Think like a spy
Book Review: “Cloak and dagger” mindset helps fight ID theft apathy
- |
- Written by Martin Liska
- |
- Comments: DISQUS_COMMENTS
We hear it all the time in the news how this company or that had a security breach. The first thing most of us do is determine whether we have any relationship with the company that might put our identity at risk.
Client security breaches pose elevated risks to banks and require additional client due diligence, which costs money and time. Not only do we want to protect the client, but we also need to protect the bank and its shareholders. Furthermore, security breaches can also pose significant reputational and regulatory risks that can wreak havoc on the bottom line and stock price.
Sileo begins with his own experience as an entrepreneur. He became a victim of identity theft and internal fraud that left his company in shambles. The data breach led to significant legal and financial damage, which shut down the business. An identity thief operated under Sileo’s name and identity, and as a result Sileo spent two years combating felony charges and jail time.
From this experience, Sileo became an advocate for preventing identity theft and security breaches. He developed another company dedicated to educating and assisting corporations in data breach prevention.
Here’s a statistic to ponder: The Ponemon Institute’s fifth annual U.S. Cost of a Data Breach Study reports that every customer record that is collected, stored, or transmitted in any way costs an average of approximately $204 if compromised. As a result, $204 is the average cost per record of breach recovery.
Now, consider the following statistics that Sileo’s book refers to:
• The TJX data breach loss was estimated at $4.5-$8.6 billion.
• Heartland Payment Systems stock value declined 64% following the days after acknowledgement of its breach.
• The average data breach costs $6.75 million.
• The number of breaches was up 47% in a one-year period.
• In 2008, 285 million records were breached.
• Of individuals affected by a data breach, 31% will terminate their relationship with the company that lost their information.
Companies encourage their employees to take steps to prevent data exposure. Typically this comes in the form of an internal email blast or an occasional reminder through other mediums.
That’s ineffective, because it does nothing to change behavior, Sileo states. Employees don’t perceive that the issue affects them personally, so, he says, employers need to engage them. He states that we need change the mind sets of individuals by connecting privacy to something we already know and understand at an intuitive level.
We need, he insists, to “think like a spy.”
Indeed, Sileo’s book revolves around the seven mindsets of a spy. Sileo suggests that if businesses can teach employees to protect their own, personal data, that it will translate into daily behavior at work, as well, that protects corporate and customer data.
The fewer pieces of personal information cluttering up your wallet, computer, and filing cabinet, the lower your statistical risk of loss or theft. Sileo recommends that everyone should have freeze their consumer credit reports. He states that a credit freeze is the single most significant and effective means of protecting your financial identity. It is similar to placing a password on your credit file.
Spies eliminate their paper trail. Identity thieves are experts at collecting data that is not properly destroyed. For example, paper documents should be shredded. However, just having a shredder will not prompt individuals to use it.
Better location of the shredder will encourage action, Sileo says. If it is easier to throw the document in the trash than to shred it, that’s what will happen. So shredders should be closer than the trash can. Shredders should be placed near filing cabinets, where mail is opened, or where any sensitive documents are handled.
Spies use technology to steal information and to protect their own. Secure your computer and your network (which at home is sometimes wireless). Protect your computer physically and through software by locking up your computer and installing protective software. Furthermore, protect passwords, encrypt data, and hire a professional technician to secure your technology.
Create your own safe house by designating an area within your home or workspace to lock up and secure documents. At home, this could be a fire-resistant safe in a closet or a room with a keypad lock.
Spies are aware and prepared to act on everything that is around them. Learn the different scenarios on how thieves steal sensitive data. Some examples are phishing; get rich quick and Ponzi schemes; and internal fraud. Evaluate each request for information: Should you provide it just because someone’s asking?
The next mindset builds on the latter point.
Spies ask direct and aggressive questions to get answers. Sileo outlines four phases of interrogation to be aware of:
• Control: Who is in control of the interrogation?
• Justify: Can the person requesting information proof their legitimacy?
• Options: What options do I have other than sharing the data?
• Benefits: What are the benefits of the particular choice I am making?
Sileo’s book provides checklists; detailed preventive steps that you can perform at home and at work; helpful phone numbers and contacts to reference; and much more.
In essence, the mission and message of his book is culture. The most effective means to minimize data breaches is to promote an effective data culture that teaches people how they can protect themselves and their companies from irreparable harm.
Want more banking news and analysis?
Get banking news, insights and solutions delivered to your inbox each week.
Tagged under Books for Bankers,