to log into your account from someplace in public or elsewhere. This will surely make a hacker quickly give up. You should use banks and e-mail providers that offer two-factor. Two factor in various forms is available on Gmail, iCloud, PayPal, Twitter, Facebook and many other sites.

Don’t recycle passwords. If the service for one of your accounts gets hacked, the exposed passwords will end up in the hands of hackers, who will invariably try those passwords on other sites. If you use this same password for your banker, medical health plan and Facebook…that’s three more places your private information will be invaded.

And in line with this concept of never reusing passwords, don’t make your multiple passwords sound schemed (e.g., Corrie1979, Corry1979, Corree1979) for your various accounts, because a hacker’s penetration tools may figure them out.

Use a password manager. With a password manager, you’ll no longer be able to claim not being able to remember passwords or “figure out” how to create a strong password as excuses for having weak, highly crackable passwords. You’ll only need to know the master password. All of your other passwords will be encrypted, penetrable only with the master password.

A password manager will generate strong passwords for you as well as conduct an audit of your existing passwords.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.