Increasing Information Theft
It seems like every day there is a new story about hacking. Data theft is a growing problem, and it’s not going away. As more and more companies collect and store your information online, hackers will target them for fun and profit. Blackmail, advertising and identity theft are just a few reasons why your information has value. Unfortunately, your information is only as safe as the practices a company follows in securing it. Currently, there are few laws requiring businesses to comply with any security requirements. It’s up to them to follow industry standards and best practices for keeping data protected from hackers. Sure, there are lots of detailed guides, handbooks and training that IT professionals can follow. But it’s been my experience even seasoned veterans don’t always abide by basic practices for information security. Hackers take advantage of lax security.
In June of 2012, the Federal Trade Commission (FTC) sued Wyndam Hotels and Resorts for a data breach that allowed credit card information to be stolen from more than 619,000 consumers. In fact, according to court documents, between 2008 and 2009 there were 3 separate data breaches. The FTC won, but Wyndam argued the FTC had no authority to enforce security standards for businesses. Even after appeals from Wyndam, on August 23rd the court ruled again in favor of the FTC. This now sets a precedent and businesses will need to be more vigilant than ever at protecting consumer data.
While businesses play a role in keeping our information secure, it’s also up to us – the consumer – to keep our information safe from hackers. There are some simple practices you can follow to help reduce your exposure, and safeguard your private data.
Never give out personal information online, via email, or text message – unless you are certain it’s legitimate. Banks, medical offices and other business have a valid reason to collect your personal information, but a retailer or sweepstakes company may not. It’s a good idea to scrutinize any requests for sensitive data. Personal information such as name, date of birth, home address, mother’s maiden name, city you were born in, financials, employer and especially social security numbers can all be used by hackers. Unless there is a valid reason to give it out, don’t.
Don’t overshare on social networks. You’ve probably heard about people who posted vacation schedules to their social media account, only to find their homes ransacked when they return. That’s because someone knew they wouldn’t be home! Other information, if shared, can be equally damaging. In addition to the personal information already mentioned; where you bank, your dog’s name, your cell phone number are all details that can be put together to gain unauthorized access to an account. Keeping your social media accounts private, and changing privacy settings so your account only shares with close friends is a good tactic to limit your exposure. Remember the less detail your share, the better.
Don’t share information you wouldn’t want your grandmother to know. OK, I was once told if I was saying something I wouldn’t want my grandmother to hear, then don’t say it. The same goes for the internet. If it’s embarrassing, private, or just doesn’t represent who you are – keep it private and off the web.
Beware of phishing emails. Phishing is a tactic where you receive an email that looks legitimate – perhaps from a friend, colleague or company you do business with – but is actually an attempt to fool you into giving out information. It may contain a link to a webpage form to collect information, or it may ask you for bank account information. Regardless, the intent is to steal your information and use it against you. While some are hard to spot, most of these phishing emails are written poorly. Bad grammar, misspellings or verbiage that seems out of place are a red flag. If you have any doubt, pick up the phone – or go directly to the businesses website without clicking any links from the email.
Verify a website is secure before entering sensitive information. When you visit a website, the letters before the website name can tell you whether it is secure or not. When you see “https://” before the “www” in a website domain name, it means the data being transmitted from your computer to the website is safe. The “s” stands for secure. If you just see “http://” then the site may not be using this security.
Erase all data before disposing of computers, phones or tablets. “Dumpster diving” is a common way of obtaining old computers and devices. While they may no longer be of any use to you, hackers will extract the information and try to obtain details about your financials, accounts, passwords, and other private data. In order to prevent this, make sure you thoroughly erase all data from computers, smartphones and tablets. This usually requires some special utilities that scramble the information, since even deleting things can leave enough data behind for someone to retrieve. Some electronic recyclers and IT companies offer this as a service. Also, be sure to destroy sensitive paper documents rather than merely throwing them away.