Information Offense – How Google Plays
Google recently offered $20,000 to the first person who could hack their web browser, Chrome. Without question, a hacker will crack it and prove that their browser isn’t as mighty as they might think.
So why waste the money?
In that question, ‘why waste the money?’ lies one of the root causes of all data theft inside of organizations. Google’s $20,000 investment is far from a waste of money. Consider:
- The average breach inside of an organization costs $6.75 million in recover costs (Ponemon Study). $20,000 up front to define weak points is a minuscule investment.
- Chrome is at the center of Google’s strategic initiatives in search, cloud computing, Google Docs, Gmail, displacing Microsoft IE and mobile OS platforms – in other words, it is a very valuable asset, so Google is putting their money where their money is (protecting their profits).
- By offering up $20,000 to have it hacked IN ADVANCE of successful malicious attacks (which are certain to come), Google is spending very little to have the entire hacker community beta test the security of their product.
I would bet that there will be tens or hundreds of successful hacks into their browser, all of which will be fixed by the next time they commission a hack.
Data Breach Increases 33% in 2010 and You’re Next
The latest identity theft statistics released by the Identity Theft Resource Center documented 662 data breaches* in the United States in 2010. The message couldn’t be more clear:
Corporations are not yet taking identity theft and data breach seriously enough to properly train their employees, executives, and board on the BOTTOM-LINE DESTRUCTION caused by data breach.
Sure, at this point, many organizations pay lip service to data crimes. They have a privacy policy and their marketing materials state that they do everything in their power to protect your private information. Everything, that is, unless it costs them money to do so. Many corporations tend to hide behind the excuse that in these lean times, they can’t afford to take any additional security steps. But they must understand the disproportionate costs of recovering from theft rather than preventing it. In the simplest of terms, the ROI on data theft prevention training can easily be a thousand-fold. Each record lost, according to the Ponemon Institute, costs, on average, $204 to recover. Lose 1000 records (considered a very small breach), and you are suddenly out $204,000! According to the same study, the average cost for a business to recover from a data breach is $6.75 Million. The average cost to implement identity theft, social engineering and data breach training? In most cases, less than $50,000.
Son of a Breach! 40,000 Student Identities Exposed
The Social Security numbers, grades, and other personal identity information of over 40,000 former University of Hawaii students were posted online. The information was removed earlier this week, after almost 12 months online. The University apologized and explained that a faculty member doing a study on student success rates believed the information was being held on a secure server. It was not.
Apparently this was the third such breach that the University has suffered from in the past year. Each incident has increased student concern, and the university promises to beef up network security. It is beginning to look like these are promises that they have little intention of keeping. If the University were serious, they would immediately implement a data privacy awareness program to train staff and students on protecting private and sensitive information. There is no indication beyond empty press releases that they have begun taking even this most basic step.
U of H contends that there is no evidence that the information had been stolen or misused to date. That, however, is highly unlikely. Many times, identity thieves will wait until the dust has settled from such a breach to begin using the information for financial gain. The university has advised anyone who may have been affected to obtain and review their credit report for any signs of fraud. Again, if the university were serious, it would be providing free credit monitoring like that offered by CSIdentity.com or IdentityTheft911.com to those affected.
15 Data Security Tips to Protect Your Small Business
Thanks to SmallBusinessComputing.com and Jennifer Schiff for this article!
In August 2010, the Privacy Rights Clearinghouse published its latest Chronology of Data Breaches, which showed that since 2005 more than a half-billion sensitive records have been breached. Of those breached records — which contained such sensitive data as customer credit card or social security numbers — approximately one-fifth came from retailers, merchants and other types of non-financial, non-insurance-related businesses, the majority of which were small to midsized.
An equally scary statistic: approximately 80 percent of small businesses that experience a data breach go bankrupt or suffer severe financial losses within two years of a security breach, according to John Sileo, a professional identity theft consultant and speaker, who knows firsthand about the havoc a security breach can wreak on a small business.
What can a small business owner do to protect her business from a security breach? Small Business Computing spoke with two security and privacy experts and consulted the leading security and privacy sites to find out. The good news: protecting your business from a data security threat is easier than you think. It’s also much cheaper than the physical, financial and emotional cost of repairing one.
Identity Theft for Businesses: Mobile Data Breach
Mobile Data Theft
Technology is the focal point of data breach and workplace identity theft because corporations create, transmit, and store so many pieces of information digitally that it becomes a highly attractive target. This book is not intended to address the complex maze that larger organizations face in protecting their technological and digital assets. Rather, the purpose of this book is to begin to familiarize business employees, executives, and vendors with the various security issues facing them.
