What does Facebook,The New York Times and I have in common? We all have been victims of cyber attacks.
Just before the Thanksgiving holiday, my bank’s security team alerted me that someone was using a phony credit card with my name and account number on it in a three-state spending spree. But that’s not all. Over the past three months I have received letters from a major software company and a different bank about data breaches involving my personal information. Four years before that I had two back-to-back incidents of someone posing as me to withdraw funds from my bank account by depositing a bogus check and withdrawing cash.
Earlier this year, the Director of U.S. National Intelligence, James Clapper, identified cyber attacks as America’s number one security threat. Some foreign governments and criminal groups have been charged with being behind cyber espionage efforts to steal not only state secrets, but also the IPR and trade secrets from American businesses. A 2013 study by Verizon showed that there were 621 confirmed data breaches in 2012 and over 47,000 reported “security incidents”. In a report by the U.S. Congressional Research Service, Cybersecurity: Authoritative Reports and Resources (http://www.fas.org/sgp/crs/misc/R42507.pdf), studies conducted by government and the private sector showed the breadth of the threat posed by cyber attacks to national security, financial system and civil infrastructure, such as electricity and water supplies, as well as the troubling lack of awareness and urgency by business to the threat posed by cyber attacks.
It’s no surprise that the U.S. government has had to play catch up on a global problem of this magnitude that has been affecting individuals and families for several years. But even more startling is that the business community is still waking up to the threat cyber attacks pose to their IPR and financial health. The good news that government and increasingly business are now motivated to take action against identity theft and personal data breaches.
As my experience with cyber attacks would suggest, I am no longer surprised by new episodes of identify theft and breaches of personal data. About half the U.S. population who shop online hold similar views. According to research conducted in 2013 by the consumer research firm Forrester, 49% of online shoppers have concerns about security and privacy. As consumer awareness of cybercrime rises, it suggests that the public’s unease about the safety of their personal information will continue to grow.
A higher level of public concern about the threat of cyber attacks will be a good thing. A large percentage of business, government and consumers are already relying on the Internet for commerce, data storage and communications. New technologies coming on line will make us even more dependent upon the Internet for virtually all aspects of our lives. Public pressure on government and the private sector for better protections against cybercriminals will intensify. Another side benefit will be an informed public about cyber attacks who will be motivated to take steps to reduce their exposure.
The bad guys use high and low tech methods to get access to your financial and personal information. Some of the most common methods are totally low tech and also the easiest to prevent. For example, throwing away credit card receipts and bank statements into the trash or paper-recycling bin is like handing over your personal information to the criminals. They covertly search through discarded documents to find sensitive information and then use it to defraud your bank or other financial institution that you do business with. They also sell your personal information to brokers who in turn sell it on the black market. Remember, all financial and personal documents should never be thrown out as trash or recycling. Always shred these documents. In our house, we also use them as kindling for the fireplace.
Another precautionary measure that you can take to reduce your exposure is to never give personal and financial information over the phone or online unless you know for certain the caller or the website represent a known and trusted organization. This may entail contacting your bank, credit cards and favorite charities to find out whether they will call, use email or the postal service to contact you about your account. But it will be time well spent if it can help to foil an attempt by the bad guys to get access to your personal information.
Email messages are frequently used to dupe consumers into sharing their personal information. The email that comes from what convincingly looks like your bank or another trusted source, that asks you to down load an account statement or other document, could instead result in downloading malware, which gives the bad guys access to sensitive information stored on your computer. These fraudulent emails are known as phishing, and can compromise the security of your confidential information. Again, it’s important to confirm with bank, credit cards and other organizations handling your sensitive data what methods of communications they will use to contact you and information on what kinds of suspicious emails to watch out for.
Use online technology to help you thwart attempts by the bad guys to steal your personal information. If you manage your bank accounts, credit cards and investments online, you should regularly check account balances and the status of payments and deposits. If you find a suspicious payment or withdrawal, you can immediately report it and have the account closed. Change your passwords on a regular basis. Unfortunately, no amount of preventative measures can protect you from data breaches. But if you are constantly monitoring all of your accounts, there is a good chance that you will be able to notify the bank or financial institution quickly enough to minimize the damage.
If you discover a breach of personal data and identity theft, you should report it to the U.S. Federal Trade Commission (FTC) and to local law enforcement. The FTC is also a great resource on how to reduce your exposure to personal data breaches and identity theft (http://www.consumer.ftc.gov/features/feature-0014-identity-theft).
In the 21st Century, the robbers will not wear masks and put a gun in your face demanding cash. They will sit in front of computer screens and hack into IT systems to steal your financial and personal information and ultimately your money. The bad news is that hackers are constantly trying to hack into your accounts. The good news is that the majority of the time, they fail. The bottom line is to not be complacent and to be proactive about reducing your exposures. Start right now!