One man’s trash is another man’s new identity? Yes, because that “junk mail” you toss in the garbage contains valuable data about yourself. A crook bent on identity theft can potentially have a field day with your discarded pre-approved credit card applications, bank statements, etc. Using a paper shredder before throwing out letters and documents such as these will help protect you and your family.

You should take this same vigilant approach when recycling your devices, whether that be your computer,external hard drive, mobile phone or tablet. This ensures no matter where your recycled device ends up, you can feel secure knowing it contains zero data about  you—and a factory reset will not necessarily achieve this.

Here’s how to “clean” the data on your mobile device:

1. Do a factory reset. Every mobile phone contains software to do this.
   1. To reset Android: Menu > Settings > Privacy > Factory Data Reset.
   2. To reset Blackberry: Options > Security Options > General Settings > Menu > Wipe Handheld.
   3. To reset iPhone: Settings > General > Reset > Reset All Settings.
   4. For other phones, you can find out how to reset by doing an online search using the appropriate keywords, including the model number.
2. Get rid of data that is on external media, like SIM or SD cards. Your best bet is to cut them in half.
3. You can use a mobile security product, like McAfee® Mobile Security, to wipe your mobile clean of all its apps and data.

How to “clean” the data on your computer: Before you get rid of your computer, you must make sure that it’s impossible to recover the data on the hard drive. Simply putting things in the trash can and deleting them is not enough. If someone is skilled enough, they can almost always retrieve data left over on a hard drive. It’s your choice on how tough you make it for your computer’s new owner to do that.So don’t rely on these tasks.

Use a utility designed for wiping or erasing. This tool will overwrite everything with binary 1’s and 0’s. In fact, these tools meet government security standards and will overwrite each sector in your hard drive multiple times.McAfee Shredder, in which is included with McAfee LiveSafe™ service, is one of these tools. It will permanently wipe everything off your PC to protect your privacy.

This Earth Day, join the movement and demonstrate support for environmental protection. Just make sure to protect yourself first!

A law(s) for data breaching is around the corner. And the time is right, what with the scads of data breaches involving major retailers lately. Details of customers’ addresses, phone numbers, credit cards and other sensitive information have ended up in the hands of hackers. We’re talking many tens of millions of affected consumers.

Despite this mushrooming problem, no consensus has yet arrived regarding just what role the government should assume to protect peoples’ data. But a common thread to the many ideas is customer notification once a data breach occurs. Though 46 states do have notification laws, retailers gripe that this makes them spend precious time complying with this instead of on fighting data infiltrations and repairing the fallout.

“We’ve long said that action is needed and hopefully we can see passage of data breach notification legislation this year,” says Brian Dodge, a senior vice president at the Retail Industry Leaders Association.

Recently the Data Security Act was introduced. It would require companies and banks to have privacy protections and investigate breaches, plus alert customers about big risks of theft or fraud. Banks have complained about the costs of responding to data breaches and have insisted that retailers take more action to the fallout. The DSA could take some of this burden off banks.

“We think it's important that essentially everybody up their game,” says Kenneth Clayton, an executive VP and chief counsel at the American Bankers Association. This needs to occur whether through law or industry action, Clayton adds.

The FTC may even get involved. But how much should the government get involved, though? “The idea that the government would do a better job than private industry is a horrible idea,” says John Kindervag, a principal analyst at Forrester Research, an advisory firm.

However, a 2014 priority for the FTC is to protect sensitive health and financial information. “The FTC has long been concerned that this type of sensitive data warrants special protections,” says Jessica Rich, head of the FTC’s consumer protection bureau. She adds that the FTC strongly supports the possibility of new laws that would protect consumers.

Robert Siciliano is an Identity Theft Expert to AllClearID. 

Organized crime rings are using brains, not brawn, to target small businesses and steal critical data. Protect your business by putting these 11 security measures into place.

Organized crime has always been known to be all about muscle … but even the bad guys have evolved. Seems organized crime syndicates have discovered that more money can be made in less time with less hassle simply by employing brains over brawn.

As technology and technology skills have evolved, it's become painfully easy to employ hackers to break into small businesses' networks and seek out sensitive data and personal information.  

Meet the members of your friendly neighborhood crime ring:

Programmers: skilled technicians who write and code viruses that target a business’s network PCs.

Carders: specialists in distributing and selling stolen card data and sometimes transferring data onto blank “white cards” then embossing them with foil in order to create exact clones.

