‘Privacy Means Profit’ Articles

The following is an excerpt from John’s latest book Privacy Means Profit. To learn more and to purchase the book, visit our website www.ThinkLikeASpy.com.

For businesses, shredding is low-hanging fruit (one of the easiest sources of data breach to eliminate). But businesses are so often focused on electronic forms of data breach that they fail to heed the following statistics highlighted in a recent Ponemon Institute study conducted for the Alliance for Secure Business Information:

• More than 50 percent of sensitive business data is still stored on paper documents.
• Forty-nine percent of data breaches reported in the survey were the result of paper documents.
• Sixty percent of businesses admitted that they didn’t provide the proper tools (e.g., shredders) to safely discard documents that were no longer needed.
• The average data breach recovery cost according to this survey was $6.3 million.

If you own a business, make sure to destroy sensitive documents prior to discarding them, to decrease your legal liability. Businesses are required to destroy all consumer information before discarding it in the trash. The Fair & Accurate Credit Transaction Act (FACTA) Disposal Rule states that ‘‘any person who maintains or otherwise possesses consumer information for a business purpose’’ must properly destroy the information prior to disposal. FACTA further states that every person and/or business must take ‘‘reasonable measures’’ to protect against unauthorized access to the use of the information in connection with its disposal… Click Here to Continue.

In the Privacy Calendar, the action items that are important to take to protect your identity are listed by priority rather than mind-set. The order was determined according to three criteria:

1. Which steps need to be taken first to make the process simple?
2. Which actions are most effective at preventing identity theft?
3. Which items are you most likely to complete given time and resource constraints?

The detailed information for taking each of the steps is contained in the individual mind-set chapters of Privacy Means Profit, which are shown in italics and enclosed in parentheses following the steps, for easy identification. I strongly recommend that you refer back to each chapter for in depth explanations of each step.
I also highly recommend that you set up a schedule for yourself and complete the items phase by phase. Take 10 minutes a day, one hour per week, or one weekend a month and schedule time to ‘‘accumulate privacy.’’ If you have to wait on one of the action items—for example, you order your credit report but it will be 10 days before you receive it—move on to another of the items further down the list and return to the item you skipped when you receive the report.

My girls messing around at the Barnes & Noble release of Privacy Means Profit.

Privacy Means Profit.

This book builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

Hardcover: 224 pages
Publish Date: 8.9.10 (August 9, 2010)
Publisher: Wiley
ISBN-10: 0470583894
ISBN-13: 978-0470583890

http://amzn.com/0470583894

Excerpt: At breakfast on the morning of August 12, 2003, a small and profitable computer company thrived at the foot of the Rocky Mountains. By lunchtime, that same business was on its way to ruin. Within twelve months, thanks to the theft of personal and company information, a forty-year-old family-business-turned-software-startup was doomed and John, heir to the prosperous enterprise, faced the prospect of prison for crimes he didn’t commit.

Beyond the specter of prison time for John, the situation held dire consequences for his family and friends. There was a real threat that his wife and two young daughters might be separated from their husband and daddy if John went to prison. John’s parents, who founded the company in 1964, shouldered most of the financial responsibility for the dying business and experienced declining health from the resulting stress. In the end, the situation would expose a dark secret in John’s close friend, Doug, a recent partner in the business.

Privacy Means Profit (Wiley) available in bookstores today!

Here are The Top 5 Reasons You Shouldn’t Buy It:

You love sharing bank account numbers, surfing habits and customer data with cyber thieves over unprotected wireless networks

You never tempt hackers and con artists by using Gmail, Facebook, LinkedIn, Twitter, Google Docs, or other cloud computing platforms to store or communicate private info, personally or professionally.

You bury your head in the sand, insisting that “insider theft” won’t affect your home or business.

You’ve already hardened your laptops and other mobile computing devices in 7 vital ways,  eliminating a major source of both personal and corporate data theft.

You have a “thing” for identity theft recovery costs and would rather invest thousands in recovery than $25 in prevention.

If you want to defend yourself and your business against identity theft, data breach and corporate espionage, then buy a copy of Privacy Means Profit.

