Data Breaches and Identity Theft: Interview With Two Experts (Part Two)

Imagine finding thousands of dollars worth of charges on your credit card. Or worse – imagine not getting the bill and having the charges affect your credit rating. We could keep going with progressively worse scenarios, but the point is that data and identity theft is a serious problem.
We interviewed two data security experts on this important topic.
Part One – Dave Bull, Secure Computing
Part Two – Wasim Ahmad, Voltage Security
Second is an interview with Wasim Ahmad, VP Voltage Security
Is there really a problem with identity theft? We hear about the high profile cases in the news, but maybe there’s not much theft happening.
Wouldn’t that be great! Identity theft is the fastest growing crime in the US for the seventh year in a row. Criminals are very innovative about how they steal identities, and have shifted from trying to amass lots of credit card numbers and identities to focusing on high net worth individuals – where just one successful hit can provide a windfall.

Maybe this is only an issue for very large companies as they present big targets.
Identity thieves are profiling companies more aggressively, looking for companies with target rich data – this means that even smaller companies are targets if they hold onto customer records. Of course small businesses are also targets of identity theft themselves, as they typically do a lot of things online.
Beyond anti-virus software, firewalls (server and client), and some other security tools, is there more needed?
It is important to have multiple layers of security to make sure that the likelihood of a data breach is reduced e.g. software that restricts access to your network. However the only true defense against a data breach is to either (a) not store information like credit card numbers and social security numbers or (b) make sure that they are encrypted in such a way that a thief cannot get hold of the real numbers. Many small businesses use packaged applications or on demand hosted applications which may store customer data, but also lying around the office you will find spreadsheets, word documents, etc. that contain sensitive customer and employee data – these need to be protected too. Some people recommend encrypting the hard drive of a computer, but frankly these types of documents don’t stay on a hard drive, they get moved around, put on USB devices, emailed, the list goes on. So the best approach is really to make sure these critical documents are encrypted so that wherever they go they remain protected.
What role does simple, human vigilance play?
Having good processes is important, but there is the human factor – humans make mistakes. New legislation going into force on November 1, known as the Identity Theft Red Flags Act, requires companies (of all sizes) to put in place a proactive plan to prevent identity theft – in particular watching for things like changes to a customer address. It’s follow through on these types of plans that will make identity theft a little harder – making things harder for identity thieves makes them go away and look for easier targets.
What are some basic and then more complex solutions smaller businesses can use to protect themselves?
Use a file or document encryption solution to protect documents, use common sense safeguards for passwords – don’t write them down underneath the keyboard.
What role does the local solution provider play? Should one hire a security expert vs. a generalist?
Yes a solution provider that understands your business can help you identify the risks – once you know that you can look for reasonable ways to reduce those risks for you and your customers.

7 thoughts on “Data Breaches and Identity Theft: Interview With Two Experts (Part Two)

  1. Norm Magnuson

    This article is very timely. Consumers and those entities that maintain consumer data should be aware of identity theft and how best to protect that data.
    However, I would like to correct one statement made by Mr. Ahmad concerning ID theft. It is not “the fastest growing crime in the U.S. for the seventh year in a row”. To the contrary, recent studies indicate identity theft rates have declined across the board. For instance, an FTC survey of consumers released in the fourth quarter of 2007 shows that ID theft is down 16.2% between 2003 and 2006. Additionally, the Department of Justice recently released a report showing that ID theft trended downward 11% between their first and second survey. Finally, the latest FTC report released earlier this year shows identity theft complaints, as a percentage of all complaints filed, are down 14% between 2005 and 2007.
    We believe that these positive trends are due, in part, to some of the initiatives undertaken by CDIA members. First, credit file monitoring products help consumers identify a problem in their credit reports while it is still easy to have it corrected. Second, lenders are making wider use of our members’ fraud prevention and identity verification products helping to stop ID theft at the point of sale.
    Norm Magnuson
    Vice President of Public Affairs
    Consumer Data Industry Association
    Washington, DC

  2. Pingback: Data Breaches and Identity Theft: Interview With Two Experts (Part One) | Small Business Technology

  3. Pingback: Data Breaches and Identity Theft: Interview With Two Experts (Part … | Fantastic Legal Information

  4. Pingback: Data Breaches and Identity Theft: Interview With Two Experts (Part …

  5. Pingback: Data Breaches and Identity Theft: Interview With Two Experts (Part … | Legal and Law Info

  6. Pingback: Data Breaches and Identity Theft: Interview With Two Experts (Part … | The law and You

  7. Pingback: Data Breaches and Identity Theft: Interview With Two Experts (Part … « Law Yarns

Comments are closed.