Friday, January 22, 2010

go to http://IDTheftSecurity.com

ComputerWorld & NetworkWorld visitors

Go to http://IDTheftSecurity.com


(This blog is outdated)

Thank you.
Robert Siciliano
Lets CONNECT!!!.....do it now!
http://www.linkedin.com/in/robertsiciliano
http://twitter.com/robertsiciliano
http://www.facebook.com/robert.siciliano

Tuesday, February 20, 2007

Tax Time Makes Laptop Computers Especially Valuable to Identity Thieves

Phishers' websites, feigning to represent the Internal Revenue Service, threaten—as similar sites have in the past—to dupe citizens this tax season into divulging personal information.

Tax season is a frenetic time for most Americans. When we're extra busy, we run the risk of being extra careless—something identity thieves like. And with the growing number of taxpayers completing their IRS paperwork online, many from their laptop computers, the risk for foul play increases ever more. Guard your belongings, particularly any computer equipment containing your tax information, and never give your personal identifying information to an unknown source. Never to trust online messages that purport to be from the IRS, which never initiates communication with taxpayers via e-mail.

But the problem isn't just phishing sites. With more and more consumers doing their taxes online, and with research from various sources showing a marked increase in laptop computer sales, this means lots of laptop computers, machines that are prone to theft, are home to their owners' sensitive tax-related information. Consider use of MyLaptopGPS™, a product that combines Internet-based GPS tracking, which is more affordable and user-friendly than other types of GPS tracking, with encryption and additional technologies to put laptop owners' minds at ease when theft occurs.

Labels: , , , , , , , ,


Fallout from recent breach of data at major U.S. retailer will continue for a while

A data breach at TJX Companies Inc. last month reportedly affected millions of past customers of the U.S. retailer, which operates numerous well-known department stores. Consumers need to remain vigilant and guard their financial records statements against wide-scale, related credit card fraud.

Last month I discussed the TJX data breach on WBZ NewsRadio 1030 in Boston, Mass., and WCBS NewsRadio 880 in New York City. First and foremost, make sure nothing is awry with your credit card statements. Watch your bank statements, too, and contact the credit bureaus to keep an eye on your records.

Identity thieves and fraudsters can do a lot with the kind of information typically lost in the type of data breach we've seen unfold these past couple weeks, and organizations that suffer massive data breaches like this often have little idea how many records of data are indeed in jeopardy. That kind of uncertainty is dangerous not just for customers, the obvious victims. Burglarized institutions then face their constituents' ire. The possibility of towering expenses related to easily justified class action suits, not to mention the hefty public relations retainer fees for crisis communication, can leave an organizations very survival in question.

Anyone possibly affected by the any large datas breach should obtain tools that help citizens to monitor their own information in the wake of such breaches. Arlington, VA-based MyPublicInfo provides such a tool, the Public Information Profile (PIP), which enables view public records connected to his name and see information accessible to other people performing background checks. This tool provides consumers with user-friendly, complete, and legally conforming personal profiles of aggregated public information.

Vigilance is the best recourse not only for the short-term, but for the long-term. Customers must take their financial information—their very identities, in fact—into their own hands. As we've seen all too often in the wake countless data breaches these past few years, when it comes to identity theft, we can ultimately count on nobody to protect us but ourselves.

Labels: , , , , ,


Desktop computer use is down, but laptop use is up

End-of-year reporting in 2006 suggested that desktop computer use is on the way down, in favor of the ever-more-prevalent laptop. Organizations that store sensitive data on theft-prone mobile computing devices must understand the implications: Mobile computers demand teh technology of security measures such as GPS tracking, encryption, and more, or data breach–associated costs will occur with growing frequency.

IDC research reported by Computerworld in September of 2005 suggested that business use of laptop computers would spread to more than 50 percent of employees within a few years, with shipments of laptops surpassing those for desktops by 2008. An article in the Dec. 18, 2006 edition of BusinessWeekOnline reported findings from the firm Current Analysis showing that laptop sales rose by 25 percent for the week ending Nov. 25, 2006; desktop PC sales dropped 2 percent for that week, and, in October 2006, were down 5 percent for the year.

Sales of laptop security technology need to increase in parallel. We must combat—and ward off—the thefts that will inevitably accompany the growing prevalence of laptop computers. The alternatives, lawsuits and recovery costs, are prohibitively expensive. We're already seeing companies paying thousands of dollars just to stop official inquiries into their laptop security practices. No organization is immune. Install simple technology, like GPS, instead. Avoid the security nightmare before it even happens.

A December 2006 article in The Boston Globe article reported a $25,000 settlement paid by Ameriprise Financial Services Inc. to settle a probe into the loss of a laptop that housed personal data on thousands of Massachusetts residents.

Imagine losing a laptop computer and only having to press a button to make the whole problem go away. That's what GPS tracking can do—no more public relations crises, no more litigious probes, and no more lost customers. Your organization has done its job, and the thief goes to jail.

Indeed, nightmares like those described above can easily be avoided with technology such as MyLaptopGPS's: GPS tracking and encryption technology as security for mobile computers. Internet-based GPS, the technology this company's product of the same name uses, is more affordable and user-friendly than other types of GPS tracking and effectively tracks lost machines.

Laptop computer security can at once be simple, inexpensive, and highly effective. The alternative is theft and its attendant, often unknown consequences, such as lawsuits and soaring recovery costs. Smart organizations expect the worst and insulate themselves for it up-front. MyLaptopGPS provides the solution these companies want, and need.

MyLaptopGPS not only tracks lost laptops with Internet-based GPS, but also installs software that encrypts and silently removes and retrieves files from the machines—at once returning the data to its rightful owner and deleting it on the stolen computer. Users can invoke MyLaptopGPS's functions remotely.

