We invest a lot of time and resources at SailPoint helping companies better understand how to mitigate their risks of breaches with education, corporate processes and IAM technology. Given the onslaught of security breaches in the news, I wanted to share some advice that Frank Abagnale Jr., shared at Navigate ’15.
During my conversation with Frank (the FBI’s leading expert on cybercrime), we spent some time talking about the consumer impact of breaches. Beyond the initial challenges of changing credit cards and putting monitoring in place, Frank pointed out that the damage extends for years. In Russia alone, highly organized cyber gangs make $20 billion a year from identity theft – so they can be patient with the information. In fact, these gangs will often “sit” on the consumer information, because they know those affected probably subscribed to a credit monitoring service (usually paid for by the company that was breached). But as time goes on, consumers become lax and the monitoring expires.
Case in point: The US government has paid billions for false tax returns filed using stolen SSNs. Frank was adamant that those SSNs were directly tied to the TJX and Target breaches, among others. Think you’re safe from those breaches? Frank also claimed that more than likely, everyone’s identity has been stolen already. The damage that can be done with that information is limited only by the criminals’ imagination.
So what can you do? Fortunately, Frank shared three very simple ways to protect your identity:
- Shred, shred, shred. And don’t forget to shred things like the address labels on magazines, since they have your name, address, and a barcode with enough information for a thief to get all your information. Importantly, use a “microcut shredder” that turns documents into confetti, since it’s all too easy to reassemble the strip and diamond-cut types (note that this type of shredder doesn’t cost any more).
- Use common sense with your personal information. Don’t put your birth year and hometown on Facebook, because with that information a criminal is 98% of the way to taking your identity. And don’t write checks at brick-and-mortar stores (just think about the data on your check, and how easily that could be copied without needing to steal the check).
- Get a credit monitoring service. Frank advises everyone to have a monitoring service for the entire family that spans three critical areas: they must monitor all three credit bureaus; they need to notify you in real-time; and they need to monitor your children’s identity. Keep in mind that credit bureaus don’t create reports until a child is at least 13, so a minor’s SSN is particularly valuable because criminals can create a separate identity and you won’t know for years. A good monitoring service will track the SSN, not just the credit.
Frank insisted that the better services will do all three of these, and provide a simple family plan that isn’t too expensive. He even provides recommendations on services on his website: http://www.abagnale.com.
SailPoint really appreciated Frank making the trip to Austin and sharing insights from his tenure at the FBI. And, his advice to companies and consumers rings true – the best strategy related to protecting identity information is prevention.