Recently, reports of security breaches in which customer data and personally identifiable information (PII) were somehow compromised seem to appear almost daily. Choicepoint, Lexis Nexis, DSW Shoe Warehouse, Ralph Lauren / HSBC, Bank of America and more have all reported massive amounts of compromised or ill-gotten customer information just in the past couple of months.
However, most identity theft or compromises of PII, including a couple of the major breaches mentioned above, have nothing to do with the Internet or lax computer or network security. Unpatched operating system vulnerabilities or hacking wizardy are involved in a relatively small number of the total cases. The Choicepoint breach resulted from poor processes to identify that the business asking for consumer information had a legitimate reason. The Bank of America breach resulted from a data backup tape being lost in transit.
Information can be pulled from your trash can. Waiters can swipe or simply write down your credit card number when you make a purchase at a restaurant. There are a variety of laws related to securing customer information including Sarbanes-Oxley, HIPAA, GLBA and others. Congress is currently investigating the breaches at Choicepoint and Lexis Nexis and considering further legislation aimed at allegedly protecting customer data. But, social engineering and good, old-fashioned theft still pose a larger threat than network security and it is up to you to monitor and protect your personal information and your credit.
Below are some tips you can follow to help secure and protect your personally identifiable information and ensure that your identity or your credit have not been compromised.
1. Watch for shoulder-surfers. When entering a PIN number or a credit card number in an ATM machine, at a phone booth, or even on a computer at work, be aware of who is nearby and make sure nobody is peering over your shoulder to make a note of the keys youre pressing.
2. Require photo ID verification. Rather than signing the backs of your credit cards, you can write See Photo ID. In many cases, store clerks dont even look at the signature block on the credit card, and a thief could just as easily use your credit card to make online or telephone purchases which dont require signature verification, but for those rare cases where they do actually verify the signature, you may get some added security by directing them to also make sure you match the picture on the photo ID.
3. Shred everything. One of the ways that would-be identity thieves acquire information is through dumpster-diving, aka trash-picking. If you are throwing out bills and credit card statements, old credit card or ATM receipts, medical statements or even junk-mail solicitations for credit cards and mortgages, you may be leaving too much information laying about. Buy a personal shredder and shred all papers with PII on them before disposing of them.
4. Destroy digital data. When you sell, trade or otherwise dispose of a computer system, or a hard drive, or even a recordable CD, DVD or backup tape, you need to take extra steps to ensure the data is completely, utterly and irrevocably destroyed. Simply deleting the data or reformatting the hard drive is nowhere near enough. Anyone with a little tech skill can undelete files or recover data from a formatted drive. Use a product like ShredXP to make sure that data on hard drives is completely destroyed. For CD, DVD or tape