Would you dare a burglar to break into your home while your family was sleeping? Would you taunt a murderer or serial killer to try and get you? And would you say to a gang of thieves “just try and break into my business”. Maybe if you are a little daring and maybe if you had a screw loose you’d make these irresponsible requests. But in reality “bring it on” is never a good idea. Especially when it comes to your network security. Because “they” just might win.

The UFC.com, the official website of the Ultimate Fighting Championship, was hacked by a group calling themselves the “Underground Nazi H4ck3rGr0up.”

Fox5 reported Dana White, UFC President issued the challenge to hackers because he supports the recently debated online piracy legislation known as SOPA and PIPA.

“They will not intimidate me,” White said in a phone interview with FOX5. “I’m not intimidated. I’m not scared of what they’re doing.”

The computer hacker, known only as UgNazi, successfully took over UFC.com

Within a day of this attack it was reported that Whites Social Security number and additional personal information was hacked and exposed for the world to see. But in fact the information was for another person who went through a pretty harrowing harassment over the course of a few days.

Kicking a hornets’ nest isn’t advisable. And neither is taunting a collective of criminal hacktivists who have lots of time and lots of resources to make your small business network a target.

Robert Siciliano personal and small business security specialist to ADT Small Business Security.

Stolen phones are a big problem here in the US. Many are stolen in robberies. Robberies are, by definition, violent crimes, and there are many instances of robberies of mobile phones that resulted in serious injury or even death.

TechNewsWorld reports “Ten years ago, mobile phone thefts accounted for about 8% of New York City’s overall robbery cases, but since then the number has climbed to 40%, according to Ray Kelly, commissioner of the New York City Police Department.”

Similar statistics like 38% of all robberies in Washington, D.C. and other big cities have prompted the Federal Communications Commission, wireless carriers, law enforcement across the country and a few outspoken politicians to work together and create the PROTECT Initiative.

A month ago a journalist asked me if the wireless carriers will ever agree to create a joint effort consortium to identify, catalog and dead end stolen mobile devices. I said never, no way, won’t happen, they make too much money off the contracts to turn down a stolen phone. But now that lawmakers have stepped in, the wireless industry will want to have a say before any laws are passed that tie their hands.

PROTECT is a good thing. It helps create awareness – people still don’t get that they need mobile security. In the coming months we will see more buzz from the wireless community about what systems are in place to protect you and what responsibilities you have as a consumer to protect yourself.

Meanwhile software like McAfee Mobile Security not only protects against viruses and malware but can help prevent a criminal from accessing your personal and private data if your phone is lost or stolen. You can remotely locate your phones, even if the GPS is turned off, lock the device, back up the data and if necessary, wipe everything from your phone. If your mobile phone was ripped from you right now, how vulnerable would you be?

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube.

When hiring new employees the first concern is often “how good of an employee will they be” but in fact the first concern should be “are they actually who they say they are” because regardless of the nature of your business, an employee who isn’t actually who they say they are can wreak havoc on your business when there are no consequences to their real identity.

Former Department of Homeland Security Chief Chertoff stated; “I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.”

We are functioning in an environment in which IDs have yet to be verified or authenticated. There are hundreds of forms of identification in circulation with little security, the Social Security number is a national ID available everywhere, there are thousands of variations of the birth certificate, there are kids on college campuses everywhere selling fake IDs and credit is wide open.

All these fake IDs contribute to the exasperating problem of imposter fraud.

Get the ID Checking Guide to assist you with employee ID verification. “Whether for initial screening or final ID check, verifying ID is important. By reducing inappropriate employment applications, time is saved and later errors or litigation averted. Our references are quick and easy-to-use, with clear indication of the security features that help to verify ID.”

Eventually fake ID detection methods like Smart-cards, biometrics in all its forms, multi-factor authentication and other identity verification methods will help form trusted identities and being an imposter won’t be so easy.

Robert Siciliano personal and small business security specialist.

An employee of the Utah State Department of technology must have hit the snooze button when he launched a test server that resulted in the breach of 780,000 Medicaid records including over 250,000 Social Security numbers.

The Governor of Utah was quoted in the Salt Lake Tribune saying “Individuals provide sensitive personal information to the government in a relationship of trust. It is tragic that not only data was breached, but now individual trust is also compromised.”

Words like “tragic” are generally associated with death, not data breaches, nonetheless, it’s not good to have your Social Security number in the hands of a criminal. The data breached will most certainly cause thousands of people to suffer from identity theft. New lines of credit opened by the thief will go unpaid and ruin good credit ratings.

While we do not have all of the specific details of the incident in Salt Lake City, it appears that the systems in question may have had the encryption measures required, but that a single weak password may have provided access to these sensitive records. This is another reminder that the failure to implement organizational security policies is, in itself, a weak link in IT security.

