10 Don’ts Foreword author @tomjelneck on @Fox35Orlando

In recognition of Data Privacy Day, “10 Don’ts” foreword author Tom Jelneck appeared on Fox35’s “Good Day Orlando” program about ways to keep your data safe from hackers and other thieves.  You can watch the video via the link below — we are especially grateful to Tom for plugging the book on live TV!!

Direct Link: http://www.fox35orlando.com/good-day/83032189-video

Ed Snowden joins Twitter, follows only the NSA (@arstechnica)

In chapter 6 of 10 Don’ts, “Don’t Let the Snoops In,” we discuss in great detail NSA whistleblower Edward Snowden and the documents he released into the public domain.

The former spy, living in exile in Russia, currently only follows one other Twitter account — the NSA’s.  But Snowden has quickly amassed over 1.1 million followers of his own, from all over the world — as shown in this animated GIF released by Twitter:

The @Snowden account carries a blue check mark, indicating that his identity has been verified by Twitter. His only substantive conversation so far has been with Neil deGrasse Tyson, the astrophysicist and all-around science-communicator-guy, who recently interviewed Snowden on his show Star Talk Radio.

Full story: Ars Technica

Sign Up at irs.gov Before Crooks Do It For You (@briankrebs)

If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process.

Recently, KrebsOnSecurity heard from Michael Kasper, a 35-year-old reader who tried to obtain a copy of his most recent tax transcript with the Internal Revenue Service (IRS). Kasper said he sought the transcript after trying to file his taxes through the desktop version of TurboTax, and being informed by TurboTax that the IRS had rejected the request because his return had already been filed.

Full story: Krebs on Security

Consumer Alert: Virginia @AGMarkHerring Warns of Phishing Scam (@nbc29)

As we point out in the very first chapter of 10 Don’ts, “Don’t Get Phished,” criminals are getting more sophisticated when they craft phishing scams.  They’ll use real terminology, correct English, and proper company/organizational logos to increase the number of people fooled by these malicious emails.

Today, Virginia’s Attorney General Mark Herring (@AGMarkHerring) released a warning about a phishing scam being perpetuated via email, phone, and even social media:

Attorney General Mark R. Herring today warned Virginians to be vigilant for a major, ongoing “phishing” scam involving emails, phone calls, and social media messages purporting to be from the Attorney General and his office. The emails claim to be a “Final Legal Notification” from Attorney General Herring or his staff regarding debt owed to “Cash Advance, Inc,” or some variation thereof, or claim that an “arrest warrant” has been taken out on the recipient. The emails demand payment from the recipient to resolve the issues. In some cases, recipients may receive follow-up phone calls from the scammers perpetuating the fraud. The Attorney General’s Office does not operate in such a manner and the recipient should not respond to the emails or phone calls.

Full story: NBC 29

How Adopting BYOD Can Actually Make a Workplace More Secure (@techvibes)

“There’s one major difference between companies that adopt BYOD policies and those that don’t: those that don’t are far more vulnerable to attacks.

Now, that may seem counterintuitive—after all, aren’t BYOD programs supposed to open the door to greater security risks? That’s what everyone says, and there’s certainly new complications that come with BYOD programs.

However, companies need to realise employees are connecting their phones and tablets at work, regardless of whether there’s a BYOD policy or not. So with that in mind, companies that make efforts to regulate the devices on their networks are far more likely to be protected than those who don’t.”

Full story: Techvibes

Anthem hack: Seven ways to protect yourself right now (@zdnet)

The records of as many as 80 million customers of Anthem Health Insurance were breached last week.  Hackers may have obtained names, addresses, birthdates, medical histories, and other personal data of Anthem subscribers (or former subscribers), and are using this data in phishing attempts to further violate subscribers’ privacy.

So, if you’re one of the affected people, what should you do?  ZDNet writer Violet Blue has put together a list of seven helpful steps to take to protect your data.  Many of these precautions (such as two-factor authentication, password managers, etc.) are good ideas for everyone — not just Anthem victims — and we recommend many of these in 10 Don’ts on Your Digital Devices.

Full story: ZDNet

Phishers Pounce on Anthem Breach (@briankrebs)

“Phishers and phone fraudsters are capitalizing on public concern over a massive data breach announced this week at health insurance provider Anthem in a bid to steal financial and personal data from consumers.

The flood of phishing scams was unleashed just hours after Anthem announced publicly that a “very sophisticated cyberattack” on its systems had compromised the Social Security information and other personal details on some 80 million Americans.”

Full story: Krebs on Security

US health insurer Anthem hacked, 80 million records stolen (@thenextweb)

“Anthem, the US’ second-largest health insurer, announced today that it was the victim of a cyber-attack last week, in which its database of about 80 million records — including names, birthdays and social security numbers — was compromised.

Anthem reports that other personal member data like addresses, phone numbers, email addresses and employment information was also stolen. However, the company says that it has no evidence to show that credit card numbers, medical history, diagnosis or treatment data were exposed.”

Too early to know the source of this hack, of course.  But as we point out in 10 Don’ts, many of these attacks are made possible by human error — someone being phished or otherwise social engineered out of a password, someone storing private data in a public location, someone performing sensitive tasks over an open wireless connection, etc.

Full Story: The Next Web