I had the opportunity to attend the American Council of Technology – Industry Advisory Council (ACT-IAC) Cyber Security forum on January 28. That just happened to be Data Privacy Day. From the discussion, it was clear that there is a lot of work to be done around cyber security education and communications outreach.
With 1/3 of the U.S. population’s data having been stolen during Target’s recent breach, there is no denying that online security threats are real. What’s not clear is how seriously citizens take these threats and what they know about how far the threats reach.
I would guess that most people impacted by the Target breach assume that having their credit card misused is the biggest issue. I don’t think that many people realize that with the email and address information that has been stolen, they are now more vulnerable to phishing schemes designed to access their social security numbers.
Target added some additional confusion to this situation by sending emails to its customers. If you were already concerned about online security, you might have been reluctant to open that email. If you happened to be running a phishing scheme, you might have thought of that as a great opportunity to target people, yes, who shop at Target.
Anyway, by adding a social security number to the information stolen during Target’s breach, hackers can open new credit card and shopping accounts in a person’s name and cause significant trouble. While disputing charges on a credit card and getting a new card in the mail is somewhat of a pain, trying to dispute entire accounts opened in your name through identity theft is a much bigger concern. That process can be extremely time consuming and cause credit problems for years.
Target is offering free credit monitoring services, and I’ve recently seen that some credit cards are now offering it as a free member benefit as well. But do people understand that credit monitoring services only help them after someone has stolen their identity? The next level of protection, a credit freeze, is far less discussed and understood. Yet it is likely the most effective way to ensure that a person’s credit is protected from identity theft. A credit freeze actually prevents new accounts from being opened so credit stays protected.
During the conference, we talked about what will need to change in order to better protect consumers’ data. I believe that as we move forward, but not any time soon, the credit monitoring system will have to fundamentally change. Hackers will always be pushing forward with new ways to compromise data.
Education and outreach programs around cyber security should definitely cover the fundamentals of strong passwords, not opening suspicious emails, using discretion on open WiFi networks and more. But citizens should also know that online threats are pervasive and real, even with the use of online best practices.