‘Data Breach’ Articles

Statistics can be dry but these figures could prompt you to zealously guard your most valuable asset, your identity. According to Javelin Strategy and Research, Identity Fraud continues to rise, but mean customer costs and resolution time have decreased. In their latest 2010 Identity Fraud Survey Report they found that Identity fraud has risen to 11.1 MILLION US victims, which is up 12% from 9.9 MILLION in 2008. That is a significant climb.

What Can we learn from these new statistics?

To prevent identity theft, it’s imperative that you think critically about what you share freely over the internet and through social networking sites. What you post is permanent, public, and exploitable. Also, remember that early detection of Identity fraud is key to a swift recovery. Electronically monitor your accounts and be aware of what is on your credit report.

Businesses often make fraud training boring! And that’s bad for their bottom line, because no one ends up remembering anything about the subject.

Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s happening. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.

This social engineering video was recorded at a fraud training I did recently for the Department of Defense, and it demonstrates how fun it can be to train someone on detecting fraud, and how profitable. As silly as it might seem, the skills necessary to detect fraud can be taught in very entertaining and engaging ways. After watching the video, take a minute to understand the basic skills your employees and executives will need to Stop Fraud:

Privacy Means Profit – On Shelves 8.9.10

Wiley & Sons has just announced final details on the release of my latest book, Privacy Means Profit. This book builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

Hardcover: 224 pages
Publish Date: 8.9.10 (August 9, 2010)
Publisher: Wiley
ISBN-10: 0470583894
ISBN-13: 978-0470583890

Available for Pre-Sale from Amazon

Excerpt: At breakfast on the morning of August 12, 2003, a small and profitable computer company thrived at the foot of the Rocky Mountains. By lunchtime, that same business was on its way to ruin. Within twelve months, thanks to the theft of personal and company information, a forty-year-old family-business-turned-software-startup was doomed and John, heir to the prosperous enterprise, faced the prospect of prison for crimes he didn’t commit.

Beyond the specter of prison time for John, the situation held dire consequences for his family and friends. There was a real threat that his wife and two young daughters might be separated from their husband and daddy if John went to prison. John’s parents, who founded the company in 1964, shouldered most of the financial responsibility for the dying business and experienced declining health from the resulting stress. In the end, the situation would expose a dark secret in John’s close friend, Doug, a recent partner in the business.

As we discussed in Electronic Information Privacy – Securing Your Job Part I, if you are an employee at a corporation, association, university or small business, you must realize that protecting electronic information and organizational data is vital not only to your company’s profitability, but for your job security.

Here is a crash course on how to promote information security within your company. The most effective way to build a Culture of Privacy is to break it down into 3 simple steps (most corporations skip the first step, dooming them to failure):

1.    Motivate the Individual. Train yourself, your employees and executives on how to protect identity and company information first. Learning the basic principles of privacy at an individual level is a pre-requisite for all subsequent forms of data security, and supplies the necessary motivation to apply the same habits at work. Each employee needs to overcome their own apathy, ignorance and inaction before they are equipped to protect corporate assets.  By making it personal, your executives and employees are acquiring the building blocks necessary to construct a corporate Culture of Privacy. Electronic information privacy training is good for their wellness, and is a means to a safer and more profitable end.

Electronic information privacy will eventually be one of the criteria on your job performance review. In fact, it’s not just electronic data that you should be concerned about, but all data. If you are an employee or executive at a corporation, association, university or small business, you must realize that protecting organizational data is vital not only to your company’s profitability, but to your job security. If it isn’t right now, it will be soon.

As a company employee or business leader, it is essential that you clearly understand the relationship between identity theft, data breach and your bottom line.  One of the costliest data security mistakes I see executives make is that they initially approach data privacy from the perspective of the company. They don’t recognize the following reality: All privacy is personal. It’s not electronic information privacy. It’s not physical data privacy. It’s personal.

