Your identity is in the hands of fools

Posted by Robert Siciliano on March 19th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Every week we learn of a new hack, another breach, more credit cards stolen and another identity theft victim.

Many have blamed "the bad guy" or criminal hackers for all the problems  in the security world. And while the bad guys are certainly a problem, they are a small part.

The people responsible for their own physical or computer security or the security of others are often the guilty ones.

You wonder why your credit card company sent you a new card? Because some baboon didn't do his job and you were compromised.

Chances are, we could look at 7 out of 10 data breaches and point to someone who didn't properly flip a switch or lock a door.

In a recent poll of companies with 1000 or more employees, when asked to define the most important measures for protecting confidential data, nearly half of all respondents said, "communicating and training users on confidential data security policies."

And when asked to rate their organizations performance with regard to, "communicating and training users on confidential data security policies," more than one-fourth of security professionals gave their organization a rating of either "fair" or "poor."

24% of North Americans ranked themselves as "poor," as well as 38% of Europeans. I suspect the North Americans are just lying, and are just as lax. I read the papers and see the data. Pleeeeze. I have my eye on you, Focker.

Security is not entirely an IT problem. There are many policies in place regarding physical security that must be observed. If these policies were followed properly, breaches would be significantly reduced.

One plain and simple example is dumpster diving. How prevalent are shredders? I've gone though four. After the computer and the copy machine, a shredder should be the most used home or office appliance.

Here is a video of a dumpster diver, who also happens to be a security professional, who spent three minutes in the dumpster of a local bank. He found a laptop, wire transfers and Social Security Numbers. That's not an IT problem. That's a stupid-lazy-people problem.

How is anyone supposed to feel secure and protect their own identity when others, who are responsible for our security, aren't doing their jobs?

The best way to protect yourself from identity theft is with an identity theft protection service. To learn more about these types of services, see NextAdvisor.com's reviews and comparison chart.

See Robert Siciliano, identity theft speaker, discussing the failure to secure a wireless connection and subsequent exposure of 45 million credit cards here.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.