How Secure Will ‘The Cyber’ Be Under Trump?

Here's why we need the CFPB to protect us from identity theft and maintain our cyber security.

I have to admit that when President-elect Trump uttered “the cyber” during the first presidential debate, I was right there with the tech community in the collective eye-rolling that followed. “The Cyber” memes were born, along with real concern about the candidate’s grasp on cyber security, and with the recent announcement of former New York City Mayor Rudy Giuliani as the cyber czar, those concerns multiplied.

The seeming “miunderestimation,” or possibly anti-comprehension, regarding something so crucial to national security may not on the surface seem like a consumer issue, but it is.

Our nation’s approach to cyber security at this juncture — beset by hostile state-sponsored attacks on our electoral process, expertise and secret information grabs from major industries and the federal government, and ransomware attacks —is a matter of the utmost urgency, and the President-Elect has said as much to his credit.

But Mr. Trump’s response can’t be just a marketing move or a branding opportunity — things he gets. There must not be merely the appearance of change — commissions talking and debating endlessly with little to show for it. There must be actual boots-on-the-ground solutions — now. Unfortunately, I don’t think that’s what will happen.

The Consumer Financial Protection Bureau specifically comes to mind—our nation’s most successful boots-on-the-ground agency — if Mr. Trump does as many are predicting he will do, and makes it yet another piece of President Obama’s dismantled legacy.

The CFPB was an important accomplishment of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. The agency is charged with protecting consumers from the predatory financial practices that brought about the economic meltdown of 2007 to 2008, and to watch out for signs of future trouble. The CFPB has the power to ban financial products deemed “deceptive, unfair or abusive” and to impose penalties on companies that take advantage of consumers.

Barring a judicial miracle, the current CFPB director Richard Cordray is almost certainly going to receive one of Mr. Trump’s signature “You’re Fired” communiqués. (Interesting side note, our President-elect doesn’t own that trademark.) Worse, an anti-CFPB former Texas Congressman, Randy Neugebauer, appears to be the leading candidate to get the job.

Among other things, the Distinguished Gentleman from Texas thinks payday lenders are too roughly treated by the CFPB and that all business contracts should contain mandatory arbitration clauses (barring class action suits). He also thinks that the CFPB should be headed not by a single director, but by a commission of people from both sides of the aisle. Those of us who support the CFPB believe that this would diminish the agency’s ability to go after dangerous practices that harm consumers in a timely and effective way.

The Trump transition team did not respond to a request for comment regarding it plans for the CFPB and/or Cordray.

This Is About Appointing the Right People

It was reported last week that the cyber security czar role in the Trump administration will fall to the President-elect’s close associate and campaign stalwart, former New York City Mayor Rudy Giuliani.

There is a connection here between what appears to be afoot at the CFPB and the next administration’s approach to cyber security — both represent bad decisions based on a basic incomprehension of what is at stake and what needs to happen next. The CFPB works, specifically the single-director approach. Instead of hiring an opponent of the agency to presumably dismantle it, we should be using it as a model to create a single-director federal agency that emulates the CFPB to oversee cyber security.

As it stands, Mr. Giuliani will be bringing together experts working on cyber security solutions and business leaders who are targeted by hackers from the energy, financial and transportation sectors. The next step that is missing here is a government agency that can fine entities that do not meet the threshold for cyber security best practices— mandated employee education, maintaining technology and tools, hiring experts — practices that the agency would determine and set as a standard. (You can learn more about how to protect yourself from cyber threats like identity theft here and monitor two of your free credit scores for signs of foul play every 14 days on Credit.com.)

In a recent interview, Mr. Giuliani said of the President-elect, “He’s going to elevate this to a very large priority for the government — and I think by doing this, he’s trying to elevate this as a priority for the private sector.”

As the Christian Science Monitor’s Passcode noted, quoting the former NYC mayor, the idea here is pretty simple: Trump will go straight to the public to “educate people on how important [cybersecurity] is, even to the point of their own personal protection.”