Labels: , , , , , , , ,


Recent research and the threat of lawsuits should spur initiatives to equip laptop computers with GPS

Laptop theft is on the rise, and the research into mobile computing security reveals findings that are daunting and irrefutable: Laptop computers stand to be stolen in large numbers over the next few years, and the associated costs, including lawsuits, threaten to be a major source of frustration.

According to legal experts whose article appeared on Tech News World in mid-December of last year, California Senate Bill 1386, passed into law in July 2003 and now emulated in about 30 states, provides consumers and employees, under some circumstances, the legal basis to sue companies that have suffered data breaches. On Nov. 27 of last year Investor's Business Daily reported research from Kahn Consulting, a consulting firm specializing in the legal, compliance, and policy issues of information technology: Only 35 percent of the 80 percent of companies that equip their workers with wireless devices secure the machines.

Also cited in the Investor's Business Daily article was research from IDC, a firm headquartered in Framingham, Mass. IDC predicted that the number of mobile workers will increase by 30 percent by the year 2009, and that these added workers will see, rising along with them, the security threat to mobile computers.

Symantec has found that a laptop computer is stolen every 53 seconds, and that 97 percent of these machines lost to theft are never recovered. And research from Gartner Group has revealed that the financial price tag of laptop computer theft can exceed $6,000 for even just one machine.

I predict that more and more organizations will come to the logical conclusion: Turn to simple, effective, countermeasures such as GPS tracking and encryption technologies.

Anyone who loses a laptop computer wishes their machine had the functionalities MyLaptopGPS provides. Rather than deal with the thousands of dollars and pure headaches that come with lost mobile computing devices, smart organizations are looking at companies such as MyLaptopGPS, which offers GPS tracking and encryption technology as security for mobile computers. Internet-based GPS, the technology MyLaptopGPS™ uses, is more affordable and user-friendly than other types of GPS tracking and effectively tracks lost machines. MyLaptopGPS not only tracks lost laptops with Internet-based GPS, but also installs software that encrypts and silently removes and retrieves files from the machines—at once returning the data to its rightful owner and deleting it on the stolen computer. Users can invoke MyLaptopGPS’s functions remotely.

Peace of mind is hard to come by. For a fraction of the cost of a lost laptop computer, GPS and other technologies provide an all-encompassing solution to laptop theft so that even if your computer is stolen, it won't matter.

Labels: , , , , , , , ,


Rising tide of targeted mobile computer thefts is grounds for equipping laptops with GPS tracking technology

A laptop computer is a potentially lucrative acquisition for any thief. In some cases they’re seeking these machines because they're determined to obtain identifiable information that facilitates identity theft, account takeover, or medical fraud. Owners need to be aware of the information on their laptops and its worth to criminals. Organizations whose proprietary and sensitive data reside on laptop computers should install on these machines affordable antitheft safeguards such as Internet-based GPS tracking, encryption technology, and systems to remotely retrieve and delete data.

One briefly unattended machine sitting on a coffee table in an Internet café may contain data worth hundreds of thousands, if not millions, of dollars to a savvy criminal. But companies like MyLaptopGPS's, whose product of the same name uses Internet-based GPS (a technology more affordable and user-friendly than other types of GPS tracking), offer hope by not only tracking lost laptops with Internet-based GPS, but also encrypting and silently removing and retrieving files from the machines—at once returning the data to its rightful owner and deleting it on the stolen computer. Users can invoke MyLaptopGPS’s functions remotely.

Labels: , , , , , , , ,


Laptop computers bereft of GPS tracking technology are easy targets for criminals

The unsecured laptop computer is easily stolen and a goldmine for identity thieves. Owners indiscriminately store personal data of all kinds on them. The portable computer is the thief’s fantasy, but effective, and inexpensive, security exists. Anyone who owns a laptop computer should install on it affordable safeguards such as GPS tracking, encryption technology, and systems to remotely retrieve and delete data.

According to Symantec, a laptop computer is stolen every 53 seconds, and 97 percent of these machines lost to theft are never recovered. The numbers are hardly surprising. The recent statistics and ongoing news of more and more mobile computer thefts speak for themselves. The data breaches continue unabated. And now laptops are quickly becoming the item of choice for identity thieves conspiring with gangs and organized criminals everywhere. Smart organizations and individuals are protecting themselves with commonsense, affordable security that blocks the loss of personal information to theft.

MyLaptopGPS, an Oklahoma-based firm, offers just that commonsense opportunity: security for laptop computers at a cost that pales in comparison to the financial price tag of laptop theft, which can exceed $6,000 for even just one machine, according to research from Gartner Group.

Internet-based GPS, the technology MyLaptopGPS™ uses, is more affordable and user-friendly than other types of GPS tracking and effectively tracks lost machines. And MyLaptopGPS also installs software that encrypts and silently removes and retrieves files from lost laptops—at once returning the data to its rightful owner and deleting it on the stolen machine. Users can invoke MyLaptopGPS’s functions remotely.

The market is awash with an array of less-than-effective laptop computer security products. MyLaptopGPS gives a user a host of functionalities all rolled into one product, plus the peace of mind that comes from silently retrieving a laptop’s data from a remote location.

Labels: , , , , , , , ,


Educators should to equip laptop computers with GPS tracking technology

Identity thieves will steal anyone’s identity. They especially like to prey on young people, whose credit records are still clean and useful for new car loans, mortgages, and more under fake auspices. With so much theft of laptop computers storing Social Security numbers and all sorts of other information on students everywhere, GPS tracking and other safeguards for these machines must become a priority.

MyLaptopGPS is a firm that offers a product of the same name that uses GPS to track the whereabouts of misplaced and stolen laptops. MyLaptopGPS™ employs Internet-based GPS, a system characterized by affordability and user-friendliness. Going a step further, MyLaptopGPS™ also installs software that encrypts and remotely removes and retrieves files from lost laptops—at once returning the data to its rightful owner and deleting it on the stolen machine. MyLaptopGPS does what it’s designed to do remotely, covertly, and inexpensively.

