Mark Pribish

National Cyber Security Awareness Month Promotes Education and Awareness

By Mark Pribish
Vice President and ID Theft Practice Leader

This month is National Cyber Security Awareness Month (please see here) - which is celebrating its 15th year - to raise awareness and education about the importance of cyber security.

This year's theme is based on how "cyber security is our shared responsibility and we all must work together to improve our Nation's cyber security," including the following key objectives:

  • Strengthen the Nation's cyber security ecosystem
  • Cyber security is a cross-cutting, cross-sector challenge, so we must tackle it together
  • Increase and strengthen the cyber security workforce across all sectors
  • Secure critical infrastructure from cyber threats

If your organization or business is interested in participating in or learning more about National Cyber Security Awareness Month (NCSAM), you can go to this link NCSAM 2018 Toolkit including a comprehensive guide to engage and promote NCSAM.

To support Cyber Security Awareness Month, I accepted an invitation to speak to students at Grand Canyon University in Phoenix Arizona last week whose focus/major are cyber security and information technology.

I have listed below a number of my discussion points that range from consumer ID theft to data breach events impacting nearly everyone and every business in the United States.

  • You may think you have control of the information that flows through your business, but you likely don't - and you likely can't easily. Identity theft has become so lucrative that criminals have turned away from individual targets and are focused instead on obtaining complete files of personal information including two recent examples:

  • Cyber thieves and ID theft criminals are counting on both consumers and businesses - especially small to medium businesses - to be complacent.
  • Breach fatigue is happening where consumers and businesses are sick and tired of the ID theft and data breach news headlines and are now beginning to ignore the problem.
  • Advancement in technology, the Internet of Things (IoT) and increased connectivity, and smarter/evolving hackers all drive the evolution of cyber risk - and businesses and their employees that do not keep pace with the latest cyber security trends will be exposed.
  • According to Beazley's Breach Report and Verizon's Data Breach Investigation Report, the insider threat including social engineering and human error were directly involved in 65% of successful breaches.

I also talked about how research suggests cyber Security skills shortage is getting worse (please see here) and how new data shows that a growing cyber Security skills gap.

To conclude, I would ask every business how valuable is your customer data and what is your cost if it is lost or stolen?

I would also ask does your business have a data breach response policy, an information security and governance plan, and employee privacy training program to prevent or be able to respond to data breaches?

The fact is, many businesses - especially small businesses - play the wait-and-see game, and risk potential fines or business failures after a data breach event. Alternately, you can get ahead of the threat landscape and participate in and learn from National Cyber Security Awareness Month. Hopefully the choice is obvious.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Here's How to Avoid Crypto Stock Scams

By Council of Better Business Bureaus. October 2, 2018.

This article is part of a series on the emerging world of digital assets. Additional articles explore Initial Coin Offerings, digital tokens, the virtual currency regulatory landscape, and tips to avoid fraud and scams in this area.

Sometimes a succinct warning is better than a long explanation. If you are thinking about investing in the stock of companies that tout the potential of high returns associated with cryptocurrency-related - use caution. Do your research, and only invest money you can afford to lose.

In an emerging sector like crypto, it is not unusual to see both legitimate start-ups and not-so-legitimate players emerge. And with the latter category, these new companies or their promoters have been known to make glorified claims about new cryptocurrency-related products, services and other connections - including activities related to blockchain technologies and Initial Coin Offerings - in an effort to raise the market price of their shares. And even when legitimate companies begin to emerge within a hot, new sector, fraudsters almost always await the unwary, mimicking the most successful business models as a ruse to steal investors' money. They exploit the news to launch their latest frauds du jour without the business fundamentals and transparent financial reporting to back up such claims.

Don't be fooled by unrealistic predictions of returns and claims made through press releases, spam email, and telemarketing calls or those posted online or in social media threads. These actions may be signs of a classic "pump and dump" stock fraud. To learn more, check out this Anatomy of a Pump and Dump infographic.

Follow These Tips

If you are contemplating a crypto-related stock investment, here are six tips to help you steer clear of scams:

  • Do not say "yes" to cryptocurrency stock purchases from an aggressive cold caller, even if the claims sound plausible, particularly if the recommended stocks are very low-priced. Don't feel guilty about hanging up. Not answering at all, or putting down the phone, are generally the best and safest responses to a cold caller or anyone aggressively pitching low-priced stocks or other investment opportunities.
  • Be suspicious of anyone who makes guarantees that an investment will perform a certain way, or makes pushy sales pitches that encourage you to "act now."
  • Use FINRA BrokerCheck® to the check registration status of, and for additional information about, the people and firms who tout these opportunities.
  • Check the SEC's EDGAR database to find out whether a company files with the SEC. If so, read the reports and verify any information you have heard about the company. But remember, the fact that a company has registered its securities or files reports with the SEC doesn't mean that the company will be a good investment in general - or the right investment for you.
  • Be wary of stocks with huge spikes in price: this could signal potential manipulation or fraud.
  • Know where the stock trades, and pay attention to any cautions associated with the stock. Most stock pump-and-dump schemes tend to be quoted on an over-the-counter (OTC) quotation platform like the OTC Markets, which provides icons to warn investors of concerns associated with a given company. These include a stop sign to indicate the company cannot or will not provide important information to regulators, exchanges or the OTC Markets - and also a skull and crossbones to warn that the security, company or a person who controls the company might be involved in a spam campaign, questionable marketing, regulatory action or more.

To learn more about investment scams, read the FINRA Investor Alert: Stock Spams and Scams.

To receive the latest Investor Alerts and other important investor information sign up for Investor News.

To report a scam, go to BBB Scam Tracker (BBB.org/scamtracker). To protect yourself from all kinds of scams, visit the BBB Scam Tips page (BBB.org/scamtips).

Stay up on the latest scams by subscribing to BBB Scam Alerts emails. BBB Serving Central Virginia contributed to this report.

If you believe your identity has been stolen, call 866.SMART68 today!