May 13, 2016

Five Steps to a Squeaky-Clean Online Identity

Five steps to managing your online identity and ensuring that when someone Googles you, they see the personal brand you build.
By William Arruda
Five_Steps_to_a_Squeaky-Clean_Online_Identity.png


In 2004, I delivered a personal-branding presentation that, for the first time, included a slide that asked the question: “If you don’t show up in Google, do you exist?” That slide got a huge audience reaction and has been in virtually every presentation I have delivered since.
The answer to the question is no, at least as far as hiring managers and executive recruiters are concerned.
But what if you do show up in Google, and what Google reveals is either unflattering or inconsistent with how you want to be known?
Googling (performing a Google search on someone) is quickly becoming the standard reference check in job searches and a key filter hiring managers and executive recruiters use to evaluate and cull candidates. Studies reveal that executive recruiters Google candidates and have eliminated candidates from the running based on their Google results. So knowing what Google says about you is important, and proactively managing your online identity is an essential element in your job-search strategy.
For $100K+ earners like yourself, you don’t have the same concern about beer-funnel photos that younger managers do, but that doesn’t mean that your online profile is squeaky clean.
There could be content online that does not represent who you are and what you have to offer prospective employers. We call this undesirable content “digital dirt.” Digital dirt includes any Web-based content that will prevent you from reaching your goals.
There are two kinds of dirt:

1. Self-posted dirt.
That’s right, you may have muddied up your own profile. The good news is that most of this self-created content can be easily vacuumed up. But it’s important to note what constitutes “dirt.” Remember, it is not just outright negative or inappropriate content that qualifies as dirt; if you have revealed a little too much about your political views or posted a comment to someone’s blog that is replete with typos and misspellings, you might be removing yourself from consideration for some jobs.
Too much content about what you did in a previous life can also impede your prospects. Be sure virtually everything you post on the Web reflects your unique value and positions you for the role you seek to fill.

2. Dirt posted by others.
This is a much more insidious kind of dirt and typically much harder to clean up. I once had a client who was fired from his investment-industry job, and a Wall Street Journal story about the seemingly fraudulent transactions in which his company was involved included his name. In fact, the word “fraud” was only three words away from his name in the Google description! It was a major problem for him since this data showed up as the first item in a Web search on his name. He was unable to get the Wall Street Journal to remove the story from its Web site.
Like it or not, today your Google results are as important as your resume or cover letter. So as you seek your next role, you must focus on building and maintaining an accurate and compelling online profile. Here’s the five-step process for managing your online identity — sweeping up as much digital dirt as possible.

Step 1: Know what’s out there.
The first step to resolving most challenges is to get the right information. In this case, the information you need is available just by Googling yourself (also known as “ego-surfing”). To help make sense of your Google results, use this free tool: www.onlineidcalculator.com. When evaluating your results, focus on the first three pages of results. Those who perform Google searches rarely look beyond Page Three. Once you know what is out there and where you fall on the digital scale, you can make a plan to address it.

Step 2: Know what you want your Google results to say. 
Now that you know what is out there, you need to think about what you want your Google results to look like. You can’t get from here to there if you don’t know what “there” looks like. It’s time to uncover and define your personal brand. You need to answer these questions:
  • What do you want to be known for?
  • What makes you stand out from all your peers?
  • What’s your area of expertise/thought leadership?
  • What words do you want people to use to describe you?
  • What are your greatest accomplishments?
Learn more about personal branding here: http://www.reachpersonalbranding.com/about/personal-branding/.

Step 3: Clean up the dirt and enhance your digital image.
If you posted anything that might be considered inappropriate or perhaps comes from a past life, remove it. If you have dirt that was posted by others, first ask those who posted it if they will remove it. If you can’t wipe your digital identity clean, you must create enough high-ranking content to move that dirt beyond page three (Steps 4 and 5 below); or, you must at least ensure the “clean” sits alongside the dirt so people have a better understanding of who you are.

