Archive for the ‘Web’ Category
@Beaker’s Tweets O’ the Week…
Last Updated on Sunday, 18 March 2012 02:40 Written by Celframe Security Team Saturday, 22 September 2012 08:35
Here they are…*some* of my favorite Tweets O’ the Week that I curated:
Unless you like fish, stop chasing red herrings.The hypervisor is/should be the least of your security concerns in a virtualized environment. The ops & mgmt layer should beThe next 1 of you (us) who starts whining about how broken our industry is without doing anything about it gets posted to the hamster wallThis is the new norm I call anti-FUD FUD: security vendors shitting where they eat in an (em)pathetic attempt to gain cred. How ’bout fixin?Congrats on $60MM funding @appirio. It’s great u’ll be able to afford to create even more BS marketing contests you rig the outcome to ;pProtip: The state of the Security Industry always looks like shit in the middle of a “breaker” hacker con. By design. You’re welcome.More negativity, navel gazing & security apocalypse hype. Funny how “experts” doing the sky-is-falling chicken dance never propose solutionsAwkward moment today: someone presenting me slides re: Cloud Security that I built on an initiative I created and a group I lead. o_OOh! Right! Cloud security, visibility & transparency. Why didn’t I think of that?!North by Northwest is basically the Hitchcock version of Anonymous, Wikileaks…with biplanes and better acting.I will soon utilize HTTPS/SSL to encrypt all my tweets. Those of you who are not Beaker Certified will be unable to decipher my madnessOut of complete ignorance: is SXSW like Burning Man for nerds who only discuss things that are battery operated?What a bunch of chicken shits. 20 DM’s later and 18 of you vote @MikD as the Ryan Seacrest of Infosec. Like that’s a bad thing?My twitter follower count goal is 90210 – that way I can claim I am the Tiffany Amber Theisen of Twitter. It’s the little things…Single best way to get uninvited back to weekly meetings is introduce the fact that the host’s model construct for an argument is flawed.Oh $gawd. What a bunch of cockblocking going on with respect to $openwashing & who started what. Sigh. #getonwithitalreadyI just sent the most awesome f’ing internal email ever. If there was EVER a reason for REPLY-ALL, *this* would be it. GRAB YOUR RED STAPLER
Did I miss any?
Last Updated on Monday, 26 March 2012 05:41 Written by Celframe Security Team Thursday, 20 September 2012 04:04
Placing fraud alerts or fraud warnings on your credit reports is a good identity theft prevention control. You need to place them on your credit reports as soon as you discover or even suspect possible identity theft. There are currently two types of alerts that you can place on your credit reports; initial alert and extended alert.
The purpose of the alerts placed on your credit reports is to alert the businesses which do business with you regarding your possible identity theft and fraud case and encourage them to contact you and confirm your identity if a transaction is initiated under your name. This is to make sure someone else is not getting loans or opening new credit accounts under your name for example. Although this may not be effective in stopping your identity theft if businesses do not contact you to validate your identity, you may have legal options in case of an identity theft if it occurs after you placed the alerts. Plus, it's better than having no control at all. To validate your identity, businesses will call you at home or your business number available on your credit files. That’s why it’s a good idea to have your current phone number properly listed and validated with the credit reporting agencies to help businesses find you as quickly as possible.
You may place a fraud warning by contacting the credit reporting agencies and it may take them 24 hours to activate the alert on your credit files and send you the confirmation.
An initial alert placed with any of the 3 credit reporting agencies stays on your credit report for 90 days and you should typically place an initial alert when you suspect you are a victim of identity theft or are even about to become one. It’s a very good idea to place an initial alert if and when you lose your identity cards, passport, wallet or any other identity component, which cannot be readily found. Although, the credit agency where you placed your fraud alert is required to share the information with the other 2 agencies, it’s always a good idea to contact the other ones as well and place separate alerts just in case there is a failure in the process which I’m sure is extremely rare, right? I mentioned placing an initial alert on your credit report is a good idea when you suspect someone is either using or even considers using your financial identity, and I also suggested placing fraud alerts when you lose your personal information like a credit card to prevent potential identity theft. What I would also add to my statements is to place a fraud alert on your credit reports at all 3 agencies regardless of your suspicions of someone using your identity or whether you have lost your personal information because I just think that businesses should validate an identity before completing transactions anyway and they need to be reminded if they forget to do so. You should consider placing a fraud alert and then renewing that alert every 90 days. This way, you know for sure creditors are warned to contact and validate your identity before granting credit by opening new accounts. If you're worried about remembering when to renew, don't worry, many companies now provide automated services to place and renew the alerts. This is the latest control and most effective in preventing identity theft other than credit or security freeze implemented in some states and being considered in others which will require your involvement to lift the freeze before agencies can release your credit reports to creditors.
