Don't let your data suffer from Miss Taken Identity

The National Identity Fraud Awareness Week (NIFAW) campaign has reminded those who were listening that we're still living in a world of trusting, naïve fools

Whether you celebrated National Identity Fraud Awareness Week (NIFAW) with a large identity cake or just shrieked 'Who Are You?' and other identity-inspired songs with friends over a beer or four, the campaign has run its course for another year — and reminded those who were listening that we're still living in a world of trusting, naïve fools.

If you question my conclusion, consider recent reports like this one, which suggests 10,000 Australians are sending $190,000 a day to overseas scammers, and all that optimism goes out the window. By those figures, Australians will lose $104 to scammers in the two minutes it takes you to read this.

These poor people, who you would think know better but never really do, all too often become inadvertent victims of nefarious types who lurk on dating sites and use social engineering to extricate cash and valuable personal details from the young, infirm, and gullible members of our society. Even though you and I might have become inured to this sort of trickery long ago, it's entirely possible the person in the next cubicle is a lonelyheart statistic just waiting to happen.

It's a tragic byproduct of the information age, particularly when we bring people into online environments without the arm's-length scepticism necessary to avoid getting sucked in by online scammers. But can we do anything about it? Or are desperate victims simply going to continue forking over their hard-earned retirements to silver-tongued online scammers, just like many have done in the real world for innumerable years?

The very real potential for identity theft — in which victims are as likely to be robbed of their credit rating, reputation and financial independence as their cash — makes these questions more relevant than ever. And while I know the Australian Federal Police's NIFAW campaign is hardly going to eliminate the problem overnight, I stepped through its online survey out of curiosity as much as anything.

Through the course of 15 questions, the AFP survey highlights risk behaviours that seem most likely to find people funding their new African friends' retirements. These include risky behaviour ranging from ATM usage techniques to antivirus habits (hint: "I use a Mac so I'm safe from viruses" isn't the right answer) and the thinking behind mobile app downloading practices.

They're a panoply of bad habits, and by intentionally choosing the worst choices — stop laughing; it was intentional — I was able to convince the AFP site I am 'dangerous', but not in a good Michael Jackson way, when it comes to securing personal information.

So, what does this have to do with the CSO? Well, everything.

You see, the thing is: these gullible Australians don't just spend their days sitting at home, pining for the promise of love with Russian brides or million-dollar windfalls from helping some Nubian prince offshore the national treasury. They're spending their days working in your company; using your computers; and looking after your sensitive corporate information — a.k.a. a veritable gold mine of sensitive customer and employee information.

Despite years of improving security technology and significant efforts to get employees to care deeply about supporting it, human engineering remains the Achilles' heel of corporate security. Even if your information is locked down tight, outsiders with the right approach can still trick people with access to that information into giving up information they should never be sharing.

The result might not be as blatantly extortionate as the fate that awaits our dateless-and-desperate scam victims, but it could be just as difficult and painful for companies that find their crucial corporate details have been compromised. This might come in the form of data being sluiced out of a key database, installation of keyloggers or other nasties, or even just the theft of employee pay and personal details from an unsecured terminal. Lost competitive advantage, compromised research work, stolen product plans — you name it, and loose lips (and, in this case, fingers) can cause it.

Although there's a definite focus on product within many elements of the security market, these risks underscore the importance of taking a holistic view of security that includes extensive delineation of acceptable and unacceptable security procedures — and the consequences of a breach.

This might, quite reasonably, include an AFP-styled questionnaire designed to highlight risky behaviours and at least make your employees consider the potential consequences of their careless treatment of corporate information and systems. Get your employees to give the AFP survey time for measured consideration, and they might learn a few ready lessons about the need to be more careful than ever with sensitive information.

It's never too late to start teaching your people to take security seriously. And who knows? With the right approach, you might get your well-meaning receptionists to be more wary of sweet-talking strangers both in the office and out of it. The economies of numerous small African nations might be the worse for it, but preserving the spirit of National Identity Fraud Awareness Week – by taking a proactive and educational stance against identity theft and other accidental data sharing — will be one of the best decisions you make in this or any other month.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags identity theftsecurityNational Identity Fraud Awareness WeekNational Identity Fraud Awareness Week (NIFAW)

More about Australian Federal PoliceFederal Police

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place