Cyber Security

As I get older I seem to be spending more time and money at my various physicians’ offices, where I am regularly poked, prodded, and dosed with pills to either Security Networkings detect or prevent the health issues that plague the new millennium baby boomer. As one of the true joys of being a small businessman is the lack of affordable in-patient insurance policies, I generally pay as I go for these services. (As an aside, don’t be afraid to ask: If you don’t have coverage for a particular issue, say dental work, talk to the practitioner and offer him/her cash payment on-the-spot for a procedure. I’ve experienced discounts up to 40 percent!)

At my last visit to my general practitioner I paid my bill in a hurry with my credit card and rushed out the door to run an errand. It was only when I got home that I took a close look at the bill and realized that my “Account Number” with this doctor’s firm is the same as my Social Security number. So any person in their office, or one of the tens of thousands of people who have access to their network (a major Chicago university) has my name, Social Security number, and credit card information at their fingertips.

This is not a good — not good at all.

We’ve all been made aware of the very real threat of identity theft, with some of us and our clients being one of the millions of victims of this Internet-based crime every year. I, for example, have had my Visa card number changed twice in the past three years, with my American Express card requiring one number change after successful hack attacks into the networks of major retailers during that time period.

Our personal data is everywhere, spread like so many seeds across the nation and around the world. Unless you’re living the Unabomber lifestyle — paying green cash for everything, not visiting doctors, and not filing tax returns — you and your client’s private identity information is not private at all.

And while they work hard, law enforcement is up against thousands of sophisticated hackers who will try all sorts of ways to crack into networks, and they only have to be right once. To further complicate the issue, a hacker in Russia or Bosnia could care less about U.S. laws and their enforcement from 4,000 miles away. While there are laws to protect sensitive data, and many companies say they won’t give out your information, who knows if they are really complying with the laws and best data security practice; we don’t know until the horse has left the barn and our information has been pilfered.

So personal data security is a real, major and growing problem, which will only get worse the next time your client loses his or her iPhone.

Let’s compare the data leak situation to a physical security system. Let’s start with my house. I can’t hide where I live from a person who wants to know— they can just follow me around town and see where I end up that day. Your clients also cannot hide their physical address. Just as a home address is readily available, sensitive personal data is spread all over various networks and can be found any number of ways.

So the bad guy(s) can find out where I live. If he believes there are valuables in the house, he can break in, even though my particular house has so many IP cameras recording that I could fill an entire edition of truTV’s “World’s Dumbest Criminals” in the event of a burglary. However, in one of your client’s homes the burglar can break in, even with the alarm siren screaming, grab the valuables and hightail it out the door before the police or the building owner arrive. They then can sell the stolen goods for a fraction of their true value and plan the next job, until they get caught.

What do computer hackers do when they steal sensitive personal data? The first issue to understand is that there is brisk trafficking in stolen data, with other hackers buying and selling lists of sensitive data containing millions of identities, credit card numbers, valid e-mail addresses, and other information.

But how does the recipient of the stolen information make money? One of the primary ways is to take out new credit cards or establish credit lines in the stolen identity’s name, buy a lot of easily resalable products such as electronics, jewelry, and even vehicles, sell the booty and collect the cash.

Just as the security of any non-military building can be relatively easy to breach (sledge hammers work just fine for party walls in retail strip malls) we have to assume that our personal data and that of our clients is spread over networks and most likely will be grabbed someday by a criminal and abused for his benefit. Once stolen it will cost the victim in time, money and pain, as it will take hours of time and reputation lost while you try to explain that you didn’t buy five houses in two months in the greater Atlanta area (my daughter recommends the “American Greed” documentary series on CNBC if you want to see real financials heels in action).

We need to understand how the bad guys game the system to set up fraudulent credit cards and ratings.

There are three services termed “credit reference agencies” in the United States — Experian, Equifax, and TransUnion. They gather data and provide credit ratings on particular individuals so auto dealers, banks, and credit issuing companies can check a person’s history of paying their bills. While this info is supposedly only available to “authorized” sellers or banks, their systems can be fooled so Joe Hacker can also access this information and use it to get a fraudulent credit card in the victim’s name.

Every time you pay a bill, use your credit card, or apply for a loan this information is gathered and updated by these agencies. You can’t stop it from happening but you can control who can get the data.

It’s called “locking your credit report” and here’s how it works. Visit the all of the websites of each of the credit agencies, www.experian.com, www.transunion.com, and www.equifax.com and search for “credit locking.” While each agency is slightly different, basically all you have to do is send them a letter that says you want your credit information locked. Once this letter is received, you’ll get a confirmation letter in return that contains a password in the event that you want to temporarily unlock your credit, for example, if you’re buying a new home or car. Usually this unlock period lasts for two weeks; then your credit is again put back in the “locked” safe, unreachable by any fraudster.

By locking your credit with these agencies, you will have successfully protected your most precious asset — your financial reputation. Be forewarned that in some states there is a nominal cost (in Illinois it’s $10) for each credit-locking request. Don’t forget to lock the credit of your wife, husband, kids — and don’t leave out Grandma. Older people can be fooled easily by slick-talking con artists; locking their credit can protect their bank account from being drained.

Just as your information is everywhere on the Internet, so is your clients’. If you want to show your customers that your company really cares about their security, help them protect their financial holdings and reputation.

Hackers are banging away at networks that hold your data right this very minute. Get your credit locked today. Send a copy of this article to your existing clients, and train your salespeople to bring up this topic with every new prospect. How much more will a potential client think of your security company when you show them how to truly protect their financial reputation?

PSA Security Network is one of the nation’s leading sources for education, training, and industry networking events. With multiple settings and events throughout the year to meet and exchange industry knowledge, there is something for everyone.

The Electronic Security Expo, owned by ESA, is designed to help electronic security pros to network with other like-minded professionals and to educate about improving your company’s efficiency and productivity