Products such as MyLaptopGPS's bring enormous piece of mind to any organization, especially one with perhaps limited financial resources, such as an educational institution. MyLaptopGPS allows responsible and conscientious educators and administrators to track stolen laptops—and protect their students’ wellbeing.

Last fall, numerous laptop computer thefts affected college and high school students:

According to Gartner Group research, just one laptop lost to theft can result in costs that exceed $6,000. Laptop theft is a potentially catastrophic expense for educators. Anticipating worst-case scenarios, smart educational administrators are turning to GPS technology so that they’ll be able to track laptop computers once these devices are stolen. And, as we have seen with the rash of laptop computer thefts affecting students, a laptop computer is easy to lose.

Labels: , , , , , , , ,


Laptop Security Products Must Provide All-in-One Functionality

Research has continually revealed the high cost of laptop computer theft. Gartner Group research has found that just one laptop lost to theft can result in costs related to lost productivity, as well as hardware and software replacement, that exceed $6,000. Often, organizations spend much more, with untold additional funds covering the loss of data.

That's why it's heartening to see the high technology industry responding with novel ways to secure lost machines and recover the data on them. All-in-one technologies that employ Internet-based GPS tracking as well as systems for remote recovery and retrieval of data are among the best of these offerings. The financial impact of laptop loss far outweighs the nominal costs of these security alternatives.

One all-inclusive solution comes from MyLaptopGPS, a firm whose product of the same name uses GPS to track the whereabouts of misplaced and stolen laptops. MyLaptopGPS™ employs Internet-based GPS, which is affordable and user-friendly. And, going a step further, MyLaptopGPS™ also installs software that encrypts and silently removes and retrieves important files from lost laptops—at once returning the data to its rightful owner and deleting it on the stolen machine.

The market offers a number of partial answers to laptop security concerns, but GPS tracking technology needs to go hand-in-hand with the ability to remotely destroy data on stolen machines—and nobody wants to destroy the data on that laptop without first being able to retrieve the files. These are the reasons why MyLaptopGPS™ provides all three options in one package for organizations keen on improving the security of their laptops.

Laptop computers containing sensitive, identifying information on high school students and ROTC scholarship candidates. Some teaching institutions, such as a Fenland, England school that lost £20,000 computing equipment, some of it mobile have installed tracking technology on all computers, including laptops.

Labels: , , , , , , , ,


Monday, October 30, 2006

Remote Systems for Data Retrieval and Recovery -- Not to Mention GPS Tracking -- Are Essential for Laptop Computers

T-Mobile USA Inc. just recently announced that one of its laptop computers had gone missing. According to reports, the apparent theft put past and current employees’ sensitive information, such as Social Security numbers, at risk.

Where have we heard this before? Just about every week, it seems. And it doesn't only seem this way; it is this way. And whenever a laptop computer goes missing, two primary concerns haunt the organization that owns it: the portable computer’s whereabouts and the nature of the data on it. Both problems can lead to the loss of thousands of dollars, and rarely does any organization that loses an unsecured laptop recover the machine or the data that it stored.

Even so, the installation of systems for GPS tracking and data recovery and retrieval would be simple and affordable for firms -- and would greatly mitigate the many difficulties that otherwise beset them when their laptops are lost to thieves. An organization that wants to avoid the prohibitive costs associated with laptop loss and theft, should equip its portable computer fleet with GPS tracking technology and systems for the recovery and retrieval of data.

MyLaptopGPS, an Oklahoma-based firm, uses proprietary Internet-based GPS, a user-friendly system that tracks the whereabouts of misplaced and stolen laptops more efficiently and at far less of an expense than do offerings from other GPS providers. And the company’s product of the same name, MyLaptopGPS™, goes a step further by installing software that encrypts and silently removes important files from lost laptops—returning these electronic documents to their rightful owners while placing the data out of criminals’ reach.

According to MyLaptopGPS' chief technology officer, “Why make the laptop computer thief’s job any easier than it already is? High-profile thefts can bring attention to this issue, but there’s little comfort when an enormous percentage of small and large businesses continue to sit completely idle. MyLaptopGPS turns the tables, enabling businesses to remotely, covertly, and inexpensively destroy stolen data—with or without recovering it first—and track the criminals who stole the machines in the first place.”

Studies now show that the total number of records lost this year due to data security breaches has reached 100 million. Many of these breaches have been laptop computer thefts. With so much affordable counter-theft technology available, smart organizations are investing in themselves, their customers, and employees by spending a little money up front to save everyone a mountain of money later.

GPS: A Major Piece of the Laptop Security Puzzle

The past year has witnessed countless, major security breaches involving laptop computers, putting millions of consumers’ identities at risk of theft. I encourage organizations to stave off further portable computer thefts and losses by considering GPS tracking technology for their fleets of laptops.

GPS is the simplest solution for organizations trying to address their laptop computer security concerns. These machines are easy to steal and can go missing anywhere. MyLaptopGPS, an Oklahoma-based company, provides a particularly attractive form of GPS tracking as a service. If the technology is affordable, like MyLaptopGPS’, organizations are remiss not to install it on their entire laptop fleets.

MyLaptopGPS uses proprietary Internet-based GPS, an affordable technology that makes the company’s product of the same name easy to use and preferable to offerings from other GPS providers. MyLaptopGPS™ also installs software that encrypts and silently removes important files from lost laptops—returning these electronic documents to their rightful owners while placing the data out of criminals’ reach.

According to MyLaptopGPS' chief technology officer, “MyLaptopGPS allows responsible and conscientious companies to track stolen laptops. But much more importantly, it allows the rightful owners to ‘push the big red button’ and delete sensitive data from the stolen machine right under the thief’s nose, simultaneously transferring it back to a secure location. This is, by far, the most important consideration.

