ICFE eNEWS #15-01 - Jan 5th 2015

CyberSecurity 2014: Lessons Learned

The "ICFE’s Certified Identity Theft Risk Management Specialist" - CITRMS® educational and certification testing program is now in its eighth year with over 3500 certificants. The main purpose is to comprehensively prepare and equip law enforcement professionals, financial planners and CPA's, resolution advocates, notaries, lawyers, credit and debt counselors, through education, testing and computer software training, with the knowledge and skills necessary to help consumers and businesses fully assess and minimize their present risk of credit and identity theft. All of these professionals - who are now the front line of defense in the fight against credit and identity theft for their clients and constituents - will also have a heightened sense of awareness about this so-called silent crime.

By Stephen Cobb, ESET Security Researcher

From Target to Sony, 2014 has been quite a year for cyber security and cyber crime making headlines. As the year began, shoppers were hit with the news that not just Target but several other large retailers had been hacked by criminals who stole customer and payment card data; big-name victims included Neiman-Marcus and Michaels. Banks and credit unions scrambled to replace tens of millions of compromised credit and debit cards at a cost that ran into the hundreds of millions of dollars.

The list of retail victims was joined by The Home Depot, from which data on 56 million payment cards were stolen, along with 53 million customer email addresses. Restaurant chains were also hit, with P.F. Chang’s revealing that 33 of its locations had been hacked for eight months; Dairy Queen confirmed that about 400 locations in 46 states were breached. Other notable breaches include the theft of personal data from more than 800,000 employees of the U.S. Postal Service, and the hacking of eBay that exposed email and postal addresses, plus log-in credentials, for more than 145 million users.

One potential upside of all this criminal activity has been the general public’s increased level of awareness and education about the realities of cyber crime.

Five actions consumers can take right now
These simple steps won’t make you bulletproof, but they will reduce your chances of taking a cyber hit, and improve your ability to bounce back if something does go wrong.

Monitor your accounts
Most banks and credit card companies offer text alerts to your smartphone whenever a purchase is made. Don’t resist this because it sounds annoying; the first time you catch a suspicious transaction, you will know it’s worth it. You can customize alerts for frequency, out-of-area transactions or purchases over a set amount.
Use strong passwords and vary them site to site
The theft of tens of millions of user names and passwords from companies like eBay and Adobe reminds us that we must use different passwords on each account, so that compromising one doesn’t expose all the others. Passwords don’t need to be random character strings like R!sx4gd89*—try a pass phrase instead, like Takemeout2theballpark!, that’s easy to remember but still strong because of its length and mix of characters and numbers.
Scan devices using antivirus software
Just about every major cyber crime that made headlines in 2014 involved some form of malicious software or malware. While companies need to do a better job of keeping malware out of their systems, consumers need to keep devices and home networks clean as well. Scan all devices regularly, with antivirus software or full anti-malware suites that scan files, block links to malicious websites, and monitor system memory and device connections for malicious activity.
Keep software up to date
Keeping the apps and operating systems on your computers and other digital devices up to date greatly decreases your chances of being hacked. That’s because the underground markets offer a wide range of “exploit kits” for sale or rent that can determine what programs your computer is running. When it finds a program that has an unpatched vulnerability, the exploit kit runs code to infect your computer with malware.
Back up your files regularly
Today, there are more options than ever for backing up your systems and files. Phones and tablets can be backed up to laptops and desktops, or to remote storage, typically referred to as “the cloud”. Those laptops and desktops can be backed up to the cloud as well, but also archived onto local storage such as a USB hard drive. Doing both is a good idea.
Three lessons for companies
Lessons for company IT departments from the last 12 months of cyber crime include appropriate network segmentation and diligent network monitoring – both of which could have thwarted the Target breach. Network segmentation means only allowing access to systems on a “need to know” basis; for example, your suppliers should not be able to see your internal accounting system. Network monitoring means that whenever someone tries to move sensitive data from the network to an inappropriate recipient an alert is triggered and someone responds immediately.
Three obvious yet often ignored lessons have been underlined by the ongoing penetration of systems belonging to Sony Pictures Entertainment.
Use self-control
Never say anything in a digital communication that you wouldn’t want your mother to read. Why? Because nobody can guarantee that your communications – emails, text messages, snapshots, etc. – will not end up in the public domain.
Plan for the worst
Companies cannot afford to say and do whatever they like without risking digital consequences. Your website is open to everyone and some may take exception to your values. If your Web content might provoke some people, you have to make doubly sure your systems are well-protected.
Allocate budget for IT security
Making sure systems are well-protected can be expensive. JPMorgan Chase stated publicly that its annual IT security budget, which had been about $250 million, is likely to double over the next five years. While $500 million is roughly one-sixteenth of the entire FBI budget, it seems $250 million was not enough to keep the bad guys out.
More tips from ESET and its experts on staying safe online visit EnjoySaferInternet.com


About ESET
Since 1987, ESET® has been developing record award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit Eset.com or follow us on LinkedIn, Facebook and Twitter.

ICFE eNEWS is available FREE upon request by visiting the ICFE's Web site and filling out the contact form, selecting "Yes" for "Add to Mailing List." Please pass this eNEWS on to your peers and interested others and invite them to subscribe for free. Also, visit the ICFE's new Web site: StudentDebtHelp.org

Sent by:

Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)

ICFE - Institute of Consumer Financial Education - ICFE.info - 619.239.1401