Kroll Cyber Security Blog – A Dialogue on Data Security

When the Federal Trade Commission Consumer Sentinel Network Data Book was released earlier this year, it indicated that, based on consumer reported incidents, government document/benefit fraud was now the most common form of identity theft. This type of fraud involves the illegal use or counterfeiting of government-issued forms and documents (i.e., driver’s license, Social Security card, birth certificate), or the willful misrepresentation of identity to gain some form of benefit (i.e., Social Security, welfare, unemployment benefits).

Once again, Kroll’s data security education efforts are in full swing as our experts participate in three upcoming International Association of Privacy Professionals (IAPP) events.

This week, Kroll’s Greg Brown will be speaking with David Navetta of Information Law Group at the KnowledgeNet event to be held in Dallas, Texas on April 21. The topic is “Risk and Response: Defining an Event The Legal Ramifications, Requirements and Managing Expectations.” Registration for this event closes tomorrow, so be sure to register if you plan to attend.

There are many technology fixes that help businesses avoid phishing emails and other outside attacks. But an extremely feasible method of first line defense against spear phishing is training employees. Help them heighten their awareness of what to look for as suspicious emails and encourage them to modify their “usual” behaviors:

• Make sure employees fully understand the company’s security and privacy guidelines, so they will recognize phishing emails that run contrary to them – for instance, no one in the IT department would have a need to contact employees via e-mail and request they share their passwords.

There has been much discussion in the media recently about spear phishing. Far from being a consumer issue only, spear phishing has emerged recently as sort of an attack du jour, as this method has been recently linked to several data breaches.

According to the recently released IBM 2010 Trends and Risks report, “The single most common threat vector used over the past few years … is spear phishing where an object contains a link to a web page that contains malware. The delivery of this type of message to victims can occur through email, instant messaging, and social network sites.” This pertains to targeted attacks, where the hacker has targeted specific content or a specific company, not necessarily where a hacker is casting a wide net to pull in anything of value.

Experian, the consumer credit reporting agency, recently announced plans to begin offering more consumer data on its reports, in the form of rental histories. This comes after Experian’s acquisition of RentBureau, a company that collects consumer rental history. The plan, according to Experian, is to combine rental payment data as recorded by RentBureau with the credit data already collected by Experian, in order to provide a more “complete” picture of the consumer’s credit history and, quite possibly, help renters that pay on time boost their credit scores.