Personal Data More At Risk Today

You must have heard about all the security measures that have been put up to safeguard electronic data. Contrary to what you may have expected, your personal data is less safe in 2007 than it was in 2005.

A nonprofit organization for consumer rights said that security breaches since the beginning of 2005 have resulted in the theft of over 158 million records of U.S. residents; that number is over one-half of the U.S. population. One top analyst at a cyber-security firm said that more companies reported phishing attacks on their customers. The number of such companies rose 20 percent during the second quarter of 2007.

Phishing attacks traditionally targeted bank customers, but now customers of credit unions and insurance companies, and even of hotel chains, are targeted. It seems that while banks, all kinds of merchants, and even consumers have put up new walls to secure their networks and data storage, identity thieves are faster at using new technologies, and exploiting the errors of careless users, to penetrate databases with sensitive information.

Criminals have also learned to target wealthy individuals with fat bank accounts. Some identity thieves buy marketing lists to find out who have Amex Platinum cards or who keep their accounts with the bigger brokers. They get into Internet auctions and money transmittals; they may mimic online lotteries.

Retailers may be vulnerable through their point-of-sale system (which are accessible via the Internet and contain stored data from credit card transactions) and printers with hard drives. Analysts believe that in 2008, cyber incursions into retailers’ data will be done through their POS systems. Retailers obviously need to upgrade the security of these systems.

Credit card companies may add better authentication protocols, such as using a unique password that is downloaded each time the holder uses the card. The physical card – not just card information – will be needed every time the user purchases an item, so even if credit card information is hijacked it will be useless anyway.

What can the consumer do?

* You must always check the statements from your bank and the credit card issuer for unfamiliar transactions.
* Obtain copies of your credit report and check it for signs of identity fraud.
* Be very cautious when doing transactions at unfamiliar Web sites.
* Do not spend too much time on Web sites that are unknown to you.
* Be quick to spot changes in e-mailed communications from your bank or official-sounding institutions for signs of phishing. You may be able to sense something wrong in the wording or in the look of the message.
* Be cautious with your social networking sites: they can be used to distribute malware or to set up a phishing scheme.

For those in business, one good rule about data is: if you don’t need to store data, don’t; if you must store data, encrypt. You should also be equally strict in monitoring access rights (and activity) of your contractors and your employees.