In a recent article in the Journal of Knowledge and Process Management (V. 12, #2, pp. 123-131), I wrote on the topic of technological security within organizations. In the article, “PREPARE: Seeking Systemic Solutions for Technological Crisis Management,” the PREPARE crises assessment challenged organizational leaders to be prepared for the potential penetration of their organizational systems by intruders.
An intruder is defined as anyone using technology to harm, intimidate or terrorize. The moment an intruder invades personal or organizational space is defined as the penetration event. Organizational leaders must assess their systems for vulnerabilities by considering where security could be penetrated by known and unknown intruders.
Individuals, too, need to be prepared for invasion of privacy. The Federal Trade Commission reports a consistent rise in consumer fraud and identity theft incidents. In 2004, there were over 635,000 consumer fraud and identity theft complaints with consumers reporting losses of more than $547 million. Internet-related complaints accounted for 53% of all reported fraud. Of those fraud complaints, the intruder’s contact came most often through electronic mail (35%) and the web (22%). The most reported form of identity theft was through credit card information (28%). The percentage of complaints about “electronic fund transfer” related identity theft more than doubled between 2002 and 2004.
Penetration tests will allow an individual to see themselves through an intruder’s eyes. Where could my security and privacy be penetrated? Where and what are my vulnerabilities? What actions could I take to prevent the penetration of my personal information?
PREPARE assessments will allow you to consider these questions. This assessment asks you to seek “Preventive measures,” engage in “REtrospection,” participate in “Protection investment,” “Anticipate” future activity and “RE-evaluate yearly” for continuous security protection.
Preventive measures
Check your credit report periodically to view any unauthorized activity. If there is any unauthorized or questionable activity, your credit cards can be canceled immediately.
Before sharing personal information on the Internet, consider the web site security. Find out about web site privacy policies. Do your homework! Consider obtaining a credit card with a low credit limit. Use this card for online activity only and monitor the card consistently.
Ask a trusted techno-savvy person (trusted family member or friend) to attempt to penetrate your personal information. It may be revealing to know what information this person will obtain. In addition, ask the person to attempt to open accounts and access your bank accounts.
Ask yourself who the potential intruders are? What people would wish to steal your information? Would there be intruders seeking to penetrate your privacy through the Internet? Who would be interested in your personal information?
Retrospection
Do your own research. What people have had their security breached? How did it happen? What people have had their identities stolen? What can you learn from these situations?
Consider web site visits that generated massive amounts of junk e-mail. Do your research. Understand Internet piracy topics such as spoofing, phishing, skimming and spamming. Spoofing is to gain unauthorized access to a computer by using an IP address and indicating the message is coming from a trusted partner. Phishing occurs when an intruder uses a legitimate enterprise to scam an individual into surrendering private information that may be used to steal the person’s identity. Skimming occurs when the intruder captures your information as you use the information. And spamming is using the Internet to send bulk, unsolicited messages.
Protection Investment
Invest in virus protection for your personal computer. Virus protection software and patches for your current operating system should be installed to protect against intrusion. Firewall protection is increasingly an important investment with the use of high-speed Internet connections.
Consider having a credit card with a small credit limit. Another consideration would be to open a separate account at a bank and keep a minimal amount in this account. Use a debit card from this account to conduct commerce online.
In organizations, the weakest link is typically the people working for the company. Employees may inadvertently offer information to strangers in the course of a chaotic day.
Do not use passwords on your credit cards, bank accounts or other accounts with easily available information. Intruders can easily obtain some information about you such as family names, last four digits of your Social Security number or your phone number. Carefully select passwords that are not easily penetrated. Change them frequently.
Anticipate
All you have to do is read your daily newspaper or watch the nightly news to know that identities are stolen and security is breached daily. These individuals will tell you, “It was something that always happened to someone else; not me.” It does happen to people like you.
What steps will you take if you were to find you had your personal security or privacy penetrated by an enemy? Create a technological crisis checklist on actions you would take in the case of emergency. Who would you need to contact (e.g. financial institutions, credit card contact information, driver’s license and other government issued identifications, Social Security numbers)? What actions would you take to secure your information?
Re-evaluate yearly
This is not a one-time activity! You must check your credit report yearly. The major credit report agencies will give you a free report once a year.
If your trusted, techno-savvy friend or family member found areas of vulnerabilities, you may wish to re-evaluate more often. Consider your vulnerability gaps. Conduct another penetration assessment after you have addressed the results of the last assessment.
Technology and the Internet benefit our lives and serve us in many ways. However, we must be consistently vigilant in overseeing our personal information and activities. Individuals can practice the same relentless determination and preparation as organizational leaders who are protecting corporate security. Failing to PREPARE for your personal security is risky, could be costly and could threaten not just your security, but your personal identity.
Author: Beverly J. Davis is an associate professor in the College of Technology, Department of Organizational Leadership at Purdue University. She can be contacted at (765) 496-1431 or go to www.tech.purdue.edu/lafayette
PREPARE