The past year’s spate of government data breaches recently prompted the House Government Reform Committee to investigate. As reported by CNET News, the committee found each of the government’s 19 agencies reporting at least one loss of data since 2003. Meanwhile, earlier this month the Department of Homeland Security released a report that found laptop computers at its own Inspector General’s Office in many ways unsecured. DHS’s findings followed many months' worth of incidents and worrisome revelations, including those at General Electric Co., the Commerce Department, the Veterans Affairs Department, Hotels.com, Equifax Inc., and elsewhere.

Laptops have always been a target of thieves due to their ease of procurement and resale value. In the past an organization would fret over the monetary loss of the machine. Today, the laptop’s value is equal to the cost of a press release announcing the theft of the machine’s data, plus the hundreds and thousands, if not millions, of dollars the company ends up spending to protect consumers from the theft.

GPS Technology Can Greatly Reduce the Cost of Laptop Computer Loss and Theft

Research into the financial impact of laptop computer theft has suggested that the loss of just one laptop computer can cost as much as $90,000, or even more. The findings, available since 2002, further illustrate the implications of losing even just one laptop computer -- not to mention the utility of the alternative: GPS tracking technology.

Organizations faced with lost data often incur financial costs related to fines, credit monitoring for victims, public relations damage control, and class action litigation. Companies are only hurting themselves when they ignore the logical alternative to these costs: safeguarding laptops by equipping them with affordable GPS tracking technology.

The loss of a laptop computer belonging to General Electric Co., stolen (according to reports) in September from a locked hotel room where a GE employee authorized to use the computer had left it, contained the Social Security numbers of approximately 50,000 current and former employees of the company. According to the 2002 Computer Security Institute/FBI Computer Crime & Security Survey, the theft of a laptop results in an average financial loss of $89,000, with only a small percentage of the sum actually relating to the hardware cost.

The potential financial cost from this past year’s losses and thefts alone is staggering. Because of this, organizations owe it to themselves, employees, and customers to minimize the impact of laptop computer loss and theft. And yet, for a nominal monthly fee that pales in comparison to the financial cost of lost laptops, MyLaptopGPS™ uses GPS to track these machines when they are lost or stolen. The product also installs software that encrypts and silently removes the important files from them—returning these electronic documents to the rightful user while placing them out of a criminal’s reach.

GPS tracking technology solves many problems caused due to loss or theft. The simplest way for a company to keep track of laptop computers, which frequently travel with employees, is to equip these machines with GPS.

GPS Tracking Will Curb the Rate of Laptop Computer Loss and Theft

News of the widespread loss of Commerce Department laptops since 2001—many assigned to the Census Bureau—has provided possible hints to explain the boom in identity theft seen these past few years, according to an authority in the field. The Commerce Department’s revelation of more than a thousand laptops lost earlier this fall, together with previously publicized research and the theft of laptops from other firms, has illustrated the need for companies to turn to solutions such as GPS tracking to curb the rate of laptops being irretrievably stolen or lost.

When you lose more than a thousand laptops—many of them containing Census Bureau data—less-than-scrupulous individuals are bound to find the information useful. With Census Bureau data in hand, the identity thief’s puzzle is a particularly easy one to complete.

Companies ought to consider solutions from providers such as MyLaptopGPS (www.mylaptopgps.com), whose product of the same name not only tracks any stolen laptop worldwide via the Internet, but also silently removes important files once the machine is stolen—returning them to the rightful user while placing them out of the criminal’s reach.

The Commerce Department released figures showing the loss of more than 1,100 laptops since the year 2001. More than half, according to reports, had been assigned to the Census Bureau. The news was no surprise:

• In May, the theft of a laptop from the Veterans Affairs Department jeopardized millions of U.S. veterans’ identities. A few months later, another laptop theft there put the personal information of additional veterans at risk.

• In June, Hotels.com reported the loss of a company laptop containing the financial records of about 243,000 customers.

• Also in June, Equifax Inc., one of the three major credit reporting companies, suffered the theft of a laptop computer containing identifying information on the company’s 2,500 U.S. employees.

And more breaches have occurred since. Laptop security needs a revamp. These machines are, apparently, difficult for organizations to track and keep. GPS and other technologies would go a long way in curbing the rate of laptop loss and theft.


Laptops Are the Weak Link in Data Security

The state of data security is in shambles. Anyone who watches the news knows this.

And the policies surrounding employee use of company-issue laptops seem to be particularly lax. In fact, laptops seem to be the weak link when it comes to data security. Research continues to find that the frequency of laptop theft in the workplace is high. Companies need to guard laptops—and the information allowed to be stored on these devices—with more vigor.

Earlier this year, the Ponemon Institute LLC and Vontu Inc. released the findings of a joint survey on the state of laptop security. Of the 500 information security professionals who participated, 81 percent reported the loss of a company laptop this past year. Furthermore, 53 percent said sensitive or confidential data stored on USB memory sticks would be impossible to track. The Ponemon–Vontu research seemed to bolster findings from an October 2005 report by CREDANT Technologies. CREDANT’s survey of 283 Global 2000 professionals found them estimating that as many as 90 percent of missing company laptops house sensitive data. The respondents, who largely agreed that laptops are most likely to be lost or stolen at work, also indicated that nearly three fourths of missing company laptops are noncompliant with California SB 1386’s encryption data requirements.

We’re seeing trends in companies’ laptop security. Despite the official post-theft statements from affected organizations, these laptops seem to be in transit often, and unsecured. And they also seem to hold sensitive data that should never be stored on portable computers.

In May, the highly publicized theft of a laptop from the Veterans Affairs Department jeopardized millions of U.S. veterans’ identities. A few months later, the theft of another laptop from the same government agency put more veterans’ personal information at risk of theft. Meanwhile, in June, Hotels.com reported the loss of a company laptop containing the financial records of about 243,000 customers, and Equifax Inc., one of the three major credit reporting companies, suffered the theft of a laptop computer containing identifying information on the company’s 2,500 U.S. employees. More high-profile thefts and losses have occurred since.