Hackers: black-hat intruders who look for and exploit vulnerabilities in networks.

Social engineers: scammers who may work with psychologists who dream up the different scams and then con victims via phone, phishing or in person.

Rogue systems providers: unethical businesses that provide servers for criminals.

Money mules: often drug addicts or naïve Americans who buy items at retailers with stolen credit cards. Some mules ship products, and others launder money. Mules may be from a foreign crime syndicate’s nation and travel to the U.S. to gain employment within an organization and open bank accounts to store money until transfer.

Bosses: in charge of the entire operation. Bosses delegate, hire talent and make all the money.

Organized criminal hackers all over the world use sophisticated hacking tools to penetrate databases that house a small business’s client data. In general, they're seeking:

• Social Security numbers
• Credit card numbers
• Bank account information
• Home and business addresses
• Birth dates
• Email addresses

Why do they do it? Simple—their primary motivation is to get paid. They accomplish this by opening new lines of credit or taking over existing accounts. Transactions include making charges to credit cards, initiating electronic fund transfers or using email addresses for large phishing or spear phishing campaigns. 

Hackers are the bad guys who use penetration-testing tools—both legal and illegal—that are available commercially or only available on the black market. Their tools come in different forms of hardware and software that seek out vulnerabilities within a small business's network. 

Vulnerabilities may be physical, as in facilities vulnerable to intrusion, or may be people who are vulnerable to social engineering. Virtual vulnerabilities exist in a business’s Internet connection (whether wired or wireless), an outdated browser or an outdated operating system—any of which may be vulnerable if they don't have updated security patches. Vulnerabilities can also be exposed via social engineering: A criminal simply gets on the phone, sends an email or shows up in person and cons a target using any of a variety of methods. 

There are plenty of ways to get taken. But there are also plenty of ways not to. The fundamentals of protecting your business’s data include:

• Maintaining updated operating systems, including critical security patches
• Installing and running antivirus, antispyware and antiphising software and a firewall
• Keeping browsers updated with the latest version
• Updating all system software, including Java and Adobe
• Locking down wireless Internet with encryption
• Setting up administrative rights and restricting software, such as peer-to-peer file sharing, from being installed without rights
• Utilizing filtering that controls who has access to what kind of data
• Utilizing Internet filters to block access to restricted sites that may allow employees or hackers to upload data to Cloud-based storage
• Possible disabling or removing USB ports to prevent the downloading of malicious data
• Incorporating strict password policies
• Encrypting files, folders and entire drives

These 11 steps are a good start. However, standard security measures are never enough. Depending on the size, scope, type of data requiring protection, compliance and regulatory environment, possible insider threats, and what "bring your own device" policies may be in place, risks and threats must be defined and prioritized. This often requires consulting a professional.

There are two considerations small businesses must take into account that go beyond a low-budget, “do it yourself” mentality:

1. Data loss prevention and risk assessment software. This type of software monitors an entire network’s activities and behaviors to seek out events that might lead to a breach and then stop them before data loss.

2. Penetration testers. These are white-hat hackers who use similar tools as black hats to seek out vulnerabilities and exploit those vulnerabilities as far as they're allowed by the client. They might use automated tools to seek technology vulnerabilities, or employ virtual or physical social engineering. For instance, some penetration testers will test the physical security of a building during or after hours. Penetration testing involves real-world attacks that have been proven to work elsewhere, along with seeking out flaws in a business’s networks. 

The worst thing any small business can do is nothing. Failure to test your networks and put layers of security in place will inevitably result in a breach. Forewarned is forearmed.  

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

“Cookiejacking” may sound like someone taking a bite out of that delicious chocolate chip cookie you were planning to have after lunch, but it is actually an online security risk that could lead to your personal information falling into the hands of a cybercriminal.

But to understand this risk, you first need to know about Internet cookies. An Internet cookie is a small text file that gets stored on your computer or mobile hard disk from a website that you have previously visited, so the next time you’re on that site, it alerts the site that you’re back.

The cookie holds information such as an identifier the site assigns to you, and any preferences or personal information you may have shared with that website, such as your name and email address. Cookies are the reason why you may see a message that says “Welcome back, John” when you revisit a website.

Now that you know what an Internet cookie is, you can better understand cookiejacking. This is when your device’s cookies are stolen, potentially giving thieves access to the information they hold.