Privacy Means Profit

Prevent Identity Theft and Secure You and Your Bottom Line

Privacy Means Profit builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

People will do something—including changing their behavior—only if it can be demonstrated that doing so is in their own best interests as defined by their own values.
—Marshall Goldsmith, What Got You Here Won’t Get You There

People don’t change bad habits until they have a compelling reason. Too often that compelling reason is the result of a habit’s negative outcome; but the promise of positive rewards resulting from the establishment of good habits can be a strong motivator. In the workplace, aligning responsible information stewardship with personal and professional gain can set the stage for good privacy habits.

Here are 5 steps you can take towards perfecting your own Privacy Habits:

1. Tighten up online passwords. Create strong, alphanumeric passwords. Instead of your password being Sunflower make it $uNf(0w3R.  Don’t use common password reminders such as your dog’s name, street address, or mother’s maiden name. All of those would be easily uncovered by an identity thief.
2. Buy a Shredder – and use it. By shredding anything that has your name, address, birthday, social security number, or account numbers on it, you will be less likely to have your identity stolen through the trash. Make sure that the shredder you chose is kept in a convenient location – if you can’t get to it fast, you won’t use it!

A few months ago, Google got caught sniffing unencrypted wireless transmissions as its Street View photography vehicles drove around neighborhoods and businesses. It had been “accidentally” listening in on transmissions for more than 3 years – potentially viewing what websites you visit, reading your emails, and browsing the documents you edit and save in the cloud.

Public opinion blames Google, because Google is big and rich and and scarily omnipotent in the world of information domination. It’s fashionable to blame Google. What Google did was, to me, unethical, and they should eliminate both the collection practice and their archive of sniffed data.

But the greater responsibility lies with the businesses and homes that plugged in a wireless network and did nothing to protect it. Don’t tell me that you don’t know better. When you beam unencrypted data outside of your building, it’s no different than putting unshredded trash on your curb – YOU NO LONGER OWN IT. In fact, when you take no steps to protect the data that flies out of your airwaves and into the public domain, you really have no claim against someone taking it. It’s like finding a $100 bill on an abandoned sidewalk – you can claim it or the next lucky person will. Tom Bradley of PC World agrees:

Privacy Means Profit – On Shelves 8.9.10

Wiley & Sons has just announced final details on the release of my latest book, Privacy Means Profit. This book builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

Hardcover: 224 pages
Publish Date: 8.9.10 (August 9, 2010)
Publisher: Wiley
ISBN-10: 0470583894
ISBN-13: 978-0470583890

Available for Pre-Sale from Amazon

Excerpt: At breakfast on the morning of August 12, 2003, a small and profitable computer company thrived at the foot of the Rocky Mountains. By lunchtime, that same business was on its way to ruin. Within twelve months, thanks to the theft of personal and company information, a forty-year-old family-business-turned-software-startup was doomed and John, heir to the prosperous enterprise, faced the prospect of prison for crimes he didn’t commit.

Beyond the specter of prison time for John, the situation held dire consequences for his family and friends. There was a real threat that his wife and two young daughters might be separated from their husband and daddy if John went to prison. John’s parents, who founded the company in 1964, shouldered most of the financial responsibility for the dying business and experienced declining health from the resulting stress. In the end, the situation would expose a dark secret in John’s close friend, Doug, a recent partner in the business.

During your fraud training exercises, fostering an attitude of curiosity (or in the corporate world, a culture of curiosity) is the most powerful critical thinking skill in your arsenal of tools to protect sensitive information. Employees who can think critically and ask the right questions regarding data privacy make up the fabric that supports a Culture of Privacy. Interrogation is the art of questioning someone thoroughly and assertively to verify intentions, identities and facts.

Questions: Who’s in Control? Can I Verify? What are my Options? What are the Benefits?

When spies need information, they ask for it. They “socially engineer” or con their victims with a variety of tools.

The primary tool for evaluating risk once your reflexes have been triggered (Hogwash) is to interrogate the person or institution asking for your information. Interrogation is not meant to be about forceful or physical questioning. I define interrogation as clear, aggressive questioning used to establish whom you can trust, how far you can trust them, and with what information.

Sticking with the language of espionage, an Enemy is anyone or anything (including a computer, fax machine, email, letter, etc.) requesting your information, information of someone you know, or information about your organization. It is not designed to make you confrontational or warlike – that is taking the metaphor too far. Once you have established a trusted relationship, you are no longer in enemy territory.