Surprise! You're exposed

< Prev | 1 | 2 | 3

Tips to protect your identity, password dos and don'ts, fraud statistics and more.

The Enron case study
Given firms' reluctance to discuss security problems, it's difficult to assess just how common the problem is. But researchers at Audiotrieve Inc., which makes e-mail analysis tools, have found the publication of thousands of internal Enron e-mails to be a treasure trove for assessing how employees use -- and misuse -- company networks.

In March 2003, the Federal Energy Regulatory Commission posted on its Web site 1.6 million pieces of internal Enron e-mail dating from 2000-2002. Immediately, Enron asked the agency to remove the e-mails, which were chock full of personal information. According to the Wall Street Journal, one e-mail included a payroll document that listed the Social Security number of every employee. Ultimately, FERC removed 141,379 at the request of Enron -- about 8 percent of the database -- because Enron said personal information of one kind or another was included.

"This is a huge problem for corporate America. Corporations don't really get this yet," said Roger Matus, CEO of Audiotrieve. "At the end of day, (companies) are legally responsible for every bit that leaves their company....If an employee does something that violates someone's privacy, the company is involved."

Story continues below ↓

advertisement | your ad here

One the reasons firms fall prey to such casual data procedures: They've paid through the nose for technology that they think is protecting them. But firewalls and antivirus products only secure companies from the outside-in. They stop intruders from entering and stealing data; they don't prevent employees from intentionally or accidentally leaking it, leaving companies vulnerable from the inside out.

"All of these companies suffering from this problem all had technologies they thought locked them down from doing it," Verton said. "Companies have spent millions on perimeter defenses. But there's still a gap."

Gap is closing
That gap is closing, says Pescatore, because companies like ChoicePoint and CardSystems -- which exposed 40 million credit cards to a hacker earlier this year -- are facing the consequences of data leaks.

"CardSystems may go out of business. ChoicePoint stock is still down 30 percent from when its incident happened," Pescatore said. "It's having an actual business impact."

Ansanelli said all that bad news has been good for his business. Sales of his firm's products are up 300 percent in the past 12 months. Corporations have long implemented written policies mandating that employees handle personal data with care, but have had a difficult time enforcing that. Content management technologies provide are changing that, he said, and are exposing the magnitude of the problem. Still, consumers don't have a lot of options to protect themselves.

Schmidt, the former Cyberczar, makes a habit of quizzing customer service representatives to get a sense of the firm's privacy practices. When they ask him for the last four digits of his Social Security Number, he asks the telemarketer for the first five. If the service rep has the right answer -- meaning the operator can see the entire SSN -- Schmidt quits the company.

He also recommends consumers ask a firm about the "life-cycle" of the data they collect. For example, if the firms obtain a credit score, find out how long they keep it, he said. Another question: When you leave the company, does it destroy your data?

"For the most part, it's hard for them to answer," Schmidt said. "But if enough people ask the questions, companies will get the message and start getting the answers."

Bob Sullivan is author of Your Evil Twin: Behind the Identity Theft Epidemic

< Prev | 1 | 2 | 3

Discuss Story On Newsvine
Rate Story:
View popularLowHigh
Email
Instant Message
Print