The White House issued a statement in regards to our critical infrastructure – such as the electricity grid, financial sector, and transportation networks that sustain our way of life – have suffered repeated cyber intrusions, and cyber crime has increased dramatically over the last decade. The President has thus made cyber security an Administration priority.

From The Desk of President Obama: “We count on computer networks to deliver our oil and gas, our power and our water. We rely on them for public transportation and air traffic control… But just as we failed in the past to invest in our physical infrastructure – our roads, our bridges and rails – we’ve failed to invest in the security of our digital infrastructure… This status quo is no longer acceptable – not when there’s so much at stake. We can and we must do better.”

Members of both parties in Congress have also recognized this need and introduced approximately 50 cyber-related bills in the last session of Congress. The proposed legislation is focused on improving cyber security for the American people, our Nation’s critical infrastructure, and the Federal Government’s own networks and computers.

#1 National Data Breach Reporting. State laws have helped consumers protect themselves against identity theft while also incentivizing businesses to have better cyber security, thus helping to stem the tide of identity theft.

#2 Penalties for Computer Criminals. The laws regarding penalties for computer crime are not fully synchronized with those for other types of crime.

#3 Protecting our Nation’s Critical Infrastructure. Our safety and way of life depend upon our critical infrastructure as well as the strength of our economy. The Administration is already working to protect critical infrastructure from cyber threats.

#4 Protecting Federal Government Computers and Networks.  Over the past five years, the Federal Government has greatly increased the effort and resources we devote to securing our computer systems.

#5 New Framework to Protect Individuals’ Privacy and Civil Liberties. The Administration’s proposal ensures the protection of individuals’ privacy and civil liberties through a framework designed expressly to address the challenges of cyber security.

Our Nation is at risk. The cyber security vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity.

Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

The Internet is incredibly powerful tool that must be used intelligently and cautiously. Do your part to protect your little network and we will all be that much safer.

Use antivirus software, spyware removal, parental controls and firewalls.

Back up your data locally and in the cloud.

Understand the risks associated with the wireless web especially when using unsecured public networks.

Protect your identity too. The most valuable resource you have is your good name. Allowing anyone to pose as you and let them damage your reputation is almost facilitating a crime. Nobody will protect you, except you.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. 

The Internal Revenue Service today issued its annual “Dirty Dozen” ranking of tax scams, reminding taxpayers to use caution during tax season to protect themselves against a wide range of schemes ranging from identity theft to return preparer fraud. Here are 4:

Identity Theft

Topping this year’s list Dirty Dozen list is identity theft. In response to growing identity theft concerns, the IRS has embarked on a comprehensive strategy that is focused on preventing, detecting and resolving identity theft cases as soon as possible. In addition to the law-enforcement crackdown, the IRS has stepped up its internal reviews to spot false tax returns before tax refunds are issued as well as working to help victims of the identity theft refund schemes.

Phishing

Phishing is a scam typically carried out with the help of unsolicited email or a fake website that poses as a legitimate site to lure in potential victims and prompt them to provide valuable personal and financial information. Armed with this information, a criminal can commit identity theft or financial theft.

Return Preparer Fraud

About 60 percent of taxpayers will use tax professionals this year to prepare and file their tax returns. Most return preparers provide honest service to their clients. But as in any other business, there are also some who prey on unsuspecting taxpayers.

False Form 1099 Refund Claims

In this ongoing scam, the perpetrator files a fake information return, such as a Form 1099 Original Issue Discount (OID), to justify a false refund claim on a corresponding tax return. In some cases, individuals have made refund claims based on the bogus theory that the federal government maintains secret accounts for U.S. citizens and that taxpayers can gain access to the accounts by issuing 1099-OID forms to the IRS.

Protect yourself!

Protect your information. Secure all data from the moment it arrives in your mailbox. Secure means that your mailbox and file cabinet have locks, or even storing important documents in a fire-resistant safe.

Shred non-essential paperwork. Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.

Go paperless. Whenever possible, opt to receive electronic statements in your inbox. The less paper in your life, the better.

File early. The earlier you file, the more quickly you thwart any criminal’s attempt to file on your behalf and collect your refund. Only file your tax return with the help of a local, trusted, professional accountant whom you know, like, and trust.

Protect your PC. A computer’s operating system should always be updated with the latest critical security patches and you should use comprehensive security software that provides antivirus, anti-spyware, anti-phishing, anti-spam and a 2-way firewall.

Robert Siciliano personal and home security specialist to Home Security Source.

Corporations know there are long-term marketing benefits of social media and they also know the security issues with employees continue to be a problem.

Many companies restrict internal access. Others prevent employees from discussing or mentioning the company in social media during private time.

Follow these social media security tips for small business to prevent security issues:

#1 Implement policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do too.

#2 Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like a tiny URL decoder.

#3 Limit social networks. In my own research about social media security, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure.

#4 Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed with social media security risks.

#5 Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure your business network is up to date.

#6 Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

#7 Companies who eliminate access to social media open themselves up to other business security issues. Employees who are bent on getting access, often skirt security making the network vulnerable.

Robert Siciliano personal and small business security specialist to ADT Small Business Security.

