Data breaches like the ones that hit Target, V-Tech, the US Office of Personnel Management, and credit reporting agency Equifax have made headlines for the past few years. Each one saw millions of consumers’ personal identifiable information compromised, and the door to identity theft potentially left wide open.

Too often, mid-sized and small businesses think those big names are the only targets for hackers and cybercriminals, but that couldn’t be further from the truth. The smaller the business, the smaller the budget for security protocols and IT professionals…and data thieves know it.

Unfortunately, in many smaller businesses, there are a few key departments or employees who can be the most susceptible to attack. Given that many employees wear multiple hats in small businesses and too many people have to share network technology, the weakest link is often right inside the company, and ironically may be trying to keep the bad guys out.

1. Billing, Payroll, Accounting

Any of the financial departments in your business are hot targets for phishing attacks, spoofing, or other cybercrimes. They hold the keys to your employees’ payroll records (and Social Security numbers) and your customers’ payment methods. Common tactics have included copycat requests to change account numbers before making a deposit, instructions that appear to come from the boss and request copies of everyone’s W2s, phony invoices that are “past due,” and more.

2. Executives

It might seem laughable that a company leader would be the one to open the door to a hacker, but it’s far from hilarious. No, it’s not that the CEO doesn’t know how a computer works, it’s actually the opposite: with business leaders often working long hours and having to be “out in the world,” the advanced productivity tools that help them connect remotely to their desks back at the office can be vulnerable to hacking. Logging onto public Wi-Fiat lunch or the airport to get some work done, for example, can invite cybercriminals to steal information over the unsecured connection.

3. The IT Guys

You’d think the people who protect your company network from cyber attacks would be immune to attack, but it’s just not true. Hackers find new ways to break in every day, and new viruses and malware get launched around the clock. The people you hired to protect your network cannot possibly know every single threat out there, so they’re a favorite avenue for hackers.

These examples are just scraping the surface of outside threats, but don’t make the mistake of overlooking the “inside job” data breaches. Whether it was intentional or accidental, your employees can also be the initiator of a data breach all on their own. You can work to prevent this with ongoing security training and by limiting the access that employees have to stored data. If someone within your business doesn’t need to see HR files, tax forms, or customers’ stored information, then restrict that access to those who need it.


Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you require additional assistance, please live chat with one of our trained advisors by visiting our website, www.idtheftcenter.org.

Researchers have discovered two new flaws in the microchips that run most computers, laptops, and smartphones, and it could have implications for hundreds of millions of tech users. The Spectre and Meltdown vulnerabilities, as they’ve been dubbed, were first believed to only impact Intel chips, but the number of affected chips by several different manufacturers has grown significantly.

Now, Meltdown is known to affect only Intel processors while all other chips contain the Spectre vulnerability. These chips act as the “brain” of the device; essentially, when you’re on the internet, your web browser is running a super-fast investigation of each and every web page you visit, looking for security signatures. These two vulnerabilities in the processors—no matter if you’re on your computer, your iPhone, or any other similar device—can allow a very skilled hacker to jump in during that tiny portion of time and steal data from your computer.

NOTE: If you have an Apple Watch, that is one of the few devices that is not affected by either of these two flaws and therefore, there is no need to worry about a patch. Also, researchers have said only a very skilled cybercriminal could actually exploit these vulnerabilities, rather than just a run-of-the-mill hacker.

These Department of Homeland Security has sent out a warning to all government agencies about the two vulnerabilities, and some government-backed software researchers have urged tech users to install updates from their manufacturers as they become available. Since swapping out the microchips in every device just isn’t feasible, companies like Apple, Google, and Microsoft have issued patch updates for their browsers to block the vulnerability.

It is absolutely vital that tech consumers understand this kind of issue. Whether it’s Meltdown or Spectre or the next fancy name to come across the news, updates protect you when a new threat is uncovered. Failing to update your software, your browsers, your apps, and other devices means you’re only protected from the threats that the industry knew about the last time you installed your software…even if that hasn’t happened since the day you purchased your device.

