Masters Research Project CSIA-6200
How can you protect yourself, your identity, and your data in the new digital age?
This is a question that I have been asking myself for the past couple of years. As an information technology professional I have spent more than a decade securing and locking down the systems that are under my blanket of responsibility. Because of that I'm more security conscious and aware than most. I do everything I can to make sure the servers and services I support are not vulnerable.
Because I deal with security on a daily basis in my day job I feel that I take protecting myself a little more seriously than most people do. I do the little things that unfortunately common users of technology don't know about or even think about. I do my best to follow all the password guidelines, and all the best practices. Many of these I will discuss later in this article. I'm cautious of phishing attempts in my email, and I always check to make sure the sites I'm about to put my passwords into are legitimate and are using SSL . With my extra vigilance and awareness you would think that I'm 100% safe from having my identity and data compromised . That assumption unfortunately is wrong. You can do all you can possibly do to be safe, but your data is only as safe as the weakest company that is storing your data digitally.
As the year 2014 ended technology companies and security professionals were referring to it as the year of the breach. It will always be remembered that way for me because in 2014 my data was stolen in a data breach, not once, but twice. Thats right I had my information lost to hackers in two completely separate attacks. My credit card data was compromised in two separate instances in attacks of two large retail stores. The real kicker to me was that I had not used my credit card to make online purchases at the company's massive online stores. I had only made purchases in the local stores themselves. As the above infographic portrays both Home Depot, and Target were compromised, and with them my credit card information and data.
So how could I have protected myself from this? Unfortunately this was completely beyond any precautions I could have taken. In this case my information was completely in their hands. Home Depot and Target are the only ones to blame in this case. Both Target and Home Depot lost millions of dollars as a result. Target agreed to a $39 million settlement with several U.S. banks over the data breach that affected roughly 40 million customers. (CNN. 2015) Home Depot recently stated it has already spent $232 million as a result of the breach. In the case of Home Depot hackers used a vendor's stolen login credentials to penetrate its computer network and insert malware that siphoned off payment-card data and email addresses of 56 million customers. (Masters 2015) It is amazing to me that a vendor's login would allow a hacker to eventually get in a position to get to customer credit card purchasing data. Unfortunately the year of the breach did not stop with the calendar changing over to 2015. The following info graphic focuses in on the breaches that occurred in the first six months of 2015.
In the infographic above we see that the healthcare industry was the hardest hit by hackers with 34% of the attacks, and government was a close second with 31%. What about retailers, financial institutions, and banks? Banks were only responsible for less than 1% of breaches. At first I thought this seemed very odd. Wouldn't you think that hackers would go straight after the money? Even retail stores only account for 8% of the total breaches. The reason is simple. Banks and retail companies are spending millions a year on security to make sure they are not setting in the same position Target and Home Depot have found themselves. Hackers like to go after low hanging fruit. That is exactly why they have targeted Health Care and Government. Let's just think about the information that would be found in a patient's file. They would have everything they would need to steal the identity of an individual including their, address, on many cases mothers madden name, and Social Security Number. With this information they could use it to gain access to an individual's existing financial accounts, and retail accounts. They would also have everything they would need to open new accounts. The same goes for government breaches. If a hacker were to get access to the IRS or SSI the sky is the limit to the number of identity theft victims. The following infographic shows just how bad hackers have hit the healthcare industry.
Now that we have talked enough about the problem I think it is time that we start the conversation about what we all need to do to protect ourselves as much as possible. If we can't count on the companies we do business with, our healthcare providers, and our financial institutions we do business with to keep our data safe. We really need to focus on making sure that one breach of our personal data will not be able to lead hackers to gain access into our other accounts. We will discuss passwords in depth in the next section.