Step 4: Build your own place on the WWW.
The best way to get people to understand exactly who you are is to tell your own story. First, you must buy your own domain name — e.g., www.williamarruda.com. You can buy domains at www.godaddy.com. Then you can build (or have built for you) a personal Web site. Blogging platforms such as TypePad and WordPress are great tools for building a Web site — even if you choose not to blog. Remember to include:
  • Your bio
  • A professionally taken headshot
  • Links to all relevant content on the Web about you (making it a one-stop shop),
  • Testimonials from people who have worked with you
  • Proof of performance (PDFs of presentations, video, audio clips, and so on.)
  • Links to Web sites and content on the Web that you think are valuable and help showcase your area of expertise or thought leadership.
Ensure your site content and style reflect your personality. Use color, fonts and imagery to bolster your brand attributes.

Step 5: Use Web 2.0 tools to enhance your online ID.
If you aren’t ready for your own Web site or would like to increase your volume of Google results, take advantage of all the social-networking sites that are available — like LinkedIn, Naymz, Ziki and Ziggs (and countless others). Include your branded bio, professional headshot and other relevant information. You need not use the social networking aspects of these sites (in fact, you won’t have the time to be an active participant on all these sites), so use LinkedIn for networking and the others to enhance your online ID.
In addition, find blogs related to your area of expertise (www.technorati.com is a blog search engine that will help you find relevant blogs by keywords), and subscribe to them. Then append relevant comments to blog posts when you have something valuable to contribute. This becomes part of your online identity.
Of course, your Google results change all the time, so you need to be vigilant. I suggest Googling yourself weekly and subscribing to Google Alerts for your name (www.google.com/alerts). Then, every time something shows up on the Web with your name on it, you’ll be the first to know.

William_Arruda.jpgCredited with turning the concept of personal branding into a global industry, William Arruda is the founder of Reach Personal Branding and author of "Career Distinction" and the upcoming book, "Ditch. Dare. Do!" You can learn more about him at www.personalbranding.tv.










Source: http://info.theladders.com/career-advice/5-steps-squeaky-clean-online-identity?utm_source=wednesday_newsletter_email&utm_medium=email&utm_content=guest_article_william_arruda&utm_campaign=wednesday_newsletter

New Attack Reported by Swift Global Bank Network

Thieves have again found their way into what was thought to be the most secure financial messaging system in the world and stolen money from a bank. The crime appears to be part of a broad online attack on global banking.

New details about a second attack involving Swift — the messaging system used by thousands of banks and companies to move money around the world — are emerging as investigators are still trying to solve the $81 million heist from the central bank of Bangladesh in February. In that robbery, the attackers were able to compel the Federal Reserve Bank of New York to move money to accounts in the Philippines.

The second attack involves a commercial bank, which Swift declined to identify. But in a letter Swift plans to share with its users on Friday, the messaging network warned that the two attacks bore numerous similarities and were very likely part of a “wider and highly adaptive campaign targeting banks.”

The unusual warning from Swift, a copy of which was reviewed by The New York Times, shows how serious the financial industry regards these attacks to be. Some banking experts say they may be impossible to solve or trace. Swift said the thieves somehow got their hands on legitimate network credentials, initiated the fraudulent transfers and installed malware on bank computers to disguise their movements.

“The attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both,” Swift said in its warning, which is expected to be posted on a secure part of its website on Friday.
Security experts who have studied the attacks said the thieves probably were lurking inside the bank systems for months before they were detected.

In its warning, Swift pointed to another worrying situation: that the gang of thieves may have been able to recruit bank employees to hand over credentials and other key details.
In both cases, the core messaging system of Swift was not breached; rather, the criminals attacked the banks’ connections to the Swift network. Each bank is responsible for maintaining the security of its connection to Swift. Digital criminals have found ways to exploit loopholes in bank security to obtain login credentials and dispatch fraudulent Swift messages.
“As a matter of urgency, we remind all customers again to urgently review controls in their payments environments,” Swift urges its customers in the letter to be sent on Friday.
Banks — like many major corporations — are constantly under attack by criminals, seeking to find the weak point in their defenses. An attack in the summer of 2014 on JPMorgan Chase compromised the accounts of 76 million households and seven million small businesses, but no money was stolen. Thieves frequently steal bank customer’s A.T.M. and credit card credentials.
But these attacks involving Swift stand out, because millions of dollars were stolen — not from a large number of customers, but from the banks themselves. It is as if the thieves used their hacking skills to reach inside a bank vault.