Companies should physically lock access to their laptop computers and use GPS to track them. A product from Staples®, WordLock™, allows users to employ a letter password that can be reset at any time to lock a laptop computer. And MyLaptopGPS™, an offering from AIT Solutions, LLC, not only tracks any stolen laptop worldwide via the Internet, but also silently removes all important files once the machine is stolen—returning them to the rightful user while placing them out of the criminal’s reach.

Monday, August 14, 2006

Consumer Trends Portend a Massive Backlash against Businesses that Fail to Implement Sound Data Security Measures

The threat of identity theft has become a given in most consumers’ minds. Merely going online, let alone making a simple purchase while on the Web, has become akin to walking solo down an inner city back alley after midnight. And yet another laptop stolen from the Veterans Affairs Department, not to mention the latest security breakdown at the Department of Transportation, only serve to chip away even further at consumer confidence. The potential costs to consumers and industry alike have reached enormous proportions. Consumers who have yet to take notice soon will—and probably the hard way.

New research last week provided insight into consumers’ attitudes about data security breaches and into the demographics of those most susceptible to identity fraud and theft. Other findings placed the annual cost to victims of cybercrime in the billions of dollars for U.S. and British citizens. And while the data mostly spell trouble for industry, some of the results suggest companies that understand the importance of security could convert the bad news to opportunity.

Research released in a flurry from various organizations last week underscored the daunting costs of cybercrime and the fragile state of consumer confidence in data security:

=>A survey of 2,200-plus consumers, conducted by Princeton, NJ’s Opinion Research Group, found more than half of respondents reporting a rise in their concerns over data security. Released on Aug. 7, the results also revealed that this heightened awareness caused 40 percent of those surveyed to halt a transaction online, over the phone, or in person. Furthermore, no single industry, brand, or company stood out when researchers asked respondents to name a most trusted.

=>On Aug. 8, the BBC News reported the results of research conducted by Britain-based market research firm YouGov and commissioned by Npower, an energy firm. One in every 10 of the 2,200 people polled believed they had fallen prey at some point to identity fraudsters. According to the findings, people under 30 years old, less prone to protect information such as the PIN numbers to their ATM cards, may be more susceptible to identity thieves.

=>As reported in the Aug. 6 edition of the Sunday Mirror, the British government has estimated the annual cost of cybercrime there to be in excess of £2 billion. On Aug. 8, an article in California’s Central Valley Business Times shared results from Consumer Reports’ “State of the Net Survey,” which found that U.S. consumers lost more than $8 billion over the past two years to cybercrime.

The these various findings, while worrisome, also present opportunities. Security consciousness has become a necessity for industry, and anyone who markets this consciousness ahead of the curve will not only retain existing customers; these sage companies will also woo jaded consumers from unconscious competitors. But only believable, strong countermeasures properly communicated to the public will work. After all, how can any company expect to conduct business, especially e-commerce, in an environment fraught with so many fears about security?

Consumers Will Probably Have to Take Their Identities into Their Own Hands

Earlier this summer, one of the three major credit unions, Equifax Inc., lost one of its own laptops to theft. This event strikes like no other to the core of our data security system’s fundamental flaws. Laptops are no place for sensitive data. And the response from both industry and government to all the breaches prior and since has remained slow at best—and counterproductive at worst. Companies continue in their unwillingness to learn basic lessons. Meanwhile, we’ve seen proposals from government this summer to further restrict access to the credit freeze, a major consumer-empowering tool against identity theft.

On June 20, Reuters and others reported that Equifax Inc., one of the three major credit reporting companies, had suffered the theft of a laptop computer. The machine contained identifying information on the company’s 2,500 U.S. employees. According to the company, the laptop housed no data on the millions of consumers whose credit scores Equifax sets. The company also said the employee was not allowed to store the information on his laptop, but did have authorized access the data.

Equifax is one of the companies whose information databases determine whether we’re good enough to get credit. And yet it seems that their security measures aren’t good enough to keep their own employees’ information safe. We can only hope they will offer those affected more than "free credit monitoring for one year"—the party line, it seems, these days.

We face the cold reality that we must go without much help from industry or government in protecting our own identities. I encourage any consumer to take her identity into her own hand—before a thief takes it into his. Luckily, despite the hurdles that face us, tools are at our disposal at the individual level. We’re going to need them.

Plenty of options exist for consumers to protect themselves. Identity theft insurance, for instance, is a wise choice, and companies should consider investing in password-protected locks for their employees’ laptop computers—that is, if they make the mistake of using laptops to transport personal financial information in the first place.

The Equifax laptop theft followed the loss of a Department of Veterans Affairs laptop containing personal data on millions of U.S. veterans. I encourage all veterans affected by the multiple VA data breaches this year to immediately enroll in IdentitySweep, a service that manages subscribers’ public records while monitoring their credit card information and Social Security numbers. Veterans can go to www.identitysweep.com/vet and receive a full year’s worth of IdentitySweep for only $18, a discounted rate, from MyPublicInfo, the Arlington, VA consumer identity protection company that created the service.

In Fighting Identity Theft, A Credit Freeze Beats Credit Monitoring Every Time

According to some estimates, well over 88 million Americans’ identities are at risk of theft in the wake of a steady stream of data breaches since February 2005’s at ChoicePoint Inc. The circumstances call for immediate changes to the rules that have disallowed consumers in many states from requesting a credit freeze. The credit freeze, after all, is far superior to monitoring when it comes to fighting identity thieves. A credit freeze locks access to your credit, whereas a monitoring service simply alerts you that someone has gained access. Then you still have to deal with it—and it’s a real headache. Are we going to make the credit freeze—something with teeth—available? Or are we just going to go through the motions and offer them little more than the consolation prize, credit monitoring?

