Posts

ID Experts Infographic on Data Breach Trends

,

ID Experts Infographic

Definitions

Identity Theft: involves the misuse of another individual’s personal identifiable information for fraudulent purposes.

  • Identity theft is the fastest-growing crime in the U.S., affecting 1 in 20 consumers.

Medical Identity Theft: occurs when someone uses an individual’s name and personal identity to fraudulently receive medical services, prescription drugs or goods, including attempts to commit fraudulent billing.

  • Medical identity theft affected 2 million people in the U.S. in 2011.

Data Breach: a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual.  Data Breaches may involve:

  • Credit card numbers
  • Personally identifiable information
  • Protected health information
  • Social Security Number
  • Trade secrets
  • Intellectual property

Who/What’s at Stake?

An identity is stolen every 3 seconds!

  • 5 million Americans were victims of identity theft in 2003.
  • 12.6 million Americans were victims of identity theft in 2012.
  • 608,271,950+ records have been compromised due to security breaches since 2005.
  • 94% of Healthcare organizations surveyed suffered at least one data breach in the past two years.
  • A medical record can fetch $50 on the black market.

Cyberterrorism is on the horizon. 

Cyberterrorism is any “premeditated, politically motivated attack against information computer systems, computer programs, and data”. Why is it on the horizon?  Currently unprotected mobile devices, personal and private data proliferation and distributed computing trends all drive the increase of data breaches and identity theft.

  • 9.6 million petabytes of information is processed per year’
  • 36.7 million people n the U.S. own smartphones.
  • Healthcare organizations have moved from paper-based records to electronic health records.
  • 88.6% of healthcare professionals access patient information with unsecured smartphones.

Defining breaches and regulations

  • 2003: Choicepoint was the first “industry” breach.  It affected 140,000 people in 50 states.  Security breach laws were enacted in most states as a result.
  • 2003: California enacted SB 1386, the first mandatory breach notification law in the U.S. to regulate the privacy of personal information.
  • 2003: Fair and Accurate Credit Transaction Act (FACTA) granted consumers one free credit report per year.
  • 2006: Department of Veterans’ Affairs had personal information stolen from its database, affecting 26.5 million people.
  • 2007: T.J. Maxx had 45 million credit and debit card numbers stolen.
  • 2009: Health Information Technology for Economic And Clinical Health (HITECH) Act incentivized healthcare organizations to adopt electronic medical records.
  • 2011: 77 million Sony PlayStation accounts were hacked.
  • 2012: 780,000 Medicaid patients and children had their information stolen from the Utah Department of Health.
  • 2013: HIPAA Final Rule strengthens the privacy and security protections for health information.

Data breaches are expected to escalate with the looming threats of organized crime, corporate espionage and cyberterrorism.

John Sileo is a keynote speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security and businesses looking to protect the information that makes them profitable.

 

 

 

 

 

 

 

WWBD? (What Would Bond Do?) Five Steps to Secure Your Business Data

, , ,

I finally got around to watching the latest 007 installment, Skyfall, and it appears even James Bond has entered into the world of Cyber Crime as he tries to protect a computer drive with a list of British agents from falling into the wrong hands.  And like the proverbial victims in a James Bond flick, you and your business data are under assault, even though it may not always be as obvious as getting thrown off a train.  Why?  Because your business data is profitable to would-be thieves. And for many of those thieves, that data is easy to get and the theft can be next to impossible to trace.

Sony PlayStation Network, Citigroup, Lockheed and several others have seen more than 100 million customer records breached, costing billions in recovery costs and reputation damage.  If it can happen to the big boys, it can happen to you.  If you don’t have Bond on your side fighting off the villains, take these steps to take to secure your business data:

Involve your employees. No one in your organization will care about data security until they understand what it has to do with them. So train them to be skeptical. When they’re asked for information, teach them to automatically assume the requestor is a spy. If they didn’t initiate the transfer of information (e.g., someone official approaches them for login credentials), have them stop and think before they share. Empower them to ask aggressive questions. Once employees understand data security from a personal standpoint, it’s a short leap to apply that to your customer databases, physical documents and intellectual property. Start with the personal and expand into the professional. It’s like allowing people to put on their own oxygen masks before taking responsibility for those next to them.

Stop broadcasting your digital data. Wireless data leaks two ways: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Have a security pro configure the wireless router in your office for WPA-2 encryption or better and perform a thorough security audit of your network. To protect your data on the road, set up wireless tethering with your mobile phone provider and stop using other people’s hot spots.

Eliminate the inside spy. Perform serious background checks before hiring new employees. The number one predictor of future theft by an employee is past theft. Follow up on the prospect’s references and ask for some that aren’t on the application. Letting prospective hires know in advance that you will be performing a comprehensive background check will discourage them from malfeasance.

Don’t let your mobile data walk away. Up to 50 percent of all major data breach originates with the loss of a laptop, tablet or mobile phone. Either carry these on your person (making sure not to set them down in airports, cafes, conferences, etc.), store them in the hotel room safe, or lock them in an office or private room when not using them. Physical security is the most overlooked, most effective form of protection. Also, have the security pro mentioned earlier implement strong passwords, whole disk encryption and remote data-wiping capabilities. Set your screen saver to engage after five minutes of inactivity and check the box that requires you to enter your password upon re-entry.

Spend a day in your dumpster. You may have a shredder, but the problem is no one uses it consistently. Pretend you are your fiercest competitor and sort through outgoing trash for old invoices, credit card receipts, bank statements, customer lists and trade secrets. If employees know you conduct occasional dumpster audits, they’ll think twice about failing to shred the next document.

Take these steps and you begin the process of starving data thieves of the information they literally take to the bank.  It will be a lot easier to sit back and relax- maybe even have a shaken martini- when you know your business is secure.

James Bond martini

John Sileo is an anti-fraud training expert and in-demand speaker on digital reputation, identity theft and online privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.