Whether you celebrated National Identity Fraud Awareness Week (NIFAW) with a large identity cake or just shrieked 'Who Are You?' and other identity-inspired songs with friends over a beer or four, the campaign has run its course for another year — and reminded those who were listening that we're still living in a world of trusting, naïve fools.
If you question my conclusion, consider recent reports like this one, which suggests 10,000 Australians are sending $190,000 a day to overseas scammers, and all that optimism goes out the window. By those figures, Australians will lose $104 to scammers in the two minutes it takes you to read this.
These poor people, who you would think know better but never really do, all too often become inadvertent victims of nefarious types who lurk on dating sites and use social engineering to extricate cash and valuable personal details from the young, infirm, and gullible members of our society. Even though you and I might have become inured to this sort of trickery long ago, it's entirely possible the person in the next cubicle is a lonelyheart statistic just waiting to happen.
It's a tragic byproduct of the information age, particularly when we bring people into online environments without the arm's-length scepticism necessary to avoid getting sucked in by online scammers. But can we do anything about it? Or are desperate victims simply going to continue forking over their hard-earned retirements to silver-tongued online scammers, just like many have done in the real world for innumerable years?
The very real potential for identity theft — in which victims are as likely to be robbed of their credit rating, reputation and financial independence as their cash — makes these questions more relevant than ever. And while I know the Australian Federal Police's NIFAW campaign is hardly going to eliminate the problem overnight, I stepped through its online survey out of curiosity as much as anything.
Through the course of 15 questions, the AFP survey highlights risk behaviours that seem most likely to find people funding their new African friends' retirements. These include risky behaviour ranging from ATM usage techniques to antivirus habits (hint: "I use a Mac so I'm safe from viruses" isn't the right answer) and the thinking behind mobile app downloading practices.
They're a panoply of bad habits, and by intentionally choosing the worst choices — stop laughing; it was intentional — I was able to convince the AFP site I am 'dangerous', but not in a good Michael Jackson way, when it comes to securing personal information.
So, what does this have to do with the CSO? Well, everything.
You see, the thing is: these gullible Australians don't just spend their days sitting at home, pining for the promise of love with Russian brides or million-dollar windfalls from helping some Nubian prince offshore the national treasury. They're spending their days working in your company; using your computers; and looking after your sensitive corporate information — a.k.a. a veritable gold mine of sensitive customer and employee information.
Despite years of improving security technology and significant efforts to get employees to care deeply about supporting it, human engineering remains the Achilles' heel of corporate security. Even if your information is locked down tight, outsiders with the right approach can still trick people with access to that information into giving up information they should never be sharing.
The result might not be as blatantly extortionate as the fate that awaits our dateless-and-desperate scam victims, but it could be just as difficult and painful for companies that find their crucial corporate details have been compromised. This might come in the form of data being sluiced out of a key database, installation of keyloggers or other nasties, or even just the theft of employee pay and personal details from an unsecured terminal. Lost competitive advantage, compromised research work, stolen product plans — you name it, and loose lips (and, in this case, fingers) can cause it.
Although there's a definite focus on product within many elements of the security market, these risks underscore the importance of taking a holistic view of security that includes extensive delineation of acceptable and unacceptable security procedures — and the consequences of a breach.
This might, quite reasonably, include an AFP-styled questionnaire designed to highlight risky behaviours and at least make your employees consider the potential consequences of their careless treatment of corporate information and systems. Get your employees to give the AFP survey time for measured consideration, and they might learn a few ready lessons about the need to be more careful than ever with sensitive information.
It's never too late to start teaching your people to take security seriously. And who knows? With the right approach, you might get your well-meaning receptionists to be more wary of sweet-talking strangers both in the office and out of it. The economies of numerous small African nations might be the worse for it, but preserving the spirit of National Identity Fraud Awareness Week – by taking a proactive and educational stance against identity theft and other accidental data sharing — will be one of the best decisions you make in this or any other month.