Only a fraction of the country’s 50 states allow consumers to choose the credit freeze, and prohibitive restrictions in a number of those states render the option impractical anyway. As a result, activists have called for lifts on credit freeze restrictions. And yet, according to a June 16 report in the Cherry Hill Courier Post, a bill before U.S. Congress actually sought to pre-empt laws that make the credit freeze available to consumers. For this and other reasons, the Financial Data Protection Act of 2006 has drawn ire from columnists everywhere and from advocacy groups such as Consumers Union and the U.S. Public Interest Research Group.

Following the May 3 theft of a Department of Veterans Affairs laptop from an employee who took the computer home against Department policy, about 17.5 million past and current U.S. veterans found themselves at risk of identity theft. On June 22, The New York Times reported that the Department offered all affected veterans one year of free credit monitoring.

Great. Why don't we simply intruct the thieves to wait a year before using the information? Identity thieves are smart. They know how to work the system. In response, we make laws that disallow consumers from working that same system. Where’s the logic?

Wednesday, May 24, 2006

Here's How to Deal with the Week’s Burglary of 26.5 U.S. Veterans’ Identities

This week we have heard officials of all stripes assure us that "we have no reason to believe anyone’s identity is at risk" even though a laptop with the personal identifying information of 26.5 million U.S. veterans on it has been stolen. Their words represent the party line we typically hear when a security breakdown of this magnitude occurs. Their words aren't worth the cue cards their lackeys wrote them on.

The latest big-ticket data breach has endangered not only individuals’ bank accounts, but also national security. For expediency's sake, we'll leave national security to Homeland Security; it's pretty much out of our hands now no matter how apprehensive we may be about their ability to secure the homeland. So let's focus on what we can do.

Here's my advice for companies and other large organizations that store sensitive information on laptops, machines prone to theft: Don't. Laptops are the last place any organization should be storing the personal identifying information on 26.5 million people.

If for some untenable, inexcusable reason you must use laptops for this purpose, please, at the very least, keep those laptops in a safe place and locked down when authorized personnel aren’t using them. Make sure the machines are fully secure with functionalities designed to ward off thieves. I suggest the use of products such as the Staples® WordLock™ for laptop computers, a simple and inexpensive device that allows users to employ a letter password, which they can reset at any time, to lock their laptop computers.

But now that we're already in this mess courtesy of an improperly secured laptop, I urge consumers to treat this very real threat to their identities like the emergency it is—luckily, one they can manage. Luckily, a service available to everyday consumers can mitigate the ruined credit ratings and other aftermath nightmares individual veterans might otherwise have to endure.

All of you on the list of 26.5 million affected by this week’s laptop theft should immediately enroll in a service like IdentitySweep, which manages subscribers’ public records while monitoring their credit card information and Social Security numbers. Veterans can go to www.identitysweep.com/vet and receive a full year’s worth of IdentitySweep for only $18, a discounted rate, from MyPublicInfo, the Arlington, VA–based consumer identity protection company that created the service.

The Social Security number is the key to the kingdom, and it's a number these thieves now have—along with the dates of birth for the veterans affected and for some of these veterans' spouses. Without a monitoring service of their own to fall back on, these veterans and their families will be at the mercy not only of the thieves, but of credit companies’ good will, which is likely to wane after the usual offer we’ve seen following massive data breaches: pro bono credit monitoring for one year.

Thieves are smart. They'll wait at least a year before they use the information. Identity theft has become a part of life for these veterans. It didn't have to be this way, but it is. Enrolling in a service like IdentitySweep is the best way a veteran can save his reputation now that the institutions he's relied on to protect his personal data have failed at that very task.

Wednesday, May 10, 2006

Decrying the State of Data Security

A litany of data breaches filled the month of April. The deluge again typified industry’s seeming inability to solve the problems surrounding information security.

Infamous security breaches such as those at ChoicePoint Inc. and elsewhere happened more than a year ago. Now that we’re well into our second year of ‘The Identity Theft Apocalypse,’ I’m sure consumers are anything but pleased to learn that their personal and financial information is still out there, like loose change on the sidewalk, for the taking. After all, it’s usually identity thieves who are doing the taking.

April’s breaches ran the gamut:

=>According to a report in the April 27 edition of Newsday, the Long Island Railroad (LIRR) lost the personal information (e.g., Social Security numbers, names, addresses, and salary figures) of nearly “everyone who has ever worked for the agency”—about 17,000 people.

=>An April 26 CNET News article reported that scammers had succeeded in stealing the credit card details of 2,000 MasterCard holders. MasterCard, according to the report, said it was able to disallow activity on the accounts before the would-be online thieves could use the cards.

=>Reuters reported on April 26 the theft of a laptop computer containing the personal information of approximately 38,000 members of the health insurer Aetna Inc. Names, addresses, and Social Security numbers were among the information on the stolen computer, although an Aetna spokesperson stressed that no banking or health claim data would be available to the thief.

=>On April 14 TheHawaiiChannel.com reported that more than 40,000 Hawaii residents were at risk for identity theft as the result of tertiary activity surrounding an attorney general investigation. According to officials there, a security breach occurred at a professional copying service tasked with duplicating state employee documents that the attorney general’s office had requested for litigation purposes.

We’ve seen the loss of personal and financial records on nearly 100,000 people this April, and more than half of these went missing during the month’s last week alone. Times it by 52, and you begin to understand why identity theft is a problem requiring urgent attention.

Consumer Vigilance and “Smart Suiting” of Personal Computer Security Systems Go a Long Way in Thwarting Identity Thieves

Reports last week indicated that phishers continue to exploit security flaws in news ways. Voice over Internet protocol, also known as VoIP, has become the latest target. Phishers’ ever-improving scams again underscore the need for consumer education efforts, which should promote vigilance and smart use of security technology.

Successful education of consumers is the best line of defense against identity thieves, including the ones who operate online. Consumers need to know what security technology is right for their habits.