Back in 2010, The Wall Street Journal was already warning us about app developers’ lack of transparency with regard to their intentions.

“An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.”

And since then, our level of engagement with mobile apps has only increased (with over 10 billion apps downloaded), while there has not been a lot of movement to prevent applications from accessing your data.

So what to do? Privacy concerns are justified, but there is a limit to what how this information can be utilized. If you feel the urge to free yourself from data tracking, you could delete and avoid apps, or you could provide false information, but that could violate terms of service and might not be effective, anyway.

When downloading an application, make an effort to consider what you are giving up and what you are getting in return, and to consciously decide whether that particular tradeoff is worthwhile.

You can also use mobile security software like McAfee Mobile Security that scans your installed apps to determine the level of access being granted to each of them. This feature then alerts you to apps that may be quietly siphoning data and enjoying unnecessarily extensive control of device’s functionality and then you can decide if you want to keep the app or delete it.

With better insight, you can take more your mobile security and privacy into your own hands.

Robert Siciliano is an Online Security Evangelist to McAfee.

The 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier, released by Javelin Strategy & Research, reports that in 2011 identity fraud increased by 13 percent. More than 11.6 million adults became a victim of identity fraud in the United States, while the dollar amount stolen held steady.

Approximately 1.4 million more adults were victimized by identity fraud in 2011, compared to 2010. Countering this rise is the successful effort to combat identity fraud coupled with greater consumer awareness of the issue. While the number of fraud incidents increased, the total amount lost remained steady.

One of the key factors potentially contributing to the increase in incidents was the significant rise in data breaches. The survey found 15 percent of Americans, or about 36 million people, were notified of a data breach in 2011. Consumers receiving a data breach notification were 9.5 times more likely to become a victim of identify fraud.

According to the survey the three most common items exposed during a data breach are:

– Credit card number

– Debit card number

– Social Security number

What Are the Latest Identity Theft Statistics?

Here are some eye-opening statistics:

•           500 million—the number of consumers from 2005 to 2009 whose personal and financial data has been exposed as a result of corporate data breaches—events the victims cannot control despite taking personal safety measures

•           400%—victims who found out about their identity theft more than six months after it happened incurred costs four times higher than the average

•           165 hours—the average amount of time victims spent repairing the damage done by creation of new fraudulent accounts

•           58 hours—the average amount of time victims spent repairing the damage done to existing accounts

•           43%—the percentage of identity theft occurring from stolen wallets, check-books, credit cards, billing statements, or other physical documents

•           1 in 4—number of American adults who have been notified by a business or checkbooks, credit cards, billing statements, or other physical documents

•           Once every three seconds—how often an identity is stolen

The most efficient way to protect your identity is with an identity theft protection service and get a credit freeze.

Robert Siciliano personal and home security specialist to Home Security Source.

The Federal Trade Commission (FTC) provides the following list of warning signs that your identity may have been stolen:

1. Accounts you didn’t open and debts on your accounts that you can’t explain
2. Fraudulent or inaccurate information on your credit reports, including accounts and personal information, such as your Social Security Number, address, name or initials, or employer
3. Failing to receive bills or other mail (this could indicate that an identity thief has taken over your account and changed your billing address—follow up with creditors if your bills don’t arrive on time)
4. Receiving credit cards that you didn’t apply for
5. Being denied credit or being offered less favorable credit terms, like a high interest rate, for no apparent reason
6. Getting calls or letters from debt collec­tors or businesses about merchandise or services you didn’t buy.
7. You may find out when bill collection agencies contact you for overdue debts debts you never incurred.
8. You may find out when you apply for a mortgage or car loan and learn that problems with your credit history are holding up the loan.
9. You may find out when you get something in the mail about an apartment you never rented, a house you never bought, or a job you never held.

The most efficient way to protect your identity is with an identity theft protection service and get a credit freeze.

Robert Siciliano personal and home security specialist to Home Security Source and author of 99 Things You Wish You Knew Before Your Identity Was Stolen. 

Peer to peer file sharing is a great technology used to share data over peer networks.  It’s also great software to get hacked. This is the same P2P software that allows users to download pirated music, movies and software.

In my own P2P security research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers. I’ve found family rosters which include usernames, passwords and Social Security numbers for entire family. I’ve found Christmas lists, love letters, private photos and videos (naughty ones, too) and just about anything else that can be saved as a digital file.

Installing P2P software allows anyone, including criminal hackers, to access your client’s data. This can result in business security breaches, credit card fraud and identity theft. This is the easiest form of hacking. There have been numerous reports of numerous government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

Blueprints for President Obama’s private helicopters were recently compromised because a Maryland-based defense contractor’s P2P software had leaked them to the wild, wild web.

#1 HaveP2P security policies in place not allowing the installation of P2P software on your workplace computers or employee laptops.

#2 A quick look at the “All Programs Menu” will show nearly every program on your computers. If you find an unfamiliar program, do an online search to see what it is you’ve found.

#3 Set administrative privileges prevent the installation of new software without your knowledge.

Robert Siciliano personal and small business security specialist to ADT Small Business Security.