The task, then, is to develop a capable team (internal and external) to address these issues. In my experience, the following technology-related issues pose the greatest data-loss threats inside organizations:
- Laptop Theft: According to the Ponemon Institute, 36 percent of reported breaches are due to a lost or stolen laptop.
- Mobile Data Theft: Thumb drives, CDs, DVDs, tape backups, smart phones
- Malware: Software that infects corporate systems, allowing criminals inside these networks
- Hacking: Breaking into your computer system from the outside, using networks, wireless connections, remote access, and your Internet pipeline
- Wireless Theft: Wireless connections to the Internet in airports, hotels, cafes, and conferences
- Insider Theft: When someone in the IT department (or elsewhere) decides to make extra money by selling your data
Identity Theft Training
John Sileo knows identity theft and data breach first hand – he became “America’s Leading Identity Theft Speaker and Expert” after losing his business and more than $300,000 to these costly crimes. He has provided these Identity Theft Resources to help you protect your organization from suffering from the losses that result from unprotected private information. Visit John’s Identity Theft Prevention Store to learn more.
Hire John to train your employees to prevent identity theft, data breach and corporate espionage
Safe data is profitable data, whether it’s a client’s credit card number, a patient’s medical file, an employee’s benefit plan or sensitive intellectual capital. By the time John finishes his hilarious closing story, your audience will be fully empowered to protect private information, at home and at work.
John’s Most Requested Identity Theft Training Presentations (Keynote Topics)
Think Like a Spy
Information Survival Skills
The biggest threat to our identities (and to valuable corporate data) is our lack of a Privacy Reflex. Few of us have ever been trained to respond appropriately when someone requests our sensitive information. Think of how easily you give your information away on the Internet when someone promises you a free gift. This presentation will give your audience the fundamental building blocks to proactively protect valuable information assets. The result is a safer individual with strategic privacy skills that protect your organization’s bottom line.
Document Shredding
Fellowes Powershred
Workplace identity theft isn’t caused by paper documents because we have gone paperless, right? Rubbish. Paper rubbish, in fact.
You and I both know that we use as much paper as ever. We sign up for electronic statements and then print and file them, along with important emails, financial documents, etc. Paper documents are more plentiful than ever, and they pose a significant risk of workplace identity theft and data breach.
According to a recent study* conducted by the Alliance for Secure Business Information (ASBI):
80% of large organizations surveyed indicated that they had experienced one or more data breaches over the previous 12 months. 49% of those breaches involved the loss or theft of paper documents. The average breach recovery cost $6.75 Million!
Secure Document Storage
SentrySafe Fire Safes
A majority of our most valuable identity documents (passports, birth and death certificates, wills, trusts, deeds, brokerage information, passwords, health records, etc.) are exposed to identity theft (and natural disasters, such as fire and floods) as they sit in unlocked filing cabinets, banking boxes in the basement, office drawers or out in the open, on our desks. I spend an entire chapter in Privacy Means Profit talking about which documents to lock up, which to destroy and which to stop at the source. To complicate matters, the problem of data theft goes beyond paper documents to digital media. More than ever we need to be concerned with the physical protection of hard drives, cell phones, thumb drives, CDs and DVDs with sensitive personal or business data on them.
5 Business Survival Lessons from Google’s Spying
A few months ago, Google got caught sniffing unencrypted wireless transmissions as its Street View photography vehicles drove around neighborhoods and businesses. It had been “accidentally” listening in on transmissions for more than 3 years – potentially viewing what websites you visit, reading your emails, and browsing the documents you edit and save in the cloud.
Public opinion blames Google, because Google is big and rich and and scarily omnipotent in the world of information domination. It’s fashionable to blame Google. What Google did was, to me, unethical, and they should eliminate both the collection practice and their archive of sniffed data.
But the greater responsibility lies with the businesses and homes that plugged in a wireless network and did nothing to protect it. Don’t tell me that you don’t know better. When you beam unencrypted data outside of your building, it’s no different than putting unshredded trash on your curb – YOU NO LONGER OWN IT. In fact, when you take no steps to protect the data that flies out of your airwaves and into the public domain, you really have no claim against someone taking it. It’s like finding a $100 bill on an abandoned sidewalk – you can claim it or the next lucky person will. Tom Bradley of PC World agrees:
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