Consumers should consider “smart suiting” their personal computer systems with software that supplements antivirus and antispyware solutions. A recent press release from Spain-based Panda Software announced availability of what the firm calls “proactive technology.” Proactive technology performs tasks that software to combat viruses and spyware does not, such as striving to recognize whether the user’s personal computer has become a zombie—i.e., one that a computer hacker uses, unbeknownst to its owner, as a server for phishing and other online scams.

Right now, consumers seem to know only so much. Their lines of personal defense are down. Recent studies and surveys suggest that industry has a long way to go in teaching consumers how to take precautions against online scams. In fact, in many cases, consumers still need to learn that they must, indeed, even take these precautions.

Such studies include “Why Phishing Works” by collaborating researchers from Harvard University and UC Berkeley and a survey of UK consumers by British firm MyCallcredit.

The research also may explain why phishers’ scams are so effective. As reported by NetworkWorld and others, a new phishing tactic has gained prevalence. Ostensibly to verify bank account information, spoof e-mails encourage recipients to call a listed toll-free number.

Phishers perpetrating these attacks set up inexpensive VoIP systems that emulate legitimate organizations’ phone systems. With the mechanics of their ruse in place, the scammers then field victims’ calls, all in an effort to fool those who dial the provided phone number into revealing personal and financial information.

Consumer education and security technology go hand in hand. But sometimes, commonsense is all you need. Vigilance is the number-one antidote to online scams.


New Research into Online Threats Underscores the Need for Widespread Consumer Education

Results from a recent survey of UK consumers’ attitudes toward identity theft have shown that many underestimate the probability of the crime occurring. A joint Harvard University–UC Berkeley study, meanwhile, has demonstrated just how susceptible even a sophisticated Web user can be to a phishing attack, often the precursor to identity theft.

Education campaigns are the key to raising awareness. When even the savviest of Web users can’t recognize a crafty phishing attack, imagine how often average computer users might fall prey to online identity theft schemes. We need to undertake a massive, Apollo project–scale education effort to turn the tide.

Recently reported research suggested that only one third of UK consumers know that their risk of falling prey to identity theft is one in 1,000. British firm MyCallcredit’s survey also revealed that nearly 25 percent of respondents drastically underestimated their risk by as much as 15 times less than their actual risk.

Meanwhile, findings from a study titled “Why Phishing Works” conducted by researchers at Harvard University and UC Berkeley suggested that phishers fool even sophisticated Web users. “Good” (i.e., polished) phishing sites were effective, in fact, at fooling 90 percent of the study’s participants.

The authors of “Why Phishing Works” then collaborated to isolate the factors behind the efficacy of phishing attacks. They concluded that users’ lack of knowledge of—or an inattention to—common security indicators helped to make phishing attacks effective. In addition, “typejacking,” a tactic that replaces the key characters of a legitimate organization’s domain name with similar key characters (e.g., the use of the Arabic numeral “1” in place of the lowercase letter “l”), and other visually deceiving practices also seemed to be effective at duping users.

Is it any wonder why we need to educate consumers about the dangers they face? The task before us is monumental. Identity theft and the computer threats that facilitate this crime have been prominent in the public consciousness for years now. And yet the levels of awareness and savvy needed to thwart scammers are sorely lacking.

Fortunately, stopping identity thieves before they even have a chance to commit their crime is pretty straightforward. Comprehensive education for consumers will do it. The challenge resides in summoning the will to invest in that education, a worthy investment of time and energy.


News of widespread high-tech crime has become trite and may lead to consumer apathy

According to an identity theft and personal security expert, the press coverage of identity theft, phishing scams, and other types of fraud may be reaching the saturation point. Robert Siciliano, president of IDTheftSecurity.com, said the problem now runs the risk of becoming mere background noise to a public that feels helpless and may have a short attention span.

How are we going to publicize the threat of identity theft and other high-tech crimes in a way that leads to improvement, not apathy? The only way consumers will get effective tools to combat high-tech crime is if the threat remains a primary concern for consumers. Big companies answer to their customers, investors, and nobody else.

=>On March 22, The Boston Globe and others reported the loss of a laptop computer from Fidelity Investments, the Boston, Mass.–based financial firm. The computer, according to the article, held personal data on 196,000 retirement account customers.

=>NBCSandiego.com reported on March 24 reported on an apparent software glitch that caused the State of California to inadvertently send “64,000 tax forms containing Social Security numbers and income information to the wrong addresses.”

=>A March 24 report that aired on KSBI-TV 52 in Oklahoma detailed a social engineering scam involving phone callers who have stolen a number of unsuspecting citizens’ identities. Accusing the victims of missing jury duty, the scammers have managed to compel those they call to reveal identifying data.

=>Numerous news media outlets have reported that the Internal Revenue Service is warning taxpayers to beware phishers whose e-mails masquerade as IRS communication and ask for financial information.

A lot of people just want this problem to go away. Those who might have to take the blame for a general lack of security might in fact choose, at this point, to let news of identity theft and similar crimes saturate the news media.

The notion of an intractable high-tech crime problem might compel consumers to tune out. The voices for change would retreat, and the pressure to fix things would subside. After all, it costs money to beef up security.


Consumers Can Easily Learn How to Spot and Avoid Online Criminals’ Traps

Hackers remain steps ahead of watchdogs even as industry groups have succeeded in shutting down online criminal operations. Self-policing actions on the part of industry are a step in the right direction, but consumer awareness and education represent the best path to security against hackers, who invariably rely on their victims’ lack of vigilance.

Most malware, spyware, and viruses can ruin a computer and steal the owner’s valuable identifying information. Easy for the trained person to spot, these threats benefit from a civilian computing culture of ignorance and carelessness.

