27
Wed, Nov
0 New Articles

Evil Ones Lurking

Analysis of News Events
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

There is evil lurking in our midst. What's the evil that I'm referring to? Identity theft—a crime bred out of pure selfishness, a crime that allows someone to steal your identity and use it for themselves. These thieves often use your credit card numbers to purchase expensive electronics and jewelry. Or they use your social security number to get a loan to buy a car or house. Of course, they never actually make a credit card or loan payment. They may show your driver's license number to the police when they're pulled over, but they never pay the fines or show up for court dates. And suddenly you have a criminal record! Or, for a tidy sum, they sell the entire database they've stolen from their employer to someone who will perform volumes of invalid credit card or bank transactions. Why are these crimes committed? In my opinion, one word sums it up: greed.

You may have heard about some of the recent events in which laptops that contained personal data have been stolen. One laptop stolen from the offices of the YMCA contained member information, another contained information on former employees from three supermarket chains, another from users of Hotels.com (thank you very much; now some thief has my credit card number), and the one that has caused the most outcry is the theft of a laptop containing SSNs and other personal information of millions of our brave military servicepeople. The number of affected men and women grows with each newscast.

Are the thieves ever going to be prosecuted? If caught, yes, but often the intent of the thieves is to steal the computer itself, not necessarily the data. In these cases, unless the thieves are paying attention to the news, they may not realize the "gold mine" they are sitting on in terms of the value of the data on the computer they've just stolen.

The outrage over having our servicepeople's data stolen has prompted various committees in Congress to pass three separate and slightly varying bills, all relating to theft of private information: the House Judiciary Committee's Cyber-Security Enhancement and Consumer Data Protection Act of 2006, the Committee on Financial Services' Financial Data Protection Act of 2006, and the Committee on Energy and Commerce's Data Accountability and Trust Act (DATA). The last two bills include the requirement to have policies and procedures in place to protect the data, so those two bills get my vote. Unfortunately, Congress debated this issue before (prompted by the loss of an unencrypted backup tape containing many Congressional members' personal banking information) but could never come to an agreement on the terms.

Rather than depend on the government to stem the loss of personal data, I believe businesses need to get serious about protecting our data. Why are businesses allowing personal data to be downloaded to unsecured laptops and stored in unencrypted form? Even more appalling are incidences of theft of auditors' or vendors' laptops that contain their clients' personal data. One has to wonder about these companies' security policies (or lack thereof) that allow this type of data to be available to vendors and auditors in the first place and then set the access controls so the data can be downloaded to their laptops!

The numerous headlines about identity theft may inspire you to check your credit rating. But it's doubtful that you would think to check on the latest victims' credit rating—that of your children. Yes, children are now targets of identity thieves. Their social security numbers are stolen and their credit ratings ruined. Unfortunately, they usually don't find out until they attempt to obtain a college loan or get their first credit card.

Identity theft affects over 9.3 million Americans annually, according to the 2005 Identity Fraud Survey Report from Javelin Strategy and Research. So let's take a look at some of the things you can do to protect yourself—and your children—from identity theft.

  • Be vigilant. Check your bank and credit card statements as soon as they arrive. Or if you do online banking, check your accounts several times a month. The Javelin report shows that significantly less time and money is spent resolving the issue if the victim discovers the problem quickly and proactively (rather than finding out when you're trying to apply for a home equity loan for that new deck you want this summer).
  • Shred documents. Not all theft is online. Many thieves sift through garbage.
  • Check your credit rating and your children's credit rating. Because of the Fair and Accurate Credit Transactions Act (FACTA), we are entitled to a free copy of our credit report from all three of the credit bureaus annually. You can request this information from www.annualcreditreport.com, but be careful when typing in this URL; many thieves have reserved very similar URLs and made them phishing sites. You may be more comfortable calling the toll-free number (877.322.8228) to request your annual credit report.
  • Install a personal firewall, anti-virus software, and spyware detection software on your PC.
  • Educate the people around you. You and I know not to respond to phishing scams that request our private data. You and I know enough to install spyware to prevent keystroke logging and the gathering of personal data. But do your friends and family know about these things?
  • Be cautious about with whom you share your personal information or who has access to your credit cards and other information. I'm sure you think that I'm about to warn you to be careful about where you shop online or to stop giving out your social security number unnecessarily. While these warnings should certainly be heeded, my real warning is to safeguard your information—even around your friends and family. The most disturbing statistic in the Javelin survey was that over half of the thieves were friends or family of the victim. To make matters worse, friends and family stole significantly more than thieves who didn't know their victims, requiring the victims to spend much more time resolving the issue.

If you are an employer or someone in control of the contents or security of data, you can help to protect us, too.

  • Secure the files containing private information. The best thing you can do for all of us to is secure the databases containing private data and restrict access to the entire database to only a few, select users. And these users should not include the programmers on your staff; they're the ones with the know-how to "harvest" the information and move it into a portable (and therefore sellable) form.
  • Wherever possible, eliminate private data from screens, reports, and spreadsheets.
  • Find all the servers and data warehouse sites where this information has been propagated and remove it.
  • Shred documents containing private information. Like I said, some thieves actually use "dumpster diving" to obtain private data from businesses.
  • Educate employees on scams such as phishing and other social engineering techniques.

Thwarting Evildoers

Evil lurks. But the good news is that the statistics indicate the incidents of identity theft are leveling off. However, if you discover that you are a victim of identity theft, a good resource for the next steps you should take is the Federal Trade Commission's identity theft resource page.

Carol Woodbury is co-founder of SkyView Partners, Inc., a firm specializing in security policy compliance and assessment software as well as security services. Carol is the former chief security architect for AS/400 for IBM in Rochester, Minnesota, and has specialized in security architecture, design, and consulting for more than 15 years. Carol speaks around the world on a variety of security topics and is coauthor of the book Experts' Guide to OS/400 and i5/OS Security

Carol Woodbury

 

Carol Woodbury is IBM i Security SME and Senior Advisor to Kisco Systems, a firm focused on providing IBM i security solutions. Carol has over 30 years’ experience with IBM i security, starting her career as Security Team Leader and Chief Engineering Manager for iSeries Security at IBM in Rochester, MN. Since leaving IBM, she has co-founded two companies: SkyView Partners and DXR Security. Her practical experience and her intimate knowledge of the system combine for a unique viewpoint and experience level that cannot be matched.

Carol is known worldwide as an author and award-winning speaker on security technology, specializing in IBM i security topics. She has written seven books on IBM i security, including her two current books, IBM i Security Administration and Compliance, 3rd Edition and Mastering IBM i Security, A Modern, Step-by-Step Approach. Carol has been named an IBM Champion since 2018 and holds her CISSP and CRISC security certifications.


MC Press books written by Carol Woodbury available now on the MC Press Bookstore.

IBM i Security Administration and Compliance: Third Edition
Don't miss the newest edition by the industry’s #1 IBM i security expert.
List Price $71.95

Now On Sale

Mastering IBM i Security Mastering IBM i Security
Get the must-have guide by the industry’s #1 security authority.
List Price $49.95

Now On Sale

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: