Data Breaches Aren’t Always High-Tech Heists
Recently, the Cleveland Food Bank fell victim to client data theft.
An employee’s car was stolen from a local shopping center parking lot, according to the Plain Dealer, and afterward it became clear that client data was in the car.
This was part of normal business: The employee was driving to various community locations helping Food Bank clients fill out paper applications for food assistance benefits as part of her regular duties. The 43 applications the worker collected that day were in a tote bag inside her car when the vehicle was stolen.
No hackers in ski masks were sending malicious code into the organization to snag the data. No software program could have prevented it. But a strategic understanding of process, controls and a GRC program could have stopped it or limited the damage.
“Knowing how thieves obtain information will help in knowing how to protect yourself,” ASMGi CISO Gary Sheehan said. “I think we all know that identity theft occurs when someone obtains your personal information. Any personal information from your name and driver’s license number, social security number or credit card numbers can cause serious problems for the victim. When you think about it, thieves can apply for a job, open credit card accounts, apply for loans, sign-up for services and fund a lavish lifestyle.” Sheehan said the most common data breaches aren’t electronic.
“The most common ways people get a hold of your personal information is by stealing a wallet or purse,” he said. “Other popular methods include stealing your mail, submitting a change address to reroute mail, carelessness; leaving your information unguarded and sifting through your garbage.”
“The most common ways people get a hold of your personal information is by stealing a wallet or purse” – Gary Sheehan, ASMGi CISO
Of course, technology is often used, too, including using skimming devices on point-of-sale systems, and breaking into computers to steal data (using stolen credentials, spear phishing and deploying malware).
A situation like the Food Bank could affect your company both personally and financially. Organizations are affected by having to spend more resources on data protection, adhere to regulatory compliance and reaction to data breaches.
Consumers are affected by having their identity stolen and spending hours trying to re-establish their true identity and clear their financial records. Identity theft figures tend to vary by resource, but it appears the average loss for a victim who had their personal identity stolen was about $10,000. It has been reported that nationally, identify theft victims suffered more the $30 billion in direct and indirect losses in 2015.
Here are a few steps to take to protect you and your company:
- Organizations must have the policies, procedures and technical controls implemented to protect sensitive data.
- Organizations must also ensure that their service providers, contractors and partners use stringent controls to protect your data and your customer’s data.
- Finally, organizations must have the proper controls in place to ensure compliance with protecting the personally identifiable information and data (PII) of their employees, customers and partners.
- Consumers should always destroy personal documents and keep tabs on who is in your home and what information they can see.
- Report thefts immediately and contact all creditors and accounts to alert them of the theft.
- Always keep your credit card in your sight and never give out personal information to anyone over the phone or via email unless you’re 100% sure it’s someone you can trust.
- Consumers should review all their monthly bank and credit statements and get at least annually, a free credit report.
- Periodically checking your credit score can help spot suspicious activity.
- Make sure to use secure WiFi when accessing sensitive information online, and take advantage of security measures like two-step account verification and strong passwords if offered by your provider.