Legislation has been introduced in Congress that would require companies to notify customers when their personal information is illegally accessed. The legislation follows further large-scale thefts of customer information from processing centers. Officials from OSU and Huntington Bank provide information on keeping personal information secure.
The process of stealing someone's identity sounds complex, but in reality, the situation is rather mundane. In a world of paper and electronic media a thief needs only a name and a social security number to gain access to a victim's monetary resources. This information is located in many places, from homes to businesses. Large institutions like Huntington Banks and Ohio State University store these numbers for customers, employees, and students.
Officials say their organizations use a layered approach, much like an onion, to protect their information. These layers range from simple layers that allow access only to those who need access, to advanced layers where information is encrypted.
Much of what their organizations keep secure is mandated by federal guidelines, but individuals are under no such guidelines. Experts say people should do things on their own to protect their personal information. Huntington Bank's Information Security Director Larry Seibel says protecting items of value is nothing new.
Experts recommend people obtain anti-virus software and anti-spyware software, and frequently update those programs. OSU's Director of Security Charles Morrow-Jones says spyware monitors computer functions, like recording keystrokes, and then sends that information to unknown parties using the Internet. He says people can tell if spyware is on their computer.
He explains, "Unlike some of the other break-in approaches spyware usually reveals itself in the sense that you'll start seeing pop us adds where you have not seen many of them before, they'll become at the nuisance level, and then the second thing is that often, because it's sending information back out over your internet connection, it often slows the machine down appreciably."
Encryption is not just for governments and large institutions. It's likely already on most home computers. OSU's Morrow-Jones says enabling this encryption option on a personal computer is a good way to keep personal information, or more portable devices such as laptops, safe.
Morrow-Jones says, "So in, for example, the Windows XP operating system there's something called the Encrypted File System, EFS, that's very easy to turn on, which means that if you've got a laptop and you turn EFS on, everything on it's encrypted with a password that you choose, that way if somebody grabs your laptop at an airport and runs off with it you may have lost the laptop, but at least if there was any sensitive data on it, at least you haven't lost that."
Both Morrow-Jones and Seibel warn against responding to unsolicited emails selling products or requesting personal information. This process is known as "phishing." Seibel says the criminal instigating the con will send hundreds of emails in an attempt to receive personal information from a few of them. Morrow-Jones says about five percent of people receiving a "phishing" email respond.
"When you're sitting, looking at the screen and this message has popped up and the logo looks like it's from your bank and they say, 'If you don't respond in 48 hours we're going to close your accounts,' you get this sense of pressure, a lot of people do, and that incites them to go ahead and fill out that information. So, when in doubt, if you get something from your bank, call the bank, but don't use the bank's phone number that's on the website, go to the Yellow Pages, look up your bank, and call," he says.
Seibel says that taking these precautions isn't paranoid, but is a consequence of living in the Information Age.
Morrow-Jones describes the process as an act of vigilance. In a time when information has become a form of currency, people need to learn to protect that commodity.