We are not yet thinking about 2014, but the antivirus community certainly is.  We can expect a lot of new product introductions in the antivirus sector as they attempt to get on your holiday shopping list with newer products.

You’ll find that the competition to get your AV dollar is fierce.  One particular website comparison found at http://www.av-comparatives.org/dynamic-tests/ , allows you to download a PDF of the comparison results.  The important thing is that AV-Comparitives.org actually tracks how well each antivirus actually deals with real world threats over a 6 month period.  Even better, it’s presented in a format that gives direct comparisons between competing products.

Of course, cost is always an issue, particularly if you have to protect a small fleet of pc’s, laptops, and tablets.  Ad-Aware, AVG, and Microsoft all provide free antivirus programs, and the range of pricing for paid products seems to be between $20 and $60 at this time.  Some companies may provide special pricing for multiple license users, and for a typical household this might be important to your cost estimate.  It would be smart to choose a short list of highly rated products, and then compare the pricing.

All antivirus products considered for your use should have automatic capability for updating the virus definitions.  You should ensure all your pc’s are operating in a mode where both antivirus and operating system updates are automatic.  There are many thousands of new viruses and security exploits uncovered each year, and an absolutely sure method to be vulnerable is to have a system operating with old virus definitions and none of the latest security patches.  You should pay special attention to systems that are used infrequently and left powered off, since updating of AV definitions and system patches takes some time, and there is a tendency to “power it up, open a browser, and view a website.”  During that period of updating, that PC might be an easy target for a virus, malware, or hacking exploit.

Some of the antivirus products are rated highly at cleaning up malware that has already been installed on the machine.  Those products are worth thinking about because threat removal is not a simple task with some malware or viruses, and the odds are pretty high this will happen to you at some point.  I will mention an “initially free” product which has worked extremely well for me over several years, Hitman Pro from a company named Surfright.  Hitman Pro is not intended to be a primary antivirus, but is a very good cloud based secondary scanner that has proven extremely proficient at removing threats without my intervention (this is a real blessing if you’re the go-to guy for a bunch of machines).  It’s intended to be run on a scheduled basis, and at any time that you think something bad has happened.  So it doesn’t do real-time scanning, and you should always have a primary antivirus running.  But, the free version of Hitman Pro will do a complete, fast, and thorough pc scan, and alert you to what it found.  And it can then be purchased to use its malware removal skills if needed.

It pays to “pay attention” to your antivirus tools, and to see that they are current and effective.  It is important for proper pc operation, and to keep your personal information personal.

‘Getting the Most Out of Your Antivirus’ was written by Rex Davis.  Rex is the Director of Operations at the Identity Theft Resource Center.

On August 6, Michael Daniel, Special Assistant to the President and the Cybersecurity Coordinator, posted on the White House blog a set of possible incentives for companies that voluntarily adopt the Cybersecurity Framework currently being created by the National Institute of Standards and Technology (NIST).

The Cybersecurity Framework is a voluntary set of rules based on existing standards, practices and guidelines designed to reduce cybersecurity risks to critical infrastructure authorized by President Obama Executive Order 13636 (EO), Improving Critical Infrastructure Cybersecurity.

Once the Cybersecurity Framework is completed, the EO tasks the Department of Homeland Security (DHS) with creating a Voluntary Program intended to encourage private companies to follow the guidelines established in the Cybersecurity Framework. Recommended by the Departments of Homeland Security, Commerce and Treasury, these incentives are to be used to make compliance with the Cybersecurity Framework more attractive to private companies who may not want to spend the money and time to invest in their cybersecurity protection:

  • Cybersecurity Insurance – The insurance industry should be engaged while developing the Cybersecurity Framework and Voluntary Program in order to help build underwriting practices that encourage the use of cyber risk-reducing measures and risk-based pricing.
  • Grants – Federal grant programs should encourage the adoption of the Cybersecurity Framework by making participation in the Voluntary Program a criteria or factor in determining the award of certain federal grants.
  • Process Preference – The participation in the Voluntary Program can be used as a consideration when private companies request government service delivery be expedited.
  • Liability Limitation – Reduced tort liability, limited indemnity, higher burdens of proof, or the creation of a Federal legal privilege that preempts State disclosure requirements can be offered to private companies participating in the Voluntary Program.
  • Streamline Regulations – Agencies will continually work to reduce overlaps between existing laws, regulations and the Cybersecurity Framework to make participation in the Voluntary Program as painless as possible.
  • Public Recognition – The use of public recognition for Voluntary Program participants could be used as a method of encouragement for companies to comply with the Cybersecurity Framework.
  • Rate Recovery for Price Regulated Industries – It is recommended that consideration be given to working with federal, state and local regulators and specific agencies that regulate utility rates to allow recovery to private companies for cybersecurity investments related to participation in the Voluntary Program.
  • Cybersecurity Research – The government can direct research and development to help create solutions to gaps in cybersecurity where commercial solutions do not yet exist.

