The weakest link

"A chain is only as strong as its weakest link."

It doesn't take a lot of experience to know the veracity of this homely bit of wisdom. But it begs the question: How safe are your assets? Are you potentially on the losing end of a weak security chain?

The latest reminder of our vulnerability comes from the massive theft of personal data last week at Educational Credit Management Corp., a nonprofit guarantor of student loans. According to a statement by the company, the names, addresses, Social Security numbers and other personal data for 3.3 million people were stolen during the weekend of March 20-21. Apparently, no account information taken. According to the Wall Street Journal, federal officials believe this is the largest theft of identity information in history.

In a day when cybercrime and computer hacking is becoming increasingly commonplace, the theft of so much data may be alarming but not surprising. What IS surprising (at least to me,) however, is that this wasn't a case of some ultra-sophisticated hacker defeating layer upon layer of high-tech security. This data was lost when a "portable media" device was stolen from the company's headquarters. ECMC did not elaborate on how it happend or what kind of device it was. It seems that someone just picked up the data and walked out with it.

This incident happens on the heels of a report earlier this month that a former computer specialist at Swiss private bank HSBC stole personal data on 24,000 of its current and former clients which he then tried to sell on the internet. Originally, the bank said "less than 10 clients" were affected. How did the employee get it? He simply downloaded it and took it home in his briefcase.

The FBI's Internet Crime Complaint Center, known as IC3, tracks the growing problem of cybercrime. According to it's 2009 Report, the total number of cybercrime complaints rose 22 percent in 2009 to 336,655. Of this number 146,663 were referred to law enforcement agencies around the country. Losses associated with these cases totalled $560, more than double the 2008 amount.

The uncomfortable truth about our current situation is that we can have no assurance that our personal information is ever secure. Our only protection is continual vigilance. Here are five things you can do to protect yourself and your family from trouble when the weakest link in a data security chain fails:

  1. Review your account statements carefully each month. Scammers who steal access to your accounts don't always raid them quickly. I had personal experience with this several years ago. My wife noticed some strange ATM withdrawals from our checking account. The amounts were odd numbers and we couldn't figure out what they could be. They weren't big so we thought they were service charges and we stopped using our ATM cards. Then we got hit by a withdrawal of several hundred dollars and we immediately called the bank. They asked if we had recently been in Warsaw, Poland. I told them my last trip to Warsaw had been five years earlier but I had recently been to on Moscow where I used my ATM card to get cash from a machine in the lobby of Marriott hotel. That's where they got my information. Fortunately, the bank (Wells Fargo) made me whole, but it was a significant hassle. I can't remember the last time I used an ATM machine.
  2. Review your credit report on a regular basis. Though you are entitled under law to a free credit report each year from each of the three major credit bureaus, you may want to review it more frequently. Your friendly mortgage banker may be able to help you do this at a very minimal cost.
  3. Be careful about who gets your information and always ask how they protect it. As the ECMC example earlier highlights, not all data theft is high-tech. Make sure they have low-tech protections in place as well.
  4. Never email personal information like account numbers, Social Security numbers, etc., unless the emails are securely encrypted. Encryption is well beyond the scope of this post, but you can get some good information on the web. Click here for a fairly understandable summary of the issues.
  5. Think about subscribing to an identity protection service. Gary wrote about his experience with identity theft a year ago including his decision to become a LifeLock subscriber. His observations are worth reviewing.