Mobile Data Theft

Technology is the focal point of data breach and workplace identity theft because corporations create, transmit, and store so many pieces of information digitally that it becomes a highly attractive target. This book is not intended to address the complex maze that larger organizations face in protecting their technological and digital assets. Rather, the purpose of this book is to begin to familiarize business employees, executives, and vendors with the various security issues facing them.
The task, then, is to develop a capable team (internal and external) to address these issues. In my experience, the following technology-related issues pose the greatest data-loss threats inside organizations:

• Laptop Theft: According to the Ponemon Institute, 36 percent of reported breaches are due to a lost or stolen laptop.
• Mobile Data Theft: Thumb drives, CDs, DVDs, tape backups, smart phones
• Malware: Software that infects corporate systems, allowing criminals inside these networks
• Hacking: Breaking into your computer system from the outside, using networks, wireless connections, remote access, and your Internet pipeline
• Wireless Theft: Wireless connections to the Internet in airports, hotels, cafes, and conferences
• Insider Theft: When someone in the IT department (or elsewhere) decides to make extra money by selling your data

According to the Ponemon Institute, ‘‘Thirty-six percent of all cases in this year’s study involved lost or stolen laptop computers or other mobile data-bearing devices. Data breaches concerning lost, missing, or stolen laptop computers are more expensive than other incidents. Specifically, in this year’s study, the per-victim cost for a data breach involving a lost or stolen laptop was just under $225, over $30 more than if a laptop or mobile device was not involved.’’ Continue Reading….

The post above is an excerpt from John’s latest book Privacy Means Profit. To learn more and to purchase the book, visit our website www.ThinkLikeASpy.com.

Privacy Means Profit

Prevent Identity Theft and Secure You and Your Bottom Line

This book builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

In Privacy Means Profit, John Sileo demonstrates how to keep data theft from destroying your bottom line, both personally and professionally. In addition to sharing his gripping tale of losing $300,000 and his business to data breach, John writes about the risks posed by social media, travel theft, workplace identity theft, and how to keep it from happening to you and your business.

Related posts:

1. Business Killers: Identity Theft and Data Breach Protection FREE WEBINAR
2. Data Breach Protection: Laptop Theft Best Practices
3. Data Breach Increases 33% in 2010 and You’re Next

Click here to view the embedded video.

For more tips of this type, please visit my YouTube Identity Theft Expert Video Channel at www.YouTube.com/JohnSileo. It is relatively new, but my office is working diligently to add content every week. Some people like to read, some like to watch, so I will continue to add blogs of both types. Travel wisely this summer.

John Sileo
Motivational Identity Theft Speaker

Related posts:

1. Sileo Identity Theft Prevention Checklist
2. Tax Time Identity Theft Prevention Tips
3. New Item: Identity Theft Prevention and Recovery Workbook!

 First, a little background. During the speech, I shared three general techniques with them to help them protect the identities they hand every day (their clients’ and their own):

1. The Privacy Reflex. How to recognize a scam, fraud, identity thief or dishonest transaction before it harms you. This uses a combination of anti-social engineering tools that retrain the audience to trust their instincts when they are sharing data (either their own or their clients).
2. The Interrogation. How to ask effective and highly specific questions in order to determine who can be trusted. 
3. Targeting the Enemy. In this section, I talk about the specific tools that can be used by financial planners to lower the risk that either their identity or their client’s identity is stolen. This included stopping financial junk mail, moving to on line statements, freezing credit, limiting data collection inside of the business, protecting laptops and mobile data devices, investing proportionally to value in regard to professional document shredding and computer network security, and utilizing existing Identity Surveillance tools (http://www.csidentity.com/, http://www.annualcreditreport.com/, eMoneyAdvisor) to protect client identities.

But during the speech, I gave them a piece of advise that I would like to amend. One of the most frequent forms of the theft of financial advisor client information happens when a laptop computer is stolen from the advisor. And one of the most common places this happens, ironically, is when the advisor is attending an out-of-town conference or meeting. Instead of lugging the laptop with them to each event, it’s just easier to leave it back in the hotel room.

But when you ask yourself who is in control of that computer once you have left the room, the answer is full of risk. Of course, it’s the cleaning staff. Most room service personnel are trustworthy, but you can’t bank on that always being the case. With that in mind, I recommended several options to protect the identities on that computer:

1. First of all, use strong passwords and data encryption to protect the data on the notebook computer in case it does disappear.  
2. Stop carrying data on your computer that you don’t absolutely need. If you don’t need to have client information on there, don’t put it on in the first place.
3. Carry it with you to the events. Of course, when you set it down during a coffee break, your risk goes back up.
4. Lock the laptop in the room safe. Sometimes they don’t fit, so I suggest that you pull the hard drive out of the laptop (which is where all of the identity lives) and place that in the safe.
5. Use the hotel safe. Most hotels will lock up computers for you in their safe. Now you just need confidence that the hotel staff are trustworthy.
6. The option that I liked best (until yesterday) was to place the DO NOT DISTURB sign on my door as I leave each morning so that no one enters my room. True, your room doesn’t get cleaned, but you are keeping potential thieves not just from your computer, but from any client documents, passports or intellectual capital that might be in the room. Hiding things is a poor option, as a thief will know every one of those spots by heart.

Unfortunately, when I got back to my hotel room at the Marriott after spending the day in downtown Los Angeles, the cleaning staff had eventually ignored the Do Not Disturb sign and cleaned the room anyway. You should have seen me go after the manager who was on duty. Not only is this a violation of my privacy, it is a violation of hotel policy.

Or is it?

No one on duty yesterday could tell me what the policy is for a room with a Do Not Disturb sign on it. If it hangs all day, are they allowed to enter the room? At this hotel, it would appear so, but absolutely no one could tell me the ACTUAL POLICY. Which means that this is no longer as strong an option as I thought it was. I have stayed in more than 400 hotels over the past few years and this is the first time someone has entered the room when the sign was hanging on the door (that I know of). Luckily, my computer was in the safe and my client files were with me in downtown LA (I like to use layered levels of protection and not just rely on one factor – I’m a bit paranoid in that way because of what I’ve been through).  But I need to add a caveat to yesterday’s speech: Do Not Disturb signs don’t always work. If you are going to use this option, make sure you call down to house keeping and let them know that you don’t want your room cleaned or entered.

In the meantime, lock the data up in the safe as much as possible.

John Sileo
Identity Theft Speaker for Financial Planners

Related posts:

1. Data Breach Protection: Laptop Theft Best Practices
2. Identity Theft Prevention in a Hotel
3. Identity Theft for Businesses: Mobile Data Breach