These incentives are only suggestions and are not final policy; however, they are a good start to helping the Cybersecurity Framework and Voluntary Program make a real difference by encouraging private companies to comply without forcing them to via federal regulation.

“Cybersecurity Framework Incentive Ideas Released” was written by Sam Imandoust, Esq.  He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original piece.

Our most recent Twitter chat was a very exciting event for us here at the Identity Theft Resource Center.  This was our latest effort of many in which we have been concentrating on spreading awareness about Medical Identity Theft.

We recently released a video on Youtube about the topic and are excited that the media has become very interested in reporting on this topic. That being said, we were very excited to host our monthly Identity Theft Twitter Chat on the topic of Medical Identity Theft.

This month’s Identity Theft Twitter Chat was on the 1st of August at 11:00am PST and was a pleasure to host. We were incredibly lucky to have Rick Kam and Robin Slade on board from the Medical Identity Fraud Alliance (MIFA).  MIFA is the first cooperative public/private sector effort created specifically to unite all stakeholders in jointly developing solutions and best practices for the prevention, detection and remediation of medical identity fraud. You can follow them at @MedIDFraudAssoc. Meredith Phillips from Henry Ford Health Systems also joined us to lend her expertise on the topic and we were very glad to have her!  Since she is tackling the problem on the front lines her insight was truly valuable!

The chat was aimed at both consumers and businesses who wanted to know more about the issue of medical identity theft.  We had some great questions from consumers about what medical identity theft actually is and how they could protect themselves.  MIFA stepped up in a big way by providing multiple resources to everyone who had questions. With nearly thirty accounts attending the chat, we were able to reach over 48,000 accounts and made almost 865,000 impressions. We think that is a pretty good start to making people aware of the issue of Medical Identity Theft!

The next Identity Theft Twitter Chat will take place on September 5th, 2013 at 11:00am PST. The topic will be online shopping and safety.  Anyone can join the chat and provide resources to consumers and businesses by following @IDTheftCenter on Twitter and using the hashtag #IDTheftChat. We hope you will pop in and spend some time learning and spreading the word about identity theft!

“Medical Identity Theft Twitter Chat Recap” was written by Nikki Junker.  Nikki is the Social Media Manager at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to www.idtheftcenter.org.

It’s never fun to receive a breach letter in the mail. Out of nowhere, you’re informed that through no fault or ill-advised action of your own, your personally identifying information (PII) has been compromised and may have been exposed for all the world to see.  This can cause panic on the part of the consumer. As we at the ITRC often see firsthand, in addition to being scary, it can confound and confuse.  What information was exposed? What does this mean? Am I a victim of identity theft? What should I do now?

Identity TheftThe first thing you need to know is that a breach letter is never in and of itself, a declaration that you are now a victim of identity theft. If you’ve received a letter of this type, it’s because according to the law of the state, an entity that’s had an exposure where consumer information was improperly exposed is required to notify you.  Read the letter carefully, as they must disclose exactly what type of information was exposed and when.  They’re also required to inform you in a timely manner. The only permissible reason for a delay in notification is if it would compromise an ongoing criminal investigation into the perpetrator of the exposure (if there was specific criminal intent in the case of this particular breach).

So, really all the letter is informing you of is that some portion of your PII was improperly exposed. The letter will detail exactly how and where the information was compromised.  What it means in simple English is that your information was exposed and as a result you may be at greater risk for identity theft or fraud than the average consumer.  Sometimes credit monitoring or other aid services are offered as part of the company’s attempt to make amends for the breach (or to offset the tarnishing of their public image).  If such services are offered free of charge it is always advisable to take advantage of them. The letter will usually have numbers to call for the service in addition to the numbers for the credit reporting agencies or information services to help walk you through the process.  Be sure to use them all.

Check your credit reports and issue fraud alerts through the credit reporting agencies. Remember, the more information you have about exactly what happened and when, the better position you’ll be in to mitigate any added risk or resulting damage to your identity. If you have additional questions or want to be talked through exactly what you should be doing, it never hurts to call the ITRC toll free at (888) 400-5530.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.

Passwords “are starting to fail us,” says PayPal’s Chief Information Security Officer Michael Barrett at a recent event in Las Vegas.  Much like a locked front door to your home, it may serve as a minor deterrent to the casual passer-by, but anyone who really wants to find a way in, will most likely be successful.

A lot of it has to do with the seeming inability of internet users, despite many attempts to educate the public, to pick passwords that are truly secure.   “Users will pick poor passwords – and then they’ll reuse them everywhere,” says Barrett. “That has the effect of reducing the security of their most secure account to the security of the least secure place they visit on the internet.”

The number of data breaches in the US increased by 67 percent in 2011, and each major breach is more expensive than many people realize.  When Sony’s PlayStation account database was hacked in 2011, it cost the company upwards of $171 million to rebuild its network and protect users from identity theft. Add up the total cost, including lost business, and a single hack can cost millions or even billions…with a B.

Face It: Internet Passwords Often Fail to Keep Hackers Out

Asked about passwords, ESET Senior Research Fellow David Harley says, “Static passwords are problematic – even a good password is next to useless if the provider doesn’t take good care of credentials data and allows unlimited retries. The trouble is, that password authentication on the Internet is cheaper and easier to implement than most of the alternatives.”

So what’s the answer? How does one protect themselves in an online environment with so many dangers?  While there’s no way to completely eliminate your risk, there are several things that can be done to mitigate the risk.  For starters, don’t make it easier on would-be hackers. Don’t make your password “password,” or “123456.”  Use 10 digit passwords, containing both letters and numbers, as well as capital and lowercase symbols.  Try and vary passwords for different online accounts, so that if one account gets hacked, it doesn’t create a situation where the hacker now has access to every online account you own.  Additionally, avoid making passwords or security questions things that a stranger could guess at just by reviewing your publicly available information.  What city you were born in, for example, might not be the best security question for an online account if you have that information publicly listed on your Facebook Page.  Using varied and less typical/obvious passwords will go a long way to making your information online more safe.

On the industry side of things, more investigation needs to be done on better authentication methods than are currently in place.  Cheap is always appealing, but not always effective. And as was pointed out, if a company is hacked those cost savings go out the window, and then some.  There also needs to be greater limitation on the number of times someone can incorrectly answer a password prompt or security question before the account gets frozen. Understanding on the part of both the service provider and the consumer of what sort of tactics hackers use and what they’re looking for is essential if we are to protect ourselves with a higher rate of success.

In short, don’t be lazy with your passwords, even though they are in some ways antiquated forms of security. Be aware of what personal information about you is floating around on the cloud and be mindful of this when picking your fail safes for account access. Don’t store information online that you don’t absolutely need to and be mindful of who you’re giving your information to and what they plan on using it for.

Face It: Internet Passwords Often Fail to Keep Hackers Out” was written by Matt Davis.  Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to repost the above article, as written, giving credit to the author and linking back to www.idtheftcenter.org.

With all the already implied stresses of travel: Will your bags arrive at the correct airport? Will you make it to the train station on time? Will the hotel still have your reservation in their system? There is no need to add a stolen identity to the list. You should be able to enjoy your trip! Whether you’re leaving town for business or pleasure, you must always stay alert. But do not worry. There are simple ways to take precautions; some that may even seem like a no brainer.

These days, who carries cash anymore? Credit and debit cards are so easy to use and they take up less space in your wallet. Vacation ID TheftSome cards even give you rewards after each use. However, your personal information is on the card. All it takes is for one server at a restaurant or one bar tender to write down your card numbers while you’re paying, and keep them for their personal records. Have you ever opened a tab at a bar? Of course that’s easier than paying for each item you order as you go. But the risk is higher for your information to be stolen. By using cash for meals at restaurants or at bars, you can keep this worry at bay.

Unless you’re in a location with your bank branch, ATM’s are a must for taking cash out of your bank account and putting safely into your wallet. They’re fast, easy, and basically effortless (as long as you remember that pin number). Before entering your pin, take a look around. Make sure no one is watching you. If there are a lot of passing pedestrians or lingerers, lean forward so your body is taking over as much of the screen and keypad as possible. Or, if you’re traveling with a friend, share the task and have him or her use their body to block the view from wandering eyes thirsty for your personal info.

