Tag Archive for: Data Breach

Identity Theft for Businesses: Mobile Data Breach

Mobile Data Theft

Technology is the focal point of data breach and workplace identity theft because corporations create, transmit, and store so many pieces of information digitally that it becomes a highly attractive target. This book is not intended to address the complex maze that larger organizations face in protecting their technological and digital assets. Rather, the purpose of this book is to begin to familiarize business employees, executives, and vendors with the various security issues facing them.
The task, then, is to develop a capable team (internal and external) to address these issues. In my experience, the following technology-related issues pose the greatest data-loss threats inside organizations:

  • Laptop Theft: According to the Ponemon Institute, 36 percent of reported breaches are due to a lost or stolen laptop.
  • Mobile Data Theft: Thumb drives, CDs, DVDs, tape backups, smart phones
  • Malware: Software that infects corporate systems, allowing criminals inside these networks
  • Hacking: Breaking into your computer system from the outside, using networks, wireless connections, remote access, and your Internet pipeline
  • Wireless Theft: Wireless connections to the Internet in airports, hotels, cafes, and conferences
  • Insider Theft: When someone in the IT department (or elsewhere) decides to make extra money by selling your data

According to the Ponemon Institute, ‘‘Thirty-six percent of all cases in this year’s study involved lost or stolen laptop computers or other mobile data-bearing devices. Data breaches concerning lost, missing, or stolen laptop computers are more expensive than other incidents. Specifically, in this year’s study, the per-victim cost for a data breach involving a lost or stolen laptop was just under $225, over $30 more than if a laptop or mobile device was not involved.’’ Continue Reading….

The post above is an excerpt from John’s latest book Privacy Means Profit. To learn more and to purchase the book, visit our website www.ThinkLikeASpy.com.

Privacy Means Profit

Prevent Identity Theft and Secure You and Your Bottom Line

This book builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

In Privacy Means Profit, John Sileo demonstrates how to keep data theft from destroying your bottom line, both personally and professionally. In addition to sharing his gripping tale of losing $300,000 and his business to data breach, John writes about the risks posed by social media, travel theft, workplace identity theft, and how to keep it from happening to you and your business.

5 Business Survival Lessons from Google’s Spying

A few months ago, Google got caught sniffing unencrypted wireless transmissions as its Street View photography vehicles drove around neighborhoods and businesses. It had been “accidentally” listening in on transmissions for more than 3 years – potentially viewing what websites you visit, reading your emails, and browsing the documents you edit and save in the cloud.

Public opinion blames Google, because Google is big and rich and and scarily omnipotent in the world of information domination. It’s fashionable to blame Google. What Google did was, to me, unethical, and they should eliminate both the collection practice and their archive of sniffed data.

But the greater responsibility lies with the businesses and homes that plugged in a wireless network and did nothing to protect it. Don’t tell me that you don’t know better. When you beam unencrypted data outside of your building, it’s no different than putting unshredded trash on your curb – YOU NO LONGER OWN IT. In fact, when you take no steps to protect the data that flies out of your airwaves and into the public domain, you really have no claim against someone taking it. It’s like finding a $100 bill on an abandoned sidewalk – you can claim it or the next lucky person will. Tom Bradley of PC World agrees:

The lesson for businesses and IT administrators is that you have to put forth some effort to at least give the appearance that you intend for the information to be private in order for there to be any inherent expectation of privacy. The burden should not be on Google, or the general public to have to determine whether the data you let freely fly about unencrypted is meant to be shared or is intended for a specific audience.

The Google story illuminates 5 Business Survival Lessons:

  1. This, like so many other business issues, is not a technology problem. The technology to keep out unwanted eyes exists (unless a government wants to tap you) and is accessible and affordable. The problem is human — someone has decided to ignore what they know should be done (especially having read this article)
  2. Private information that you fail to protect is no longer your private information (pragmatically and probably even legally).
  3. In the marketplace of data, just like in business, it is your responsibility to control what you can. Not everything is in your power, but safe wireless transmissions are. Whether it’s trash in a dumpster, posts on Facebook or wireless signals, the responsibility is yours and your business’s, not just Google’s, Facebook’s and corporate America’s. You must do your part.
  4. If you don’t employ at least WPA2 encryption currently on your wireless networks, I can nearly guarantee your data is being watched. And the expense of upgrading is minor compared to the prospect of breach, so lose that excuse.
  5. Prevention isn’t sexy, but it’s profitable. Whether your are preventing data leakage, budget shortfalls, or a heart attack, the key is to do the hard work before it happens.

John Sileo is the award-winning author of Stolen Lives and Privacy Means Profit (Wiley, August 2010), a professional Financial Speaker and America’s leading identity theft expert. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.

Employee Background Checks

CSIdentity SAFE

Great employees are hard to find, but without the right employee background screening process, deceitful candidates are even harder to spot. Hiring dishonest employees puts your sensitive and confidential business information at risk and could cost you millions if stolen or damaged.

According to The Ponemon Institute, an independent research foundation, the average cost of data breach to a victim corporation is $6.75 million. In 2008, the lowest reported cost of data breach was $613,000, while the highest was just under $32 million. Given that the average cost per stolen record is $202, one missing laptop with 2,500 customer or employee records on it would come with a data breach recovery bill for a half a million dollars. And that doesn’t factor in loss of stock value, brand damage or customer defection that results from having your breach in the news.

Insider theft, where one of your employees facilitates the breach, is a common source of this crime. And your risk doesn’t go away when your employees do. Over 60% of  employees keep sensitive data after they have been terminated and nearly 80% of them stated that they knew it was against company policy. This includes everything from email lists and customer information to financial business information.

The incidents of insider theft can be easily reduced by applying proper employee background check techniques. My business is a great example of how effective background checks can be. I hired a business partner without performing even the simplest of verifications. That partner proceeded to use my identity to steal $300,000 from our customers. I would have seen his criminal tendencies had I just invested a few dollars in screening him properly.

Each year nearly 2 million applicants use false or stolen credentials and get hired.  The Background Screening tool that I use to screen employees for my business is CSIdentity SAFE . Here’s what it does:

  • It validates the applicant’s true identity so that you know the background check record belongs to the person sitting in front of you.
  • It detects if the name or other personal data has been falsified
  • It determines whether the applicant has a criminal history under any assumed names or aliases
  • It conducts in-depth screening searches including criminal, driving, employment, licensing and education verification & more
  • It allows you to order, track and receive drug screening results online in 15 minutes
  • It lowers your data liability by making background checks available only to certain employees
  • It provides continuous monitoring of your employees record in case they commit a crime while on staff

In other words, SAFE gives you the tools to re-take control of the screening process so that you are notified of negative employee data even if they choose to hide it from you. Even after the employee has been hired CSIdentity SAFE continues to monitor their criminal record and will send you updates of any changes.

An employee background check is a step that most employers skip, but if done right it could save your company millions on potential data breach. Looking back on my personal situation, it was an expensive and painful mistake that could have been quickly and easily prevented.

John Sileo provides identity theft training to human resource departments and organizations around the country. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by [intlink id=”15″ type=”page” anchor=”Contact John Sileo”]email[/intlink] or on 800.258.8076.