On March 8 TechWeb reported industry self-policing activities that thwarted hackers’ activities. According to the article, U.S.-based RSA Security collaborated with Panda Software, a company based in Spain, to shut down a number of Web sites that were selling readymade Trojan horse–style viruses custom-made for identity theft and other unscrupulous activities.

Typically, consumers only invite malicious code onto their computers if nobody has taught them what to watch for. While a number of companies may be well-equipped to ferret out and thwart hackers at the source, the best route for us all to take, economically speaking, is the education of end users. Policing efforts, no matter how aggressive, will always remain steps behind cybercrooks, whose tactics continually evolve.

Also on March 8, an article in the Channel Register, a publication based in the UK, described the success phishers have had with “smart redirection,” which helps phishers, who typically run multiple sites related to one spoof, to keep track of their sites’ availability. When the victim clicks on a malicious link, smart redirection figures out which of a phisher’s sites have evaded shutdown and points the doomed browsers only in the direction of sites that remain live.

Phishing tactics continue to grow in sophistication. But the fact remains that a phishing e-mail, the requisite precursor to the phisher’s criminal activity, is telltale. No reputable banking or other financial institution requests sensitive information from its customers via e-mail. Any consumer can learn to spot and avoid the facades the veil malicious code.

The Theft of Consumers’ PIN Numbers from a Major Bank Shows High-Tech Fraud Knows No Bounds

High-tech thieves hacked the computer systems at Citibank in March and made off with countless ATM cards’ PIN numbers, four-digit consumer security codes previously considered impervious to attacks. No system of security is foolproof. Any tendency to believe so breeds complacency, the key ingredient online identity thieves and others need in order to operate under the radar.

We need to lose the Titanic mentality when it comes to high-tech crime. How many times do we need to hit an iceberg before we alter our course? Anything can happen and will. No computer system is immune. Even the tried-and-true PIN number method of security can sink.

According to a March 9 report in InformationWeek, the PIN number scam that Citibank experienced affected additional institutions: Bank of America, Wells Fargo, Washington Mutual, and smaller banks. Thieves apparently hacked into an “as yet unknown system” to pilfer all the information they’d need to make use of victims’ ATM cards, which the article described as the “data stored on debit cards' magnetic stripes, the associated 'PIN blocks,' or encrypted PIN data, and the key for that encrypted data.”

A Gartner Research analyst remarked that the industry had always thought PIN numbers would be safe from hacking attacks, but the InformationWeek article went on to explain how retailers’ infrastructure can undermine PIN security. Stores’ computer data storing systems can play fast and loose with the PIN numbers consumers leave at the point of sale. ATM machines are largely secure, but checkout line PIN use can be risky.

One of the problems with identity theft and related fraud is the sprawling transactional system we use for retail. Point-of-sale transactions occur every second across a nation bursting at the seams with retailers ranging from large chains to mom and pop shops. This yields a large quantity of personal financial data, and no standard seems to be guiding retailers in the safekeeping of this information. Without standardization of security, the quality of security is bound to vary wildly and collapse in failure.

Commonsense indicts organized crime rings such as Webmobs in sophisticated breaches such as the PIN-related thefts at Citibank. And recent reports have indicated that identity fraud–related organized crime continues to flourish. A March 6 Denver Business Journal article documented the shenanigans of a Mexico-based crime family whose alleged fake ID operations reach into 33 states. According to law enforcement officials quoted, the group’s infrastructure is robust.

As many have noted, identity theft, fraud, and related online theft all threaten not only our finances, but our national security. Lax policies may cut costs in the short term, but in the long run consumers lose money, and we all lose our security.

Sunday, February 19, 2006

Research Supports the Accuracy of a Security Industry Expert’s Prediction: Public Is Ready for GPS Technology

Recently announced research supported a nationally televised security industry expert’s assertion that the public is ready for GPS. The Boston University–led survey found a large percentage of respondents receptive to the notion of surveillance in the form of consumer-friendly P2P devices. The findings provided insight into effective strategies for marketing GPS technology to consumers.

GPS manufacturers who want to saturate the market face one remaining challenge. They must gain favor with consumers, and they’ll do this by marketing safety.

Graduate students at Boston University’s College of Communication conducted their research online. Conducted by graduate students, the study looked at 523 online adults’ receptivity to Person-to-Person (P2P) surveillance of loved ones and found 32 percent “likely to use such devices themselves.”

With research findings like this on their side, P2P device manufacturers should go to market en masse this year. The everyday consumer’s possible lack of preoccupation with privacy issues may be incongruent with professional privacy advocates’ agendas.

Verizon Wireless recently announced plans to market a P2P device. The company’s GPS-equipped cell phones will allow parents to track teenagers’ whereabouts.

People choose safety over privacy every time. Those pursuing the market for GPS technology can embrace this notion. GPS manufacturers will gain favor with consumers as safety enablers, not as an invaders of privacy.

Once the public becomes comfortable with GPS, the floodgates will open. Without fear of backlash, consumers, law enforcement officials, and manufacturers alike will then be free to adopt and provide GPS for its many uses.

GPS offers clear benefits for the law enforcement community. On Feb. 7, The Associated Press reported that police in Southern California are turning to GPS technology to curb high-speed pursuit. According to the article, a small number of police cruisers there will receive the StarChase systems, which allows users to shoot GPS-enabled darts that stick to fleeing vehicles.

GPS is the security industry’s ‘killer app,’ the breakthrough that will change everything. Professionals in security have always dreamed of a solution that would make the bad guy’s job impossible. That solution has remained elusive until now. GPS has the potential to make crime as we know it extinct.

The law enforcement market segment is ready to embrace GPS technology, the ‘killer app,’ with abandon, and consumers interested in safety will continue to recognize the technology’s benefits. Manufacturers will position themselves to profit from these opportunities, and, as counterpoint, privacy advocates will react by decrying the dangers that GPS poses to our civil liberties. But the market, which comprises all these factions, will make the final decision.

This page is powered by Blogger. Isn't yours?