You finally made it to your hotel. It’s time for you to take off your shoes and rest up for your trip’s activities. Hopefully your hotel provides a relaxing home away from home experience. That being said, it is not your home. When you leave the room, do not leave personal items out. Many hotels provide safes guests able to rent. The front desk can give you a key, and you may store passports, credit cards, jewelry, or whatever else strikes your fancy within your rented safe. If you do not want to rent a safe, be sure to take your passport and other important items with you wherever you go (of course while keeping them in a safe spot). Some safe spots are the inside zipper pocket of a coat or jacket, or a travel wallet that can be worn around your neck and inside your shirt with the zipper pockets facing towards your body.

Public computers can be handy during travel. They help confirm the location and address of that important board meeting, or to a café you promised you’d meet your old college roommate at while in town. Oh, the good old days! For research tasks, public computers are great. For personal information filled tasks, not so much. If you forgot to pay that electric bill before heading out on your trip, do not use a public computer to do so. Call your electric company and pay over the phone from a private location. Computers can store your personal account information, leaving it easily accessible for the next person who uses it.

If by chance your information is stolen, report it to your bank and the police immediately. Before traveling, make copies of your debit and credit cards, passport, and any other important information you are taking with you. Leave those documents in a safe location at home or with a family member. This way, if your identity is stolen, it’ll be easier for you to take the necessary steps to efficiently fix the situation. The less worries during travel, the better. Just be aware of your surroundings and be extra protective of your possessions. And have a safe trip!

This guest post was written by Cara Giaimo, a blogger for SimpliSafe. Cara covers issues regarding home security, safety, consumer technology, and crime; in her spare time, she likes running, jamming with friends, and making strange types of ice cream. SimpliSafe is a leader in the wireless home security field.

You use your smartphone and tablet everyday, but are you using it safely when you connect to public WiFi?

The Identity Theft Resource Center and PRIVATE WiFi invite you to participate in our co-sponsored research survey on Mobile Device Security. By contributing your insight, we will learn more about consumer usage habits when it comes to WiFi and security on their mobile devices.

itrc wifi

This allows the ITRC to understand the areas where consumers are most vulnerable and develop education and awareness addressing these issues.

“Consumers use their mobile devices to connect to the world around them and at PRIVATE WiFi, our goal is to make sure that these consumers are taking the necessary steps to keep themselves and their data secure,” said Kent Lawson, CEO of PRIVATE WiFi.

“This survey will help us learn more about how and why consumer us their smartphone and tablet. A better understanding of their habits, helps us make a better VPN product for our customers.”

The survey, consisting of 16 questions, only takes five minutes to complete. Questions include where and how you use mobile devices connected to WiFi. Once the survey has concluded, results will be available on the ITRC website via a published whitepaper.

Click here to complete the survey now!

When the Identity Theft Resource Center was founded, cybercrime and identity theft weren’t quite the “household name” hot topics that they are today. While the various forms of the crime aren’t going away anytime soon, what has happened is a cultural shift towards protecting your information and watching out for your data security.

The old recommendations for security-minded consumers used to sound pretty hard to follow. They were enough to make anyone question why they’d ever get online or carry a smartphone in the first place. Fortunately, as security has become easier to adapt to and there’s more of a public conversation surrounding it, the methods that we now consider best practices and good habits are becoming part of our lives.

While shredding old documents and making sure your privacy settings are set to the highest level might seem like common sense now, there are still a few things that are up in the air. New forms of cybercrime and new tactics on the part of hackers mean we still have “new” behaviors to adopt, just as we did years ago.

1. Two-Factor Authentication – If you’d told someone back when the ITRC was first formed that they would someday press a few buttons on their portable pocket telephone to pay for their groceries, they might have looked at you funny. But that reality is nowhere, and along with it comes the need for two-factor authentication. Some people think it’s a little bit of a hassle to have to login, wait for a text message, and then type the contents of that text into your login screen, but that is one of the best ways to ensure that a criminal isn’t remotely logging into your account.

2. Virtual Private Networks (VPNs) – While it might seem time-consuming to install and then activate a VPN every time you need to go online. However, it’s a great way to keep others from tracking your internet activity, especially if you’re connecting over public Wi-Fi networks. VPNs also let you view your content when you’re traveling, even if you’re in an area where that content isn’t under license, and they can help keep advertisers—or hackers—from tracking your internet searches for marketing purposes.

3. Password Protection – One of the easiest steps you can take in protecting your data just might be passwords, even though they’re certainly nothing new. The only new thing about passwords is our current understanding that strong, unique passwords are still not the norm; far too many people still rely on codes like “password” or “1234” when they’re trying to protect their accounts. It’s not only important to lock up your account with a long and random password that you only use on one account, but you really should change your passwords from time to time in order to thwart hackers.

