Friday, June 17, 2005
Last week, tapes containing the personal data of 3.9 million CitiFinancial customers went missing while in the custody of UPS. Other such tapes have been lost in transit this year. See how easy an inside identity theft job could be?
Massive losses of information are always egregious no matter whether events lead to identity theft. According to Enterprise Strategy Group research cited in a July 13 USA Today article by Jon Swartz, only a small percentage of financial services firms and other companies encrypt information on backup tapes. The same article quoted Rep. Edward Markey (D-Mass.) questioning the apparent lack of security measures.
Data tapes in transit can be easily misplaced. Unencrypted, they are like open books for anyone with moderate computer knowledge and unscrupulous aims. These are precisely the circumstances that make inside jobs easy. Identity thieves are everywhere. Many are employed, and some identity thieves certainly understand the benefits of working for a parcel delivery service or bank.
Encryption is an easy, cost-effective means to protect data from theft. Any aware citizen should be asking questions. Encryption is like ‘Data Security 101.’ It is inexcusable for large companies with the resources to implement such measures not to do so.
In a June 1 article, The Wall Street Journal’s Li Yuan cited January 2005 research from Mazu Networks. The findings revealed “23 percent of 229 U.S. organizations with more than 1,000 employees had at least one internal security breach in 2004.”
Yankee Group research cited in the same Wall Street Journal article indicates about two thirds of the $12 billion spent last year on enterprise security was to protect against external threats despite the growing prevalence of internal breaches.
When it comes to security, computer networks at enterprises large and small are like some kinds of candy: hard on the outside but soft and chewy on the inside. The events of this past year have shown how easily massive identity theft can occur courtesy of companies’ very own employees. The danger of inside identity theft jobs is clear and present, as we have seen with Time Warner Inc. and others.