That is a fantastic idea that everyone should applaud. Whether the user is in the Pentagon or logging onto a free Wi-Fi network, our cyber security too often comes down to an individual clicking or not clicking on a malware-laden link or falling prey to some other security pratfall.

That said, any agency dedicated to cyber security would need to work closely with the military and intelligence communities, and would also have to focus its resources on real solutions to the dangers we face, many of them extinction-level threats. The person running it would have to be at the cutting edge of cyber security best practices.

When the news came down of Mr. Giuliani’s cyber czar role, experts almost immediately hit Twitter with reasons this was a bad idea. (Mr. Trump’s transition team also didn’t respond to request for comment regarding this choice. Guiliani was not readily available for comment either.) As happens, the cyber security community took a look at the website of Giuiliani’s cyber security company, giulianisecurity.com. They found serious problems, including expired SSL, no https and an exposed CMS login, to name a few. You don’t need to know what these things are, but the cyber czar sure does. There can be no “oops” in his or her record.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

Image: DeanDrobot

The post How Secure Will ‘The Cyber’ Be Under Trump? appeared first on Credit.com.

9 Ways to Protect Your Credit While Holiday Shopping

Here are nine ways to protect yourself while shopping this holiday season.

The holiday shopping season isn’t just a favorite time for retailers, but also for scammers who are hoping to take advantage of all that extra spending you’re doing.

That’s why I want to urge you to use caution this year. It’s easy to be focused on trying to find everything on your list and miss some of the risky behaviors you might be engaging in.

Here are some things you can do to protect yourself this holiday season.

1. Carry just one credit card with you and leave the rest at home. That way, you’ll minimize the risk if your wallet or purse is stolen.

2. Only shop at well-known stores. “Pop-up” stores are becoming increasingly popular, especially in major urban centers, but these stores may not always be legitimate, or they may not have the best payment security.

3. Cover your PIN when paying with your card so others can’t see it.

4. If shopping online, make sure the website is secure and provides a level of security and authenticity for your purchases.

5. Don’t lend your credit card to a family or friend. You may trust them, but you lose control of your card and if it’s stolen, it will be YOUR credit that could be affected.

6. Review charges while still in a store. It’s so easy to accidentally turn a $10.00 charge into a $100.00 charge.

7. Be cautious when filling out forms, such as those for home delivery, extended warranties, rain checks, etc. These forms contain a lot of personal information that can easily be used by a scammer or identity thief. Ensure that the form is received by a store employee.

8. Keep all receipts for every purchase you make. When your credit card statement arrives, sit down and go line by line through each purchase, comparing the purchase on the statement with your receipts. This seemingly daunting task will not take as long as you think it will, and your credit will benefit, since too much debt can hurt your credit scores.

9. Never spend more than you can immediately pay back. Even if the deal is really good, you’ll lose the benefit of the discount if you can’t pay off your credit card before you are charged interest, so set a budget.

The holidays can be a lot of fun and a good opportunity to get some deals, but make sure to follow these tips so you come out ahead and your credit is protected.

[Editor’s note: Regularly checking your credit scores can help you recognize quickly if you’ve been a victim of fraud. That’s because your scores can be vulnerable to major spending changes. You can get your two free credit scores, updated every 14 days, on Credit.com.]

Image: Eva-Katalin

The post 9 Ways to Protect Your Credit While Holiday Shopping appeared first on Credit.com.

Nearly All Data Breaches Happen in Minutes, Report Finds

identity_theft

Most data breaches happen fast — in a matter of minutes, according to a new Verizon report — but the impact on you and your credit report could make for a very long lasting financial headache.

Cybercriminals institute data breaches to steal your Social Security number, credit card number, bank account information and many other forms of personal financial information. And according to the latest Verizon 2016 Data Breach Investigations Report, these thieves still find success with phishing emails. Per the report, 30% of phishing messages were opened. This compares to the previous year figure of only 23%. Meanwhile, 13% of those clicked to open the malicious attachment or nefarious link.

Regardless of what method was used to compromise sensitive data, in 93% of cases, attackers were able to compromise systems in just a matter of minutes.