While great strides have been made in informing consumers about privacy dangers, there’s still a long way to go. As cybercriminals come up with new methods to attack your data, we will continue to spread the word about ways to protect yourself.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

As millions of Americans discover annually, identity theft is above all else, a huge pain in the neck. It can be stressful and expensive. For many, the process of mitigating their case is above all else, time consuming. According to a recent Javelin study, the average identity theft requires 33 hours of a victim’s time to effectively deal with the fallout. The best way to bring this number down is to understand that you as the victim need to have your things in order. Organization and effective note taking are the best methods to limiting the amount of your life you will need to dedicate to cleaning up the damage caused by identity theft.

The amount of clean up that will be required obviously varies based on the amount and type of fraud one may be experiencing, but nearly all identity theft requires assertive action on the part of the victim to notify all the various involved parties (banks, creditors, government, law enforcement, etc.). Different entities will of course have their own interests to protect and motivations to act or not act a certain way. You might call the same creditor three different times and receive three different sets of instructions or pieces of information, which can be incredibly frustrating. It is imperative for a victim of identity theft to have all related documentation (affidavits, credit reports, police reports) readily available to whomever might need to see them in order to clear the victim of responsibility for any of the damage caused.

It is also essential for the victim to keep thorough notes detailing all interactions they’ve had relating to the cleanup of their case. Who they spoke to, what their title and affiliation was, and what instructions they gave. That way if the victim ever has to contact the same creditor or bank more than once (as is almost always the case), in the event they get conflicting instructions or positions from two different employees of the same entity they can immediately say, “Hey wait a minute, Peggy from accounting told me last week that I had to do x, not y.” Organized and thorough notes will save you from having to repeat steps, re-request necessary documents, and lends a great deal of credibility when you can produce written evidence of completing a certain step or interacting with a certain entity.

If you become one of the unfortunate millions of Americans affected by this crime each year, horde as much information about what happened as you can, organize it, and keep detailed notes. In the end it will save you countless hours of work, and will very likely be the difference between a complete mitigation, and dealing with lingering negative effects of your identity theft for an extended period of time.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

The Identity Theft Resource Center recently engaged in a partnership with Access, Inc. Access is a non-profit organization based in San Diego which provides access to education, workforce training and support services to empower at-risk youth and young adults in transitioning to achieve self sufficiency and economic independence. Access, a non-profit organization, recently contacted the Identity Theft Resource Center, asking if we would be able to provide training for each of their youth classes as they approach graduation.

What does identity theft have to do with at-risk youth? Part of the population that Access works with is foster youth. Many of these foster youth are approaching the age when they will be emancipated from the foster system. This is a scary time for any young adult, but in the case of many of Access’ clients it can also be a time of unpleasant discovery. When these young adults begin to engage in the process of applying for jobs, housing or government services, some will find that they have been a victim of identity theft. With this discovery, they find themselves economically crippled, and unable to make the transition into adulthood. Unfortunately child identity theft is all too common for any youth. However, at-risk-youth often find themselves the unknowing target of such fraud.

There are many reasons that foster youth are at higher risk than other youth. First, when a child is removed from a parent, the parent still retains all of the child’s sensitive Personal Identifying Information (PII). If a child is being removed from a parent’s custody, there are most likely problems that the parents are facing. Sometimes these parental problems are economic, and a parent will realize that one answer to the problem is to use their child’s personal information to create new unburdened accounts. Another issue for foster children is that their personal information is being moved constantly from one living situation to another, and access to this information is not always protected correctly. An average child will in general have to provide their social security number to a very limited number of people. However, a foster child’s personal information will be given to others again and again as they continue to receive governmental services. This condition, under which a foster youth’s information is moved and distributed often, raises the risk that the child will become a victim of identity theft.

It was with these concerns in mind that Access contacted the ITRC to provide training for both their staff and the youth in their program about identity theft. Trainings for Access staff focused on how identity theft occurs, signs that the child may be a victim, and how to protect the personal information of the children under their care. The trainings for the youth informed them about how to determine if they have been a victim, steps to take to go about clearing up their case, and ways to protect themselves in the future. Recent trainings have been wonderfully successful, and the ITRC will continue to work with Access to tackle the problems their young people face. It is the hope of the ITRC that these types of partnerships will continue to thrive and remain beneficial to populations which otherwise may not understand the issue of identity theft.

For more information on Access you can visit their website at www.access2jobs.org.

“A New Partnership to Benefit Foster Children” was written by Nikki Junker. Nikki is the Social Media Manager at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original article.