This can be problematic when the cookies stored on your computer contain sensitive and personal data, such as your bank login information and social media account passwords. A cybercriminal could use the stolen information to access your accounts or impersonate you.

Of course, clicking on links in malicious emails or on risky websites increases the odds that you could fall victim to cookiejacking, so the more dangerous clicking you do, the more at risk you are.

How do you avoid cookiejacking?

Here are a few simple tips to help you avoid falling victim to this security concern:

• Be careful where you click—Especially when playing games on social networks since this could be a trap set by a cookiejacker; all of your clicking will enable the thief to steal your cookies. Also be wary of links in emails, text messages and instant messages, especially if they’re from people you don’t know personally.
• Use a safe search tool—Utilize a free browser plug-in, like McAfee® SiteAdvisor® that warns you if you are going to a risky site. For Android users, this feature is available as part of the free McAfee Mobile Security.
• Consider using private browsing mode—The private browsing mode prevents access to cookie files already saved on your device, but more importantly, it stores cookies for the active session in memory. This means that a page crafted for cookiejacking cannot access older cookies nor active ones, because there is no path to them.
• Install comprehensive security on all your devices—Make sure you protect all your devices with security like McAfee LiveSafe™ service that includes anti-malware, anti-spam, anti-phishing and a firewall so that you are less likely to be a click-jacking victim.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

I’m sure you’ve heard the news about Heartbleed by now (unless you’re in vacation wonderland and have taken a tech break). This is a serious vulnerability in the core of the Internet and is something we all should be concerned about.

Heartbleed is a kink in encryption software, discovered by security researchers. It is a vulnerability in OpenSSL and could affect nearly two-thirds of websites online. If exploited, it can leak out your passwords and login names, thus putting your personal information at risk.

That’s why McAfee, part of Intel Security, is responding to the dangerous Heartbleed vulnerability by releasing a free tool to help consumers determine if a website they visit is safe or not. You can access the tool, here: http://tif.mcafee.com/heartbleedtest

McAfee’s Heartbleed Checker tool works by entering any website name to find out if the website is currently vulnerable to Heartbleed.

Steps to protect yourself:

• Go to McAfee’s Heartbleed Checker tool http://tif.mcafee.com/heartbleedtest and enter any website URL to check if it’s vulnerable.
• If the site is deemed safe your next step would be to change your password for that site. Remember, changing your password before a site is patched will not protect you and your information.
• If the site is vulnerable, then your best bet is to monitor the activity on that account frequently looking for unauthorized activity. 

Once a site has been patched so it’s no longer vulnerable to the Heartbleed bug, you should change your password. Here’s some tips to remember:

• Use strong passwords that include a combination of letters, numbers and symbols and are longer than 8 characters in length – heck the longer the better. Below is a good animation on how to create a strong password.
• Use a password manager, like McAfee SafeKey which is included with McAfee LiveSafe™ service that will help you create strong password and remember them for you.
• Use two-factor authentication for increased security. You get a one-time code every time someone tries to log into the account, such as those for banks, social networks and email.

Heartbleed aside, passwords are more vulnerable than ever, and just in general, should be changed every 90 days for important accounts. And remember, if your information was exposed, this is a good time to watch out for phishing scams.

A phishing scam is a ploy that tricks you into entering sensitive data, like usernames, passwords and bank account information, by emulating a familiar website.  And if your information is compromised, even if it’s just your email address, scammers could use this to try and get your other sensitive information.

Remember, in this day and age, we all need to be vigilant about protecting ourselves online.

Stay safe!

Robert Siciliano is an Online Security Expert to McAfee. 

As a security analyst for both off-line and online activity, which is personal protection and information security, I’m constantly analyzing my own security situation. This means paying attention to my surroundings, systems in place, the security of my hardware, software and data. One way to get a closer look at all of this and to get refocused, is to remove the clutter, upgrade technologies, and do a Spring Clean. I heavily recommend that you perform the following 15 tasks for tightening up your digital security affecting your overall security position.

Clean up and secure your digital life:

1. Do away with useless files. Go through all folders, including the recycle bin, and discard files that you no longer use.

2. Organize media. Put music, photos, etc., in appropriately labeled folders. Maybe create a master folder for different kinds of related media.

3. Consolidate desktop icons. Perhaps you can put a few icons into another one if the topic is related: Put the “Muffin” and “Rover” files in one file labeled “Pets.” A desktop cluttered with icons will slow boot-up time. Consider “removing” an icon you hardly use; this won’t delete the program, but will get rid of the shortcut.