Some tech users like to set up their devices so that updates are automatically installed. Other users are less comfortable with that idea and prefer to address updates themselves as they are released. No matter how you set up your update preferences, remember that some of them just fix simple little problems while others work to protect you and your information from cybercrime.


Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you require additional assistance, please live chat with one of our trained advisors by visiting our website, www.idtheftcenter.org.

If you haven’t heard the term “Bitcoin” floating around the news, now is the right time to figure out what all the fuss is about. Bitcoin is just one of several different forms of cryptocurrency, which is virtual money that actually ends up having real value.

 If you think of games where you earn beans or gold bars or even extra lives, those things are fake cryptocurrency. They’re only useful within the game, letting you buy extra turns through the maze, extra powers that help you beat the next level or even game items like weapons or shields that help you win. It’s fake money that you earned by playing, and it only buys non-existent things.

The same could be said of cryptocurrency, but with a twist. Cryptocurrency can be “mined” online to increase your wealth, or traded in the same way that foreign currency can be exchanged. It can be used to pay for real things on certain websites; unfortunately, for a long time, cryptocurrency was the payment method of choice for illegal purchasing.

Bitcoin has made headlines lately for a variety of reasons. First, its value has skyrocketed, meaning traders can invest in Bitcoin and reap the benefits in actual dollars as the market value increases. There have also been a few high-profile cybercrimes that stole significant amounts of Bitcoin, such as two hackings that led to the closure of South Korea’s Youbit exchange.

But there’s another reason that everyday consumers need to be aware of Bitcoin, and that’s scams and fraud. Bitcoin has already become the preferred payment method of ransomware attackers, who demand payment in this currency to release your locked-up computer. There have also been fraud cases involving phony investment opportunities in this currency, so much so that the Securities and Exchange Commission has had to launch a fraud unit just to tackle cryptocurrency crimes.

There are other ways that Bitcoin scams and fraud can harm you, many of them involving phishing attempts. It might be a threatening letter claiming you or a loved one are required to pay to avoid physical harm—an issue that the FBI is already warning the public about—or another type of phishing, such as claims that you owe back taxes or haven’t paid a bill.

Basically, all of the common scams that required victims to pay with an untraceable payment method like prepaid debit cards or wire transfers can now be exploited in the same way, only using Bitcoin. It’s untraceable and anonymous and now highly valuable, which makes it the perfect tool for scammers.

The same rules for previous scams still apply: if you’re ever required to pay by an untraceable method, then it’s almost certainly a scam. Whether it’s iTunes gift cards or Bitcoin, there’s no legitimate reason why the person contacting you can only accept those forms of payment. Stop and think before you hand over your money or your personal information, and be on the lookout for this kind of fraud.


Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you require additional assistane, please live chat with one of our trained expert advisors by visiting our website, www.idtheftcenter.org.

The cybersecurity landscape changes on a daily basis, perhaps even hourly. New technologies are created, and innovations enter our homes, our workplaces, even our pockets. More importantly, cybercriminals launch new threats to our security every day, meaning it’s nearly impossible to stay ahead of them.

Reportedly, two of the top trends this year will be artificial intelligence and continued innovation on the Internet of Things. AI advancements have reached the consumer market, but tend to have more industrial applications; that may change significantly this year as more devices like Amazon’s Echo and Google Home “learn” from their users, and new compatible devices connect to those “always listening, always learning” machines.

On the business front, one legal firm predicts that this will be the year when industry regulators raise the bar on the standards that help protect the public in the event of a data breach. The EU has already drafted and voted into practice General Data Protection Regulations (GDPR) that go into effect this year, and it’s foreseeable that other governments at both state and federal levels may follow suit.

Interestingly, one industry watcher thinks 2018 will be the year of customization, meaning that consumers and businesses will seek out security protocols that are not “one size fits all,” but rather are tailor-made to the user. As such, this may result in a bloom of startups that not only provide top-notch security solutions but can also do it for every budget or specific need.