Verizon anaylzed more than 2,260 confirmed data breaches and more than 100,000 reported security incidents, finding that 89% of all attacks involve financial motives while ransomware attacks were up 16% from 2015. Meanwhile, 63% of data breaches were thanks to weak or stolen passwords.

Also blamed for data breaches are ‘miscellaneous errors,’ which can include improper disposal of sensitive information, misconfiguration of IT systems, and lost and stolen devices, such as laptops and smartphones. These errors also include people mistakenly sending sensitive information to the wrong person, which accounts for 26% of these errors, Verizon found.

What Can You Do About It?

When your information is stolen, thieves will typically sell it — or use it for themselves — to open as many accounts as fast as they can in your name. Unfortunately, you may not find out about it until you’re applying for a mortgage, opening a line of credit or financing a car, when it’s already too late.

You can, however, take a few simple steps to help protect yourself from cybercrime. For starters, you can implement a two-factor authentication for your applications and social networking sites, encrypt your data and limit who is authorized to access it. It is also helpful to be familiar with the signs your identity has been stolen or your credit information has been compromised.

Staying informed about your credit scores and individual credit accounts is also helpful in minimizing any damage done by data compromises. You can check your free annual credit report every year at AnnualCreditReport.com, and keep track of your credit scores by viewing your two free credit scores, updated monthly at Credit.com, to make sure there aren’t any fraudulent accounts on your file. You can also go here to learn what to do if you are victim of identity theft.

More on Identity Theft:

Image: Anchiy

The post Nearly All Data Breaches Happen in Minutes, Report Finds appeared first on Credit.com.

The Typo That Can Get You Hacked

online_security

Here’s another reason to be extra careful about what you type into your web browser.

Cybersecurity firm Endgame has unearthed a new spin on the good old “typosquatting” scam — the practice of purchasing domain names similar to legitimate websites (Think Gooogle.com) in hopes that a small keyboard snafu nets hackers access to your computer.

The new scam aims to install malware on devices after users accidentally type “.om” instead of “.com” after popular urls. Endgame discovered the scheme after one of its employees mistakenly typed “Netflix.om” instead of Netflix.com when attempting to watch the latest season of House of Cards earlier this month.

Per a company blog post:

“He did not get a DNS resolution error, which would have indicated the domain he typed doesn’t exist.  Instead, due to the registration of “netflix.om” by a malicious actor, the domain resolved successfully. His browser was immediately redirected several times, and eventually landed on a ‘Flash Updater’ page with all the usual annoying (and to an untrained user, terrifying) scareware pop-ups.”

After doing some more research, Endgame found the streaming service wasn’t the only popular url being “om’ed. Though some sites bearing that ending were legitimate, 319 .om domains appeared to have some type of scheme attached to them. (Fake Flash Updates, for instance, are commonly linked to a well-known malware named Genio that attaches itself to web browsers and mines for data.)

You can see a full list of the potentially dangerous domains here. It’s important to note you could also be in trouble if you typed the “c”, but misplaced the period. (Example: bestbuyc.om or cnnc.om.) This particular typosquatting game was easy for hackers to play, Endgame said, since “.om” is the country-specific domain name for Oman.

Protecting Yourself

Phishing and malware schemes are common attempts by scammers to get your personal information. For better Internet safety, it’s generally recommended you stick to trusted and encrypted websites (double-check, of course, the spelling of each address); refrain from clicking on links in unsolicited emails and keep your security software up to date.

It’s also good to monitor financial accounts regularly for fraud, and keep a close eye on your credit since a sudden drop in credit scores or unfamiliar line items on a credit report are signs identity theft is occurring. (You can do so by pulling your credit reports for free each year at AnnualCreditReport.com and viewing your credit scores for free each month on Credit.com.)  If have fallen victim to an Internet scam, you might also consider freezing your credit reports to keep new accounts from being opened in your name. And you can go here to learn what to do if you’ve already spotted identity theft on your credit report.

More Reads From Credit.com:

Image: moodboard

The post The Typo That Can Get You Hacked appeared first on Credit.com.