In other words, many people in your organization won’t care about data security, privacy policies, intellectual property protection or data breach until they understand what it has to do with them. If employees and executives don’t care about protecting their own identities (to prevent identity theft), how can you expect them to care about protecting corporate identity (to prevent data breach)? Like the emergency oxygen masks on a de-pressurized airplane, you’d better put your own on first or you’ll be worthless to those around you. Protecting yourself first isn’t self-centered; it’s effective and educational. Information Privacy Training begins at the human level and expands outwards to the group level. And it is not technical by nature.

During your fraud training exercises, fostering an attitude of curiosity (or in the corporate world, a culture of curiosity) is the most powerful critical thinking skill in your arsenal of tools to protect sensitive information. Employees who can think critically and ask the right questions regarding data privacy make up the fabric that supports a Culture of Privacy. Interrogation is the art of questioning someone thoroughly and assertively to verify intentions, identities and facts.

Questions: Who’s in Control? Can I Verify? What are my Options? What are the Benefits?

When spies need information, they ask for it. They “socially engineer” or con their victims with a variety of tools.

The primary tool for evaluating risk once your reflexes have been triggered (Hogwash) is to interrogate the person or institution asking for your information. Interrogation is not meant to be about forceful or physical questioning. I define interrogation as clear, aggressive questioning used to establish whom you can trust, how far you can trust them, and with what information.

Sticking with the language of espionage, an Enemy is anyone or anything (including a computer, fax machine, email, letter, etc.) requesting your information, information of someone you know, or information about your organization. It is not designed to make you confrontational or warlike – that is taking the metaphor too far. Once you have established a trusted relationship, you are no longer in enemy territory.

If it seems too good to be true, it probably is.

That is the best way to Think Like A Spy and be alert of Social Engineers that are trying to manipulate you.  With such a gloomy economy and many people without work, offers for fast cash and huge discounts become more and more attractive. Most of these Identity Theft cases use the technique of Social Engineering.

Social Engineering is the act of manipulating people into performing actions or divulging confidential information by playing on their human emotions. The term typically applies to deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. These days most thieves can nab your identity over the phone, mail, email, and through social networking sites such as Facebook and Twitter.

While some schemes scam you into giving out social security numbers, bank account numbers or other confidential identity pieces, others are as simple as a pickpocket distracting you emotionally while another thief steals your wallet or purse. Here are what a few of the most widely used savvy cyber attacks look like:

• Phony charitable phishing scams, many of which are designed to look as if they come from real charities. Always enter in the exact URL for the Charity that you wish to donate to rather than clicking on a link.

The Privacy Reflex
When I am training corporate executives, managers and employees to detect fraud and social engineering (manipulative information-gathering techniques), I take them through what it feels like to be conned. In other words, I actually socially engineer them several times throughout the presentation so that they begin to reflexively sense when more fraud is coming. There is no substitute for experiencing this first hand.

The Trigger—Requests for Identity
Spies are trained to instantly react when anyone asks for information of any kind, whether it is theirs or someone else’s. The trigger, or what causes you to be on high alert, is actually very simple—it is the appearance of your identity in any form (wallet, credit card, tax form, passport, driver’s license, etc.). Anytime someone requests or has access to any of the names, numbers or attributes that make up your identity, or to the paper, plastic, digital or human data where your identity lives, the trigger should trip and sound an alarm in your head.

When your identity is being requested in any way, slow down and ask yourself: Is the risk of giving this piece of identity away in this specific situation worth the benefit?

The Department of Defense recently published an article about a speech I gave at the Joint Family Readiness Conference hosted by the Office of Military Community and Family Policy.

Military family members gathered here to learn how to prevent identity theft and I taught them to “think like a spy” in every aspect of protecting their personal information.

To think like a spy requires some specific mindsets and an instant reflex to those who are requesting their personal information. These reflexes are called triggers. I refer to the five triggers as the “Hogwash 5” because when a solicitor says them, your response should be “hogwash.” They are: “trust me,” a claim of protecting finances, asking for a “little bit” more information and things I call “bribe bias and fear bias.”

Preventing identity theft doesn’t have to be difficult, but it does take some effort. You are in control of this amazingly powerful asset called your identity, but you have to be willing to protect the value of that asset.

Click Here to read the entire article.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC.  To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076