Protecting Personal Identifying Information
Rick Blazek, PhD.Robert Morris University
DIGITAL OVER-EXPOSURE AND THE BARE-NAKED AMERICAN
Protecting Personal Identifying
Information PIIPersonal identity theft is not new, but this form of theft has become easy as our lives become more digital.
What is PII?Javelin Research. "The study, which surveyed around 5,000 Americans last year about their experiences with identity theft, calculated that ID fraud had cost around $54 billion in 2009"-
"In 2009 the average data breach cost the affected business $6.75 million, up from $6.65 million in 2008, according to a Ponemon Institute "
Cost of Identity Theft Rises 63% : "the average cost to victims rose by 63% from $387 in 2009 to more than $600 in 2010." -http://www.dailyfinance.com/2011/02/24/jean-chatzky-beware-the-cost-of-identity-theft-is-soaring/
http://www.forbes.com/2010/02/09/banks-consumers-fraud-technology-security-id-theft_2.html
The cost to businesses worldwide adds up to a staggering $221 billion each year.-IBM 2011
Security Report 10% of Americans have had their identities stolen, and on average,
each of those individuals lost around
$5,000.-http://mashable.com/2011/01/29/identity-theft-infographic/
The PII Black Markethttps://krebsonsecurity.com/2011/08/vendor-of-stolen-bank-cards-hacked/
Paypal accounts for sale
Your Credit Card?http://www.stopthehacker.com/2010/03/03/the-underground-credit-card-blackmarket/
http://www.npr.org/blogs/money/2011/06/16/137181702/the-tuesday-podcast-inside-the-credit-card-black-market
http://press.pandasecurity.com/wp-content/uploads/2011/01/The-Cyber-Crime-Black-Market.pdf
Social EngineeringSocial engineering and being human
Phishing
Risky BehaviorsAt risk behaviors and risk aversive people. (The risk of being an avid bike rider.)
Use of computers to store and transfer PIIUsing a smart phone (sharing regularly)Location aware applications (phone, tablet) and embedded information (camera)
1. Online shopping2. Online banking 3. Online social networking (social media)
CELL PHONE
Carrier IQ: The spyware Poison in your Phone
http://www.zdnet.com/blog/mobile-news/carrieriq-follow-the-money-and-it-is-the-carriers-behind-it/5794
DefensesAwareness (reveal only what you wish to lose). View every item on your computer and the Internet as though it were public. Removal is almost impossible. The Wayback MachineAsking questions (choose your poison carefully).
Why Google and Facebook may not be your friends. SEOptimization, privacy is dead, your friends can make you sick, guard your children.
Protecting your computer/phoneProtecting your browsingProtecting your social sharingProtecting your bank accounts, investments, and access cards (one-time use numbers)Checking often (but carefully), setting up notificationsHiring a digital body guard
Is Your Computer for Rent?
Krebs- http://krebsonsecurity.com/2011/04/is-your-computer-listed-for-rent/
Mules --https://krebsonsecurity.com/2011/10/turning-hot-credit-cards-into-hot-stuff/
Facebook24 yr old discovers Facebook has 1200 pages of stored info
on him
http://www.identityblog.com/?p=1201
What can you do?https settings in Facebookhttp://www.reclaimprivacy.org/ scan facebook privacy settings
ResourcesA page: http://www2.rmcil.edu/rblazek/
DEFEND against identity theft as soon as you suspect a problem.
Place a “Fraud Alert” on your credit reports by calling any one of the three nationwide credit reporting companies:
Equifax: 1-800-525-6285 Experian: 1-888-397-3742 TransUnion: 1-800-680-7289 Review reports carefully, looking for fraudulent activity
Close accounts that have been tampered with or opened fraudulently
File a police report
Contact the Federal Trade Commission
DETECT suspicious activity by routinely monitoring your financial accounts and billing statements.
Be alert Mail or bills that don’t arrive Denials of credit for no reason
Inspect your credit report Law entitles you to one free report a year from each nationwide
credit reporting agencies if you ask for it Online: www.AnnualCreditReport.com; by phone: 1-877-322-8228;
or by mail: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281
Inspect your financial statements Look for charges you didn’t make