Placing fraud warning or alerts on your credit files is a great way to prevent credit identity theft if businesses take them seriously and some identity theft prevention services sold in the market these days can place the alerts for you and automatically renew the alert every 90 days for a fee. So, if you have tendency to forget or have little time for placing and renewing fraud alerts, consider subscribing to such services which according to recent statistics greatly reduce the risk of identity theft by asking creditors to contact you in order to open new accounts or extend existing credit limits. The only problem with fraud alerts in my opinion is that businesses may not take the alerts seriously enough to validate identities before granting credit as more people routinely place them these days, although I think it makes a of business sense to do so. However, the Red Flags Rule clearly requires businesses to take them seriously and verify identities before granting a new line of credit.
You can place your free initial fraud alert at either or both links below:
Equifax Fraud Website
TransUnion Fraud Website
You can also place an extended alert on your credit reports when in fact you have become an identity theft victim. To place an extended fraud alert, you will need an identity theft report. The extended alert will stay on your report for 7 years, but don't worry; you can remove the alerts at any time by contacting the agencies. An extended report also entitles you to 2 free credit reports from each one of the 3 agencies.
Learn why credit freeze may be a better option than fraud alerts for some people.
Bad Business Reputation
Last Updated on Sunday, 15 April 2012 11:16 Written by Celframe Security Team Saturday, 8 September 2012 02:08
One of the major business risks is a bad business reputation which can have devastating consequences on the business profits or even the viability of the business as consumers might not want to do business with a company which has a bad image due to integrity issues and other reasons. Customer loyalty takes time to build and all it takes for it to disappear is bad word of mouth and negative business publicity. As mentioned, bad business publicity might be due to lack of business integrity or other factors such as mass unorganized and unmanaged layoff, employee mistreatment, lack of investment in communities where the company does business, lawsuits, hiring employees with criminal background, etc. However, one of the major contributors to the negative business image is the publicized theft of customer private information for curiosity or fraud purposes.
Often when businesses lose their customer information or detect fraud, they offer identity monitoring services to their customers which is cost free to customers but not headache free. Businesses offer the identity monitoring services to their customers primarily for two reasons. First, because it is sometimes the law and second because it is a good business practice to minimize fraud losses and contain brand damage. However, there is also a third reason why companies offer identity monitoring services which is to dump the responsibility for their negligence on customers while they try to save their company image after damage is done. Actions taken after identity theft and fraud occur are less productive than actions taken to prevent theft and fraud. Even when consumers follow the company instructions to sign up for identity monitoring services, they still have to follow up with suspicious activities to make sure they are authorized or fraud cases to clean up the mess. Therefore, the loss of customer information by businesses and more importantly the occurrence of identity fraud can be devastating to business reputation especially if they are highly publicized. A bad business reputation due to loss of private information which consumers have shared with the company when they were asked to share can take time to reverse course and gain the customer trust again. Identity theft and fraud can be prevented with proper risk assessments, documented and communicated policies and procedures, employee training, monitoring of account activities and management oversight. We all understand the increased sophistication and impact of identity fraud cases as time goes by, however, there are many less sophisticated fraud cases which can be prevented if companies are willing to take this crime seriously and take the necessary actions to prevent identity theft and fraud. Financial losses from unjustified risk acceptance and bad business practices may be written off, however, lost customer loyalty and trust as well as bad business reputation can not be written-off or reversed overnight which can ruin a company.
In conclusion, it is very important for businesses to implement an effective identity theft and fraud prevention program to comply with the identity theft regulations and reduce their risk of bad business reputation. If businesses successfully implement practices which prevent identity theft and stop fraud, they can save their business reputation and money spent for fraud write-off, recovery and identity monitoring. And more importantly they can keep their customers and maintain competitive advantage within their respective industries.
To prevent bad business reputation due to identity theft and fraud, visit Identity Management Institute for solutions.