For businesses, shredding is low-hanging fruit (one of the easiest sources of data breach to eliminate). But businesses are so often focused on electronic forms of data breach that they fail to heed the following statistics highlighted in a recent Ponemon Institute study conducted for the Alliance for Secure Business Information:
More than 50 percent of sensitive business data is still stored on paper documents.
Forty-nine percent of data breaches reported in the survey were the result of paper documents.
Sixty percent of businesses admitted that they didn’t provide the proper tools (e.g., shredders) to safely discard documents that were no longer needed.
The average data breach recovery cost according to this survey was $6.3 million.
Laptop anti-theft, or protecting your mobile data, is a MUST for corporations and consumers. Almost half of workplace identity theft takes place because of mobile data. And the average value of the data on your laptop can be worth hundreds of thousands of dollars to a corporate spy or experienced identity thief. At the higher end of the scale, the value of the 26 million Veteran identities on a laptop lost over a year ago was estimated to be worth more than $100 million. Those are the types of computer security risks that can make your business unprofitable. But there are solutions.
Broken Window Theory: By removing graffiti and repairing broken windows in crime hot-spots throughout New York City, the NYPD was able to drastically reduce the entire city’s overall crime rate (not just the quantity of graffiti and broken windows), including thefts, burglaries, muggings and murders. In other words, certain actions that we take (e.g., focusing on crime hot-spots rather than on every type of crime) can have a disproportionately positive effect on achieving our goal (e.g., lower crime rates). Business translation: you get a far higher return on investment for certain well-planned tactical strikes than you do for far more expensive strategic initiatives.
My point? In the world of workplace identity theft and corporate data breach, laptop computers are the biggest broken window. Not only do laptops account for a disproportionate amount of data theft, but training the organization to properly protect mobile computers has a radiant effect on all other types of identity protection. Good habits in one area breed good habits in others.
Stop the theft of corporate laptops (or personal laptops with corporate data on them) and you have eliminated approximately 50% of the entire data breach problem at a fraction of the security cost.
Laptop theft generally occurs in transit: airports, hotels, cars, commuter trains, conferences, off-site meetings, vacations, coffee shops, etc. Build laptop anti-theft training into your organizational culture of privacy:
Only in California! A Huntington Beach woman used another woman’s identity to pay for breast implants and liposuction. At first glance, it’s a laughable story. But imagine being the woman who has to prove that she wasn’t the augmentation recipient! Remember, with identity theft, you are guilty until you prove yourself innocent. Medical identity theft will take us to new and embarrassing depths in order to prove that we are innocent. It will give new meaning to the phrase “bearing witness”. And it prompts the question of why we don’t have a set of universal rules that govern our personally identifying information?
On a related note, I recently became involved with the Santa Fe Group which published an excellent white paper informally known as the Identity Theft Bill of Rights. Registering for a download of the paper is well worth your time – it does an excellent job of summarizing the identity theft issues that we, as Americans, face in the coming years. It includes discussions about modifying language in HIPAA to protect against medical identity theft crimes similar to and far more serious than the Huntington Beach case.
As our population grows older on the shoulders of the baby boomers, medical identity theft and its cousins will become ever more prevalent and damaging. Help us fight for our identity rights by getting involved. Start by registering for a webinar put on by the Santa Fe Group called:
I am starting to reconsider my opinion that online banking is safer than traditional banking. Primarily because I have been hearing horror stories during some of my identity theft seminars. But now I am seeing it in the mainstream media. Case in point: read this short article in this morning’s USA Today about Hackers Swarming Bank Accounts. I’m open to your opinions, but I feel like the thieves are starting to win. In a YouTube video post I did some time ago about online banking, I suggested that if your computer is well-protected, you are better to bank online.
But lately, it seems like the thieves are a step ahead. What are your thoughts? Have you had any troubles with identity being compromised because of the types of threats discussed in the article?
At the Privacy Project, our success is your nightmare (unless you are my speaking agent).
Business at the Sileo Group and engagements as an identity theft speaker are up 400% compared with the same period last year. I am booked for exactly 4X as many identity theft prevention and privacy leadership speeches in the first quarter of 2009 as I was in 2008; and 2008 brought me more work than I could handle on my own. Some of this is due to an extensive contract with the Department of Defense, but not all of it.
I’m not sharing our success to blow my own horn, though admittedly, it is satisfying to finally share some good news with you after having lost so much to this crime.
I’m sharing because our success gave me cold sweats at 3am this morning.
Why? Because the strength of my business is inversely proportional to the safety of yours. My business is thriving because identity theft is thriving, and that is not my purpose for being in business. I am in the identity theft prevention business to put myself out of a job. When I say it keeps me awake at night, I’m being sincere. At 3am this morning, I spent several hours deciphering the underlying causes responsible for the exploding demand for identity theft speakers… even as the meetings and speaking business has suffered drastically at the hands of the spiraling economy. And then it came to me; I realized that the answer was contained in the question…
I just finished delivering an identity theft speech for the Department of Defense to the Airmen and Women of Eglin Air Force Base in Ft. Walton, Florida. It is the highest honor for me to be able to serve the United States military, who so valiantly and humbly serve every American. Thank you Eglin AFB, and a special thanks to the person who asked me to clarify this question after the speech:
Is LifeLock identity theft monitoring service truly free to military personnel, or is it just for certain personnel?
The Privacy Problem: Thanks to laptops, smart phones, DVDs and a deluge of other data-holding mobile devices, we carry as much sensitive data with us as we keep in our homes and offices. These devices are at a much higher risk of theft when they are in transit.
The Privacy Project: To help you better protect identity-bearing devices while they are being transported and stored in your car (RV, boat, etc.). The solution…
Are you one of the 200,000,000+ Americans (almost 66% of the US population) who had their identity stolen from TJ Maxx, Marshalls, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 or DSW?
If so, you need to know that 11 people, including a Secret Service informant,
Some readers might not know that I was a two-time victim of identity theft for losses of more than $300,000. That is the reason I wrote Stolen Lives and that I am now a professional identity theft speaker. I don’t promote my services any more than necessary on my blog (I leave that to my commercial website which deals with my profession as an identity theft speaker and expert). Quite often, however, I have blog readers requesting to see a preview video of my speaking. To satisfy that request, I’ll post a copy of my identity theft speaker preview video below. By the way, I learned the value of linking my YouTube videos, my blog and my website from an amazing SEO guy named Steve Mertz. Check out his SEO advice.
Get monthly strategies and tips for protecting yourself and your business delivered right to your Inbox. Signup now and you'll immediately receive John's 7 Survival Strategies for Starving Data Spies!
At the Privacy Project, our success is your nightmare (unless you are my speaking agent).
I just finished delivering an identity theft speech for the Department of Defense to the Airmen and Women of Eglin Air Force Base in Ft. Walton, Florida. It is the highest honor for me to be able to serve the United States military, who so valiantly and humbly serve every American. Thank you Eglin AFB, and a special thanks to the person who asked me to clarify this question after the speech:
