Protecting Personal Identifying Information

Rick Blazek, PhD.Robert Morris University

DIGITAL OVER-EXPOSURE AND THE BARE-NAKED AMERICAN

Protecting Personal Identifying

Information PIIPersonal identity theft is not new, but this form of theft has become easy as our lives become more digital.

What is PII?Javelin Research. "The study, which surveyed around 5,000 Americans last year about their experiences with identity theft, calculated that ID fraud had cost around $54 billion in 2009"-

"In 2009 the average data breach cost the affected business $6.75 million, up from $6.65 million in 2008, according to a Ponemon Institute "

Cost of Identity Theft Rises 63% : "the average cost to victims rose by 63% from $387 in 2009 to more than $600 in 2010." -http://www.dailyfinance.com/2011/02/24/jean-chatzky-beware-the-cost-of-identity-theft-is-soaring/

http://www.forbes.com/2010/02/09/banks-consumers-fraud-technology-security-id-theft_2.html

The cost to businesses worldwide adds up to a staggering $221 billion each year.-IBM 2011

Security Report 10% of Americans have had their identities stolen, and on average,

each of those individuals lost around

$5,000.-http://mashable.com/2011/01/29/identity-theft-infographic/

The PII Black Markethttps://krebsonsecurity.com/2011/08/vendor-of-stolen-bank-cards-hacked/

Paypal accounts for sale

Your Credit Card?http://www.stopthehacker.com/2010/03/03/the-underground-credit-card-blackmarket/

http://www.npr.org/blogs/money/2011/06/16/137181702/the-tuesday-podcast-inside-the-credit-card-black-market

http://press.pandasecurity.com/wp-content/uploads/2011/01/The-Cyber-Crime-Black-Market.pdf

Social EngineeringSocial engineering and being human

Phishing

Risky BehaviorsAt risk behaviors and risk aversive people. (The risk of being an avid bike rider.)

Use of computers to store and transfer PIIUsing a smart phone (sharing regularly)Location aware applications (phone, tablet) and embedded information (camera)

1. Online shopping2. Online banking 3. Online social networking (social media)

CELL PHONE

Carrier IQ: The spyware Poison in your Phone

http://www.zdnet.com/blog/mobile-news/carrieriq-follow-the-money-and-it-is-the-carriers-behind-it/5794

DefensesAwareness (reveal only what you wish to lose). View every item on your computer and the Internet as though it were public. Removal is almost impossible. The Wayback MachineAsking questions (choose your poison carefully).

Why Google and Facebook may not be your friends. SEOptimization, privacy is dead, your friends can make you sick, guard your children.

Protecting your computer/phoneProtecting your browsingProtecting your social sharingProtecting your bank accounts, investments, and access cards (one-time use numbers)Checking often (but carefully), setting up notificationsHiring a digital body guard

Is Your Computer for Rent?

Krebs- http://krebsonsecurity.com/2011/04/is-your-computer-listed-for-rent/

Mules --https://krebsonsecurity.com/2011/10/turning-hot-credit-cards-into-hot-stuff/

Facebook24 yr old discovers Facebook has 1200 pages of stored info

on him

http://www.identityblog.com/?p=1201

What can you do?https settings in Facebookhttp://www.reclaimprivacy.org/  scan facebook privacy settings

ResourcesA page: http://www2.rmcil.edu/rblazek/

rblazek@robertmorris.edu

DEFEND against identity theft as soon as you suspect a problem.

Place a “Fraud Alert” on your credit reports by calling any one of the three nationwide credit reporting companies:

Equifax: 1-800-525-6285 Experian: 1-888-397-3742 TransUnion: 1-800-680-7289 Review reports carefully, looking for fraudulent activity

Close accounts that have been tampered with or opened fraudulently

File a police report

Contact the Federal Trade Commission

DETECT suspicious activity by routinely monitoring your financial accounts and billing statements.

Be alert Mail or bills that don’t arrive Denials of credit for no reason

Inspect your credit report Law entitles you to one free report a year from each nationwide

credit reporting agencies if you ask for it Online: www.AnnualCreditReport.com; by phone: 1-877-322-8228;

or by mail: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281

Inspect your financial statements Look for charges you didn’t make