Identity Theft Prevention is a People Problem

Robert Siciliano Identity Theft Expert

Every week we learn of a new hack, another breach, credit cards stolen and another identity theft victim.

Many have blamed the bad guy or criminal hackers for all the problems we have in the security world. And while the bad guy is certainly a problem, they are a small part.

The people responsible for their own physical or computer security or the security of others are often the guilty.

You wonder why your credit card company sent you a new card? Because some baboon didn’t do his job and your were compromised.

Chances are we could look at 7 out of 10 data breaches and point to someone who didn’t properly flip a switch or lock a door.

Recent studies polling companies with 1000 or more employees when asked to define the most important measures for protecting confidential data, nearly half of all respondents said, “communicating and training users on confidential data security policies.”

And when asked to rate their organizations performance with regard to, “communicating and training users on confidential data security policies,” more than one-fourth of security professionals gave their organization a rating of either “fair” or “poor.”

North Americans ranked 24% as being “poor” while Europeans ranked 38%. I suspect the North Americans are just lying and are just as lax. I read the papers and see the data. Pleeeeze. I have my eye on you Focker.

Security is not entirely an IT problem. There are many “to-dos”, policies in place regarding physical security that must be observed. And if followed properly, would reduce many of the breaches we see.

One plain and simple example is dumpster diving. How prevalent are shredders? I’ve gone though 4. Besides the copy machine or your desk/laptop, a shredder should be the most used home/office appliance.

Here is an infuriating video of a dumpster diver here, also a security professional who spent 3 minutes in the dumpster of a local bank. He found a laptop, wire transfers and Social Security Numbers. That’s not an IT problem. That’s a stupid-lazy-people problem.

How is anyone supposed to feel secure and protect their identity when others are responsible for our security? The fact remains we are an open sore and idiots keep pouring salt in the wounds.

Robert Siciliano Identity Theft Speaker discussing Idiots who didn’t secure a wireless connection and exposed 45 million credit cards Here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.