Security is the responsibility of the ones who are in charge, those who hold the keys. In my home, it’s me. In your house, it’s you. And you can put all the locks on a house that you need, but if you leave a window open or a thief chooses to look under your doormat for a front door key, he can easily enter and rob you blind.

For consumers a comprehensive antivirus, antispyware, antiphishing and firewall is just the beginning. Make sure your computer us up-to-date with all its critical security patches and your browser is secured too.

Robert Siciliano is an Online Security Evangelist to McAfee. 

The 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier report released by Javelin Strategy & Research Data Breaches increasing and more damaging – “One likely contributing factor to the fraud increase was the 67 percent increase in the number of Americans impacted by data breaches compared to 2010. Javelin Strategy & Research found victims of data breaches are 9.5 times more likely to be a victim of identity fraud than consumers who did not receive such a data breach letter. The survey found 15 percent of Americans, or about 36 million people, were notified of a data breach in 2011.”

Over the past five years, criminal hackers from all over the world have been targeting huge databases of Social Security and credit card numbers. The endgame for criminal hackers is identity theft. Once they obtain stolen data, their objective is to turn it into cash as quickly as possible. This either entails selling the data to identity thieves on black market forums, or using the information to create new accounts or to take over existing credit card accounts.

According to the Privacy Rights Clearinghouse’s Chronology of Data Breaches, more than 500 million sensitive records have been breached in the past five years. The Chronology of Data breaches lists specific examples of data theft incidents in which personal data is compromised, lost, or stolen: “employees losing laptop computers, hackers downloading credit card numbers and sensitive personal data accidentally exposed online.”

The fundamentals of ID theft protection include:

Software: Antivirus, antiphishing, antispyware. Total protection “all access” suites of protection and full disk encryption

Hardware: Routers, firewall security appliances

Physical security: Commercial grade solid core doors, business security systems, security cameras.

Robert Siciliano personal and small business security specialist to ADT Small Business Security.

Smartphones now make up half of all activated mobile phones. And as we know, smartphones are small computers, capable of performing most of the same functions as a PC, primarily through the use of mobile applications.

Some claim that mobile malware threats are still too scarce to worry about. But while PCs definitely remain the bigger targets, smartphones are quickly capturing criminal hackers’ attention, with instances of mobile malware increasing by 600% from 2010 to 2011.

CIO.com’s Al Sacco, “a security-conscious mobile beat reporter,” reported on his experience dealing with his first smartphone infection. His McAfee Mobile Security app identified the Android virus on his Motorola Atrix 4G. “Security expert, I am not, and I’m the first to admit it,” Sacco defers. “But I do know a thing or two about smartphones and the mobile landscape, and I can say without a doubt that the Android threat is very real… It’s better to be paranoid about real threats than to shake them off as nonexistent. And that’s a fact.”

“Paranoid” is a strong word, implying mental illness. And I know that isn’t really what Sacco meant. But maintaining an acute awareness of potential threats to your smartphone and taking action to prevent them isn’t mentally ill, it’s just smart.

What’s really crazy is using an Android device without mobile security, because it’s only a matter of time before that device is infected.

Robert Siciliano is an Online Security Evangelist to McAfee. 

Near Field Communications (NFC), is the exchange of information between two devices via wireless signal. For example, a wireless signal emitting from your cell phone can act as a credit card when making a purchase. In the case of a mobile wallet application, those devices would be a mobile phone and a point of sale device at a checkout counter.

NFC handsets are set to increase to about 80 million next year. Gartner estimates that that 50% of smartphones will have NFC capability by 2015.

But not all NFC revolves around mCommerce. The usage of NFC  for identity documents and keycards are widely deployed.

And then theres FeliCa, is a contactless technology that is widely deployed in Asia for public transportation, access management, event ticketing, customer loyalty programs and micropayments. As of March 2011, there were over 516 million units of FeliCa IC Chips worldwide, incorporated in 346 million cards and 170 million mobile phones.  Gemalto and Sony Corporation have established an agreement to provide FeliCa / Near Field Communication (NFC) solutions globally.

“With FeliCa’s proven commercial adoption particularly in the Asian markets, we strongly believe that our agreement with Sony will enable Gemalto to build the foundation for significant expansion for both companies at a global scale,” added Tan Teck-Lee, Chief Innovation & Technology Officer and Asia President of Gemalto. “Gemalto’s UpTeq NFC SIM is set to trigger the mass deployment of mobile NFC services now, while providing operators the flexibility to expand their offer in the longer term.”

Robert Siciliano, personal security expert contributor to Just Ask Gemalto.