But there’s a facet to cybersecurity that cannot remain overlooked: who is a cybersecurity leader? It’s not just the CEO of an antivirus software company or the go-to source for news on the latest hacking event or ransomware attack. There are levels of this type of leadership, starting with your own home. You are the cybersecurity leader of the devices in your possession, and if you use any connected device in the workplace, you’re a cybersecurity leader there as well. The IT team, the C-Suite executives, the janitor who comes in at night and notices a strange screen running on one of the computers…these are all cybersecurity leaders to some extent.

This may be the year when we all recognize our role in data protection and preventing cyberattacks, which is the best prediction for the security of them all.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Every time a celebrity leaks a new risque picture, it is followed by claims that the picture “broke” the internet. Fortunately, nude photos of an A-lister do not have the power to take down the web, but a discovery by a security researcher just might.

The web security protocol WPA2 was developed by the Wi-Fi Alliance—incidentally, to replace another older and less secure protocol. In vastly oversimplified terms, it is what keeps random devices from joining your Wi-Fi network. Using what researcher Mathy Vanhoef is calling KRACK—for Key Reinstallation AttaCK—hackers can infiltrate your system and therefore your devices, flood the entire connection with ransomware and malware, steal your personal content off your computer, and more.

The finer points of KRACK are pretty complex, but they’re available here if you’re interested. The more critical understanding is how to protect yourself, though. A number of tech companies are already at work on the “patch” you’ll need to protect your Wi-Fi router, but until those patches are issued and in place, it’s a good idea to avoid public Wi-Fi connections and make sure the sites you visit are using the HTTPS designation. It’s also a good idea to use a VPN, or virtual private network, when connecting online, especially for sensitive activity like banking, applying for a job, or shopping with a payment method.

This should serve as yet another reminder of the need for strong cybersecurity measures like antivirus software and password protected networks, and that updating your software is vitally important. If you have strong protections in place, that’s great. However, if you’re not updating your software, your web browsers, your plug-ins, and more, you’re only protected from threats the software “knew” about when you installed it. In the case of this kind of attack, this is a previously unheard of vulnerability that has to be closed with a patch to protect you.

Fortunately, unlike much global hacking news, this form of attack requires fairly close proximity to your router. That means businesses and public hotspots might be far more worthwhile targets, but there’s no reason to take any chances. Update your software when the patch for your network router is issued.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Internet-of-Things (IoT) connected devices have made our lives easier, safer, and more enjoyable but IoT devices aren’t just about taking ordinary tasks off your plate.

We can activate our air conditioners as we’re walking out the door from work, ready to end the day by stepping into a cooler home. We can turn our appliances on and off from our smartphones, meaning we could tell the oven to start preheating during our daily commute. Even purchasing a soft drink from the break room vending machine using a microchip reader or a credit card slot requires internet connectivity.

The medical applications alone have meant doctors can get real-time information on their cardiac patients, and diabetic patients don’t have to stick themselves repeatedly just to find out their blood sugar readings. The information in both of those cases can be sent over Wi-Fi to a smartphone’s screen.

Unfortunately, we’ve already learned that IoT devices are notoriously vulnerable to hacking. Some bizarre cases have already occurred in which hackers were able to infiltrate vending machines, smart light bulbs, DVRs, webcams, and more. Typically, hackers have used these vulnerabilities to commit specific types of attacks called DDoS attacks, which flood a website with useless repetitive traffic coming from thousands or even hundreds of thousands of unsecured IoT devices. That traffic from your hacked refrigerator shuts down the website or network. They’ve even used this form of attack to demand ransom from businesses in exchange for making it stop.

Sometimes, however, the vulnerability in your connected device can lead hackers to other parts of your network, including areas that contain sensitive information. While that has already been demonstrated on more than one occasion, a recent case just might put all the rest to shame.

Hackers attempted to break into a casino’s network by infiltrating its IoT-connected fish tank. The tank was connected via Wi-Fi to control the temperature, automatically feed the fish, and monitor the cleanliness of the tank. Researchers have already discovered that other areas of the network were accessed and that ten gigabytes of information were copied and sent to a server in Finland. To give you an idea of how large those files must be, 10GB is an entire monthly allotment from many internet services providers.

Cybersecurity experts agree that regulation is needed to close the flaws in IoT devices, but in the meantime, consumers have to be aware of the safety protocols involved in connecting different tools and appliances to the internet. Until they’re certain that they have the strictest possible control over their networks and their devices, they might think twice about buying the latest connected gadget.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

In one of the most alarming examples of “it’ll never happen to me,” a new study has found that too many consumers display a sense of invincibility when it comes to public Wi-Fi connections.

Whether it’s logging into their bank accounts or credit card accounts, posting on social media, checking their email, or more, public Wi-Fi users are putting their identities on the line…literally.

The 2017 Norton Wi-Fi Risk Report found some truly troubling results based on a survey of more than 15,000 tech users. For example:

– 92% of Americans have put their personal information over public Wi-Fi connections, including logging into their bank accounts

– 69% of Americans believe their PII is safe over public Wi-Fi, but two-thirds of respondents reported they engage in unsafe internet use over public connections

– 73% of American tech users are not using a virtual private network (VPN) when they connect in public

– 60% of US 18- to 20-year-olds say it’s “important” to use public Wi-Fi in order to post on social media

There were a few other reasons for using public Wi-Fi connections, such as avoiding the use of their cellular data, reported by 70% of of the Gen Z (18-20) respondents. Another 51% said they need it in order to use their GPS features; unfortunately, they’re unknowingly sharing their physical locations with whomever happens to be monitoring that Wi-Fi connection. For senior citizens, 59% of respondents over the age of 72 said they primarily need to connect in public in order to be reached by loved ones.

It’s important to understand that the free connections offered by coffee shops, restaurants, hotels, and many other locations aren’t inherently bad or dangerous. They’re a great way to bring in customers by providing extra value, and they really do offer a handy service. What can be harmful, though, is the activity users conduct over these free connections. Without any system of password protection or an ability to see who else can be peeking in, consumers need to limit their public activity to less risky activity or install a VPN to provide a layer of security.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

There’s no way to cover every aspect of cybersecurity in a single article—which is why companies hire professionals and staff highly-skilled IT departments—but there are a few very basic rules and resources that every business can put into practice.

These measures can make all the difference between reducing your business’ risk of a breach, and open the doors wide to a hacker.

First, the basics: your company’s employees are quite possibly the weakest link in your cyber security defenses.

Too many companies do not have a computer use policy in place, one that addresses both the company-owned technology and personal devices that connect over the business’ network. They also tend to be short on comprehensive and ongoing technology training, such as providing information that covers the latest threats like boss phishing and ransomware attacks.

Once employees have become well-versed in the best practices for securing your company’s network, it’s time to look at your technology and network itself.

Make sure your business has invested in strong antivirus and antimalware software, ones that will protect your computers in real-time. Many of these programs can block infections from installing even if something slips through. Set calendar alerts to check for updates to this software and to run scans of your hard drives and server routinely. Finally, make sure all of your software, hardware, and your network are password protected with strong, unique passwords that you change on a regular basis.

Unfortunately, all of this is only the tip of the iceberg when it comes to your business’ cybersecurity needs. That’s why it’s important to find out what resources are available to you and to sign up for alerts about the latest threats and protocols.

1. Test your company’s fraud health with this free training and Fraud Prevention Checklist from the Association of Certified Fraud Examiners (ACFE). This PDF, available free to both ACFE members and non-members, contains valuable resources in your company’s ongoing fight against fraud. It also includes the video “Fraud and the Tone at the Top: Ethics in the Executive Suite.”

2. The National Cyber Security Alliance offers informative tools on its website, StaySafeOnline.org.  These tools are meant for any type of tech user, including families and parents, but the information is an excellent starting point for businesses as well.

3. When it comes to setting up employee training, the National Cybersecurity Society can help. Their resources can help you identify your company’s areas of weakness, and tailor your training and policy manual to your industry.

4. If your business is charged with gathering and storing customers’, vendors’, or employees’ data, you’re sitting on a gold mine for a hacker. The Better Business Bureau has an entire site dedicated to helping you understand how to safely store your important data and how to respond in the event of a breach.

Remember, it doesn’t matter what industry your business is in, or if your company is a profit-based or a non-profit entity: if you have a network, there’s a good chance there’s a hacker willing to work their way in. Securing your technology is a vital step to keeping your business in operation.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

June is the start of summer and also Internet Safety Month!