Emboldened and enriched, the thieves are likely to strike again, security experts predict.
“An event like this changes the risk profile for the banking system, since the attackers will inevitably reinvest some of their profits in new large-scale attacks,” said Paul Kocher, a security and encryption expert who is the president of Cryptography Research, a division of Rambus.
Initially, many banks and security experts dismissed the Bangladesh attacks as brazen, but probably isolated, events in a developing country. A stream of news reports from the capital of Dhaka cited rudimentary technology at Bangladesh Bank, like a $10 router and an absence of firewalls. Bangladesh officials have blamed the New York Fed, saying it failed to block the fraudulent transfers.

On Tuesday, representatives from Swift, the New York Fed and Bangladesh Bank met in Basel, Switzerland, to discuss the breach and the vulnerabilities it exposed in the system.
In a joint statement, the three sides said they had agreed to cooperate in trying to “bring the perpetrators to justice, and protect the global financial system from these types of attacks.”
But the details of the second attack — which Swift said occurred in the last few months — suggested a highly sophisticated threat that did not necessarily hinge on weak digital defenses. Swift declined to say how much money was stolen from the bank, which was not located in Bangladesh.

Somehow the thieves obtained a valid Swift credential that allowed them to “create, approve and submit” messages on the network. Those messages — sent from PCs in the bank’s back offices or from laptops — were then used to move money from one of the bank’s accounts.
Many banks have a system of checks and balances by which they can validate and review transactions to root out fraud.

But in this latest case, the thieves used a form of malware that targeted a PDF reader that the bank used to confirm that payments had been made. The malware, according to Swift, then manipulated the PDF to “remove traces of the fraudulent instructions.”
That the thieves knew that the bank used a PDF program to confirm its payments shows the level of detail gleaned about how the particular system worked. At Bangladesh Bank, Swift transactions were tracked using physical printouts. So the thieves tailored their malware in that attack to interfere with the printer and cover their tracks.
The attacks have been a major headache for the ubiquitous and publicity-shy Swift, an acronym for the Society for Worldwide Interbank Financial Telecommunication. Based in Belgium, Swift is partly owned and overseen by the world’s biggest banks, which have used the technology to facilitate money transfers since the 1970s. It prides itself on not disclosing any information about its users.

After the attacks, Swift has had to walk a fine line trying to shore up confidence in the security of its network among its 11,000 users, while urging those members to take additional security measures to defend against future attacks.

“Your first priority should be to ensure that you have all the preventative and detective measures in place to secure your own environment,” Swift said in its message. “This latest evidence adds further urgency to your work.”Nicole Perlroth contributed reporting.

Source: http://www.nytimes.com/2016/05/13/business/dealbook/swift-global-bank-network-attack.html

May 1, 2016

Hackers’ $81 Million Sneak Attack on World Banking

Michael Corkery


“The trend is moving from opportunistic crime to Hollywood-scale attacks,” said Mr. Nish, whose firm has analyzed the malware believed to have been used in the Bangladesh breach.
In the United States, most banks take special precautions with their Swift computers, building multiple firewalls to isolate the system from the bank’s other networks and keeping the machines physically isolated in a separate locked room.
But elsewhere, some banks take far fewer precautions. And security experts who have analyzed the Swift breach said they had concluded that the Bangladesh bank may have been particularly vulnerable to an attack.

“Swift is a great organization,” said Chris Larsen, the founder of Ripple, a financial technology company that aims to speed up global money transmissions. “But the system is fractured and antiquated. The way it is set up, you cannot totally isolate problems in a place like Bangladesh from the whole network.”