4. Uninstall programs you’ll never use. This will speed things up and reduce potential malware targeted software.

5. Review passwords. Update as necessary, making them unique, never the same, and use different characters upper/lower case and numbers. Install a “password manager”. Google it.

6. Make backups of important data on a flash drive or use online storage. Ideally, make a backup of your prized data that exists outside your house. I backup on 3 local drives and in the cloud in two places.

7. Consider reinstalling your operating system. This means gathering all your software and backing up all your data. Do a search on your devices OS and seek out “How to reinstall operating system Windows/Mac (your version)”

8. Mop up your system’s registry. This will clean out temporary files you do not need that have been picked up by your system over time. An accumulation of these files will slow your computer and make it prone to malware infections. CCleaner is a free tool that will do this job.

9. Update Internet security software. Use antivirus, antispyware, antiphishing and a firewall. Get a VPN for when using free wireless internet. Hotspot Shield is perfect. Google it.

10. Defragment your hard drive. For Windows 8 go to Files, then “defrag.” For older systems go to Program Files, Accessories, then System Tools. For the iOS, run its built-in Disk Utility app.

11. Install program updates. Updates include critical security parches: very important. For Windows go to Go to Start, Control Panel, All Programs and Windows Update. Click on “Check for updates” to see if you are up to date. For the iOS, go to the app store, then Updates.

12. Do not forget your mobile device. Update your smartphone, including weeding out unneeded apps. Update your mobile OS to the latest version. Several companies offer security apps that will scan a mobile’s apps. Some apps have features like a remote lock/locate/wipe that will prevent a thief from using your device should you lose it.

13. Social setting cleanup. Have you locked down how your private information on Facebook can be shared? If not, go to Privacy Settings, then Apps, then click “edit” which is next to “Apps others use.” Delete all your “friends” who really aren’t your friends.

14. Home security system. Upgrade this if it is old technology. New wireless home alarms connect to your network and include home automation features too. This includes surveillance cameras, motion detectors, glass break sensors and controlling lights and temperature. Opt for remote monitoring from any device using apps on mobiles and tablets.

15. Declutter your e-mail files. These can get very messy over time. First start with your in-box. What’s been sitting there for ages that you’ll never open? Delete it. Next go to the sent/trash folders and weed out no-longer-needed emails. Also scour through any other e-mail folders. Delete folders you no longer need, and/or trim down ones you still use but contain messages that are now meaningless.

Follow these 15 tips to spring clean your digital security. A freshly cleaned-out digital life will give you peace of mind and enhance your personal security. Taking the time to clean up your digital life will be well-worth it, so do not put it off any longer!

Robert Siciliano is a personal security expert to SecurityOptions.com discussing home security and identity theft on TBS Movie and a Makeover.

One of the biggest data breaches of all time involved that of Sony Corp. The hackers stole confidential information from tens of millions of Sony PlayStation Network users. Despite this humongous breach, something surprising happened: New York Supreme Court Jeffrey Oing ruled that Mitsui Sumitomo Insurance Co. and Zurich American Insurance Co. owed NO defense coverage to Sony Corp. or Sony Computer Entertainment America LLC.

And why? Oing said that the coverage can’t be triggered through a third-party action: that by the hackers.

It seems, then, in order to get coverage, Sony itself would have to do the hacking. “They're being held liable even though the wrongdoing was done by a third party,” explains Robin Cohen to Law360. Cohen heads a law firm that handles insurance recovery.
To determine coverage obligations, Zurich filed a lawsuit against Sony, which had to shut down its PlayStation Network for a month.

Oing’s ruling will likely motivate companies to obtain policies that specifically insure against data breach claims. However, many companies believe that such specific insurance is already built into their current general liability policy. Insurers all across the nation are wanting to put language in their policies that exclude coverage of losses stemming from data breaches, which include loss of credit card information. However, courts have the final say-so in just how far these exclusions can go.

Companies need to seriously consider cyber insurance policies that specialize in coverage of data breach losses.

K&L Gates LLP partner Roberta Anderson told Law360, “Irrespective of whether the Sony trial court's view is widely adopted, it's ill-advised for policyholders to rely on general liability policies for data breaches.”

It’s expected that Sony, which has strong arguments for their appeal according to policyholder attorneys, will challenge Oing’s decision.

Robert Siciliano is an Identity Theft Expert to AllClearID.