So how do you keep your identity, your finances, and the people you care about safe in this kind of digital climate? By knowing the dangers, both old and new, that can strike at any time.

1. Scams and fraud

Compared to some of the many other ways that a criminal can target you or your loved ones, scams and fraud might not seem all that serious. The reality, though, is that the damage could be short-term (like a ransomware attack that “goes away” after you pay the hacker’s fee) or more long-lasting, such as ongoing identity theft.

Knowing the latest tactics that scammers use, coupled with knowing how things like overdue taxes, utilities, or financial accounts legally operate, will help you spot something fishy the moment it appears.

2. Viruses, malware, and ransomware

It’s vital that every tech user understands some of the most common ways that hackers actually infect their victims’ computers. There are a wide variety of ways and countless forms of viruses, but sometimes it’s the victim who did the hard part for them. Clicking on unexpected links, downloading videos, and opening attachments are some of the most common ways to install a virus on your network.

These phishing attempts commonly show up in your email inbox or your text messages, and often include seemingly harmless wording like, “You won’t believe this crazy photo I found of you!” or “There’s a problem with your account.” It’s important that all tech users adopt an air of caution surrounding attachments, links, and multimedia content, and that they fight the urge to click.

3. Password protect everything

Whether it’s your home wifi network, your bank account, or just your favorite cooking website’s recipe box, everything you do online can potentially be an avenue into your network and your identity. Using strong, unique passwords and changing them routinely is one of the best ways to reduce your risk of cybercrime.

4. Update it all

Your antivirus software, your operating system, your firewall…they’re only as good as the day you first installed them if you’re not keeping them up-to-date. Some users aren’t fond of the “automatic update” option that comes with a lot of systems and instead choose to turn that setting off, which is fine if you keep up with new updates when they’re released by the developer. Failing to update your software and your system leaves you vulnerable to threats that the developer has discovered and patched.

5. Communication

Finally, one of the most important things you can do to protect yourself and others is to communicate. Sign up for threat alerts and newsletters, and help spread the word among your friends and coworkers. It can mean the difference between hackers taking over your home, office, or mobile network, or working to keep them out.

Learn more about protecting yourself online from ITRC partner, Stay Safe Online.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Last Friday, more than 200,000 computers around the world in 150 countries, were infected with one of the fastest-spreading known ransomware titles, WannaCry.

The malware now has a few different names, but the effect was the same: pay the ransom (about $300-worth of Bitcoin) if you ever hope to use your computer again. Failure to pay during the allotted time period would raise the price.

Malware attacks like this one are becoming more and more commonplace, unfortunately, mostly because they’re somewhat effective. So far, Brian Krebs of KrebsOnSecurity.com has found that the criminals behind the attack have made more than $26,000 from their victims. Hospitals, medical providers, and schools are especially vulnerable to giving in to ransomware demands due to a desire to avoid penalties associated with violating confidentiality.

There is something larger here than just another news headline about yet another cyberattack, and that’s the need for all stakeholders—from the individual computer user to businesses of every size and industry to the highest levels of government—to finally come together and make cybersecurity a priority.

A statement from Microsoft, the developer of the operating system whose flaw made the WannaCry attack possible, has some strong words for the current approach to informing software developers and the public, specifically for key government agencies that have used those vulnerabilities to their advantage in the past. Microsoft contends that there must be better communication between the private sector, the business sector, and the government when it comes to cybersecurity, and that more attacks will happen if there isn’t better sharing of information. At the same time, programs like Google’s Project Zero, which roots out flaws and informs software developers of the vulnerability, have set a high-but-achievable standard for transparency and protection.

In the digital age, there is literally no such thing as someone who doesn’t have a stake in cybersecurity. Technology and connectivity have worked their way into every aspect of our lives, even the most basic, everyday functions, from how we grow and purchase food to how we receive medical care. Unless we all come together on the best practices for seeking out threats and eliminating them, WannaCry will be remembered as a minor-level attack compared to what’s waiting for us.


If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.