In some ways, Swift is a testament to how technology has helped all countries — including poorer ones — gain access to the financial system. But that broader access has a downside.
The central bank in Bangladesh, by some accounts, employed fewer protections against cyberattacks than many other large banks. The bank, for example, used $10 routers and no firewalls, according to news reports.
The server software that the Bangladesh bank employed was a Swift product called Alliance Access, which connects banks to the central messaging system. In a sign of how seriously Swift regards the breach of Alliance Access, the group issued a “mandatory software update” last week to help its members identify possible irregularities.

The central bank of Bangladesh, in Dhaka, the capital. The heist was timed so that when Federal Reserve officials tried to contact Bangladesh, it was a weekend there and no one was working. By the time central bankers in Bangladesh discovered the theft, it was the weekend in New York and the Fed was closed. Ashikur Rahman/Reuters

“These hackers figured out this was a weak point on the periphery, and they went for it,” said Jeffrey Kutler, editor in chief at the Global Association of Risk Professionals, a trade group. “But they were not able to compromise the core.”

Swift’s core is built on technology that has been evolving for decades. What began in 1973 as a relatively small network of 240 banks in Europe and North America is now a sprawling network of 11,000 users that includes both banks and large corporations. At first, Swift could be used to authorize payments across national borders. But it is now also used to transmit messages related to domestic payments, securities settlements and other transactions.


Swift’s growth in recent years — it set a record for messages in March — reflects the increasingly global and interconnected nature of finance. But it also shows the risk of so many financial instructions running through a single system made up of a patchwork of banks and
companies with varying levels of online protection.


Each bank on the Swift network is identified by a set of codes. And it was the codes assigned to the Bank of Bangladesh that were recognized — correctly — by the Federal Reserve Bank of New York when it transferred $81 million of the Bangladesh bank’s money to the Philippines, not knowing that someone, somewhere, had stolen the credentials of the Bangladesh bank and installed malware to cover his or her tracks.
Initially, the thieves requested the transfer of $951 million into a handful of bank accounts in Sri Lanka and the Philippines — a number that prompted the New York Fed to ask the Bangladesh bank to reconfirm that it indeed wanted to move the money.
In the end, the Fed processed only five of the 35 fraudulent payment requests, after it could not reconfirm with officials in Bangladesh.
The hackers seemed to time the attack perfectly: When officials from the Fed tried to reach out to Bangladesh, it was a weekend there and no one was working. By the time central bankers in Bangladesh discovered the fraud, it was the weekend in New York and the Fed offices were closed.

To conceal the crime, the malware disabled a printer in the Bangladesh bank to prevent officials from reviewing a log of the fraudulent transfers.

Representative Carolyn B. Maloney, Democrat of New York, has called for an investigation into the theft. Robin Caplin/Bloomberg

The money was transferred to accounts in the Philippines and then into the Philippine casino system, which is exempt from many of the country’s anti-money-laundering requirements.
The New York Fed has been criticized for letting the $81 million slip out. Representative Carolyn B. Maloney, a New York Democrat and member of the Financial Services Committee, has called for an investigation, warning that the breach “threatens to undermine the confidence that foreign central banks have in the Federal Reserve, and in the safety and soundness of international monetary transactions.”
The New York Fed said in a statement that “there is no evidence that any Fed systems were compromised” and that the transfer of the money had been “fully authenticated” by Swift.
Swift, which prides itself on its secrecy and low public profile, also put out a statement about the attacks. But its executives declined to speak on the record about the episodes, which are still under investigation. The group’s chairman, Yawar Shah, who is a senior executive at Citigroup, also declined to comment.
In its statement, Swift emphasized that the hackers had been able to breach only some of the banks that communicate over Swift, not the network itself.
“The commonality in what we have seen is that (internal or external) attackers have successfully compromised banks’ own environments,” Swift said.
Even if officials at the Bangladesh bank had employed the highest of security measures, the thieves displayed a level of skill, cunning and determination that may have been able to penetrate a far more secure system.
“If you have an attacker who really wants to get in and knows there is a big prize,” Mr. Nish said, “keeping them out over the long term is really difficult.”

Source: http://www.nytimes.com/2016/05/01/business/dealbook/hackers-81-million-sneak-attack-on-world-banking.html?_r=0