While you may be an information security guru, you are also a consumer. So does your knowledge and experience transfer to your family, both immediate and extended?
Furthermore, not all who work within the cybersecurity industry are knowledgeable about the “why” behind the processes or technologies they use in their professional instance, thus it doesn’t always translate to their personal lives.
And of course, we as humans often, perhaps far too often, act like water and take the least path of resistance as we place ourselves into the various online streams of commerce, social networks and information sharing. We may be the sharpest knife in the drawer at work, but our families, friends and acquaintances aren’t using the tools we have at work, or are engaging with vendors with little or no security acumen, and as such are being left exposed.
The Federal Trade Commission (FTC) is the government entity charged with protecting America’s consumers. In early March, they published the Consumer Sentinel Network Data Book 2017, which reveals the various problems consumers are having in the market place.
To be clear, the report covers what is being reported; it is not a comprehensive data store of what has occurred. Indeed, one should extrapolate that the reporting is but a sliver of what is actually occurring. What is interesting within the report is that the top three categories which are affecting consumers are identity theft, debt collection and imposter scams.
FTC’s acting director of the FTC’s Bureau of Consumer Protection, Tom Pahl, discussed the data book during a conference call on 1st March 2018, during which he highlighted what he considered the positive effect the awareness message is having with consumers, as they deflect the advances of the technology criminal.
Thus, there is a noted uptick in the number of reports being made by consumers informing the FTC of attempts which the consumer did not fall victim. Of the 1.1 million fraud reports, 21 percent reported a loss, totaling $905 million, with the median loss being $429. Now for a company, perhaps $429 is a drop in the bucket, but for grandma, on a fixed income, it may be the difference between meds and food.
Pahl noted that while identity theft remained ensconced in the second position, there has been a noted reduction in the number of reported cases of IRS tax fraud. Though as I am writing this my residence received six IRS scam calls, advising me I was going to jail if I didn’t send money, immediately.
Pahl also highlighted the demography of those losing money, with an uptick evident in the 20-29 year-old age group being the fastest growing. While those falling into the over-70 grouping are decreasing, the financial damage to the elderly is generally greater given their accumulated assets.
So what can our industry and government do to help protect our consumers?
The FTC’s data book is researchable, data is nicely sliced and is of immediate utility for all companies wishing to address the various market locales where these crimes against consumers are being reported.
For their part, Washington State’s Legislators and governor stepped up and passed SB 6018 - “Concerning security freeze fees charged by consumer reporting agencies” forward following the tsunami of data breaches which affected the citizens of the state, and has enacted a law which requires credit bureaus to allow consumers to freeze their credit without being assessed a fee.
Only 8 states and the District of Columbia have passed such legislation. Perhaps the credit bureaus can save everyone time and effort by eliminating these fees for freezing consumer’s information and credit from being exploited. In the interim, such legislation will limit the potential for fiscal damage to individuals by identity thieves opening up lines of credit or purchasing property using the financial credit of a victim.
Companies, both large and small, can help their customers by engaging with them in such a manner in which communications between the vendor and the consumer cannot be phished. Use of links within unsolicited emails is a hard habit to break, but one which should never occur. Direct your customer to visit your website and put their “code” or other pitch into a specific location, forcing your customer to engage in the proper cyber hygiene of “don’t click.”
Furthermore, put in place the option for multi-factor authentication for your customers. While every security awareness discussion on passwords challenge the user to only use a password once, practice is far different; consumers (maybe even you, the cyber professional) reuse passwords. Helping them protect themselves from their own poor cyber hygiene by using multi-factor authentication will also help your bottom line.
And lastly, put into place the rule regarding consumer data: Don’t collect what you can’t protect. Your customers will appreciate it, and you will reduce your own risk by reducing that which can be compromised and lost.
Let’s all do our part for the consumer. We may be also be protecting ourselves and our families.