Happy New Year—read and shred
1 April 2005 | 0
There’s an awful lot of money spent on computer and network security, most of it designed to keep various types of malware OUT of your business system. Viruses come and they go and usually leave a trail of ulcers, blood pressure spikes and, in extreme cases, redundancy notices in their wake. Outbreaks of worm paranoia were common in 2004, as well. Who wants to play an unwitting part in a denial of service attack, even if the target was Microsoft or some other deservingly reviled organisation?
Opinions differ as to the correct spend requirement and the efficacy of the solutions available. Two of the three ISPs I use offer Brightmail filtering which not only gets rid of the more detectably infectious e-mails but also keeps my inbox relatively free of the bogus pill vendors, porn merchants and requests for assistance from the odd deposed head of west African states.
Gartner has lately been gassing about the wasted millions on security that isn’t required or effective or just plain gets in the way of doing better business. (see Inside Track passim). I’m alright, I think. My DIY arsenal of router based NATS, ZoneAlarm, Grisoft, NAV, Spamnix, Adaware and Stopzilla works most of the time, doesn’t take a lot of fettling and costs very little per seat… A bit of spanner work in XP’s and Explorer’s respective engine rooms left one with a satisfied feeling that armed robbery is likely to be a bigger risk on the way home from the office than a net-borne attack.
Until last week. I got an overdue bill from AOL. This was surpassingly peculiar since I have never had an AOL account and have religiously binned everyone of the freebie CDs that have come my way in the past six or seven years—though they could have easily been pressed into service frightening birds away from my berry canes. AOL can be useful for peripatetic writers but I seem to limp along with a combination of iPass for dial up and Boingo or BT Openzone for Wi-Fi (always avoiding park benches and priests outside libraries in the US—see Inside Track passim)
This AOL account is apparently the final chapter in a bit of identity theft and credit card mangling that I experienced last summer. I got a call from the card’s security team asking me if I had done a lot of transactions in Denmark recently. Indeed I had not. I haven’t been to Denmark in years, hadn’t bought any blondes by mail order or anything of the sort. After a bit of paper passing, the old credit card number was cancelled, a new card was issued and I was free to threaten my own liquidity unassisted by connivance from any Sven, Johann or Lars.
I am relatively sure that I hadn’t used the card online on any site that wasn’t https guarded. I never use it with a site that I hadn’t done business with in the real world and never ever quote my card number in e-mail. Some dumpster-diver evidently got my number off an old fashioned bit of paper and had a small shopping spree at HSBC’s expense.
What was slightly alarming was the sangfroid of the card security team over the rip off. It apparently happens all the time and the chances of ever catching the miscreants was close enough to zero that they didn’t really care much and had no real system in place to report back to me concerning the modus operandi of the theft so that I might not expose myself to similar threats in the future.
My ‘friend’ Olaf had evidently taken advantage of one of those AOL disks I had spurned and set up an account, with my proper address and quoted my now-nullified credit card number. AOL seems to have a pretty lax collection procedure because they were going to cancel my account following three months of non-payment.
It only took two transfers on AOL’s billing enquiry number to reach a human being that wasn’t reading off a customer service script. The account hadn’t been used much, no harm done, charges cancelled and apologies extended.
I emerged from the incident suitably chastened and aware that inbound security was not the only issue that needs attention; outbound security in business computing—both the advertent and inadvertent—is an area of risk management deserving thought.
Staying with the theme of identity theft and avoiding the equally obnoxious and business-unfriendly of corporate espionage, I discovered that I am, sadly, not alone. Not everyone has the awareness or wariness to delete e-mails allegedly from their bank or credit card company that ‘phish’ for your details. According to the privacyrights.org web site, they have been issuing identity theft warnings and alerts since the turn of the century 😉
www.privacyrights.org has several helpful self-inventory ‘tests’ to increase your awareness of how identity theft takes place. Awareness that leads down the slippery path to paranoia! If you have anything besides money and a picture of your sweetheart in your wallet, you are a prime target just by walking around on the street.
Equally frightening is the cost to individuals (and to businesses) is the time needed to sort out an aggravated case of identity theft. A large majority of respondent to the 2003 survey indicated that opening of a credit card (73 per cent) or takeover of a card account (27 per cent) to be among crimes committed in their name.
Apparently, it’s easy. My wife’s partner had a ‘friend’ staying at his old address and just for a laugh procured a personal loan for €30,000 from American Express in his now ex-friend’s name… the plot was nipped in the bud. But without a lot of arm twisting neither Amex nor the cops were much interested. A prime lever for identity felons are the pre-completed invitations for a credit card that flood in the door… Equifax, those annoying credit report people, could turn out to be your friends!
In the office or at home, you begin to feel that your letter flap should have a red flashing light next to it… the post is your enemy! In addition to the usual computer-based security measures and the self-organisational management tips, a plain old paper shredder may be your most potent weapon.
In 2005, it’s a rough old world out there. Protect your business domain names, e-mail addresses, and watch who picks up your post. Read your credit card statements like a mystery novel. And watch out for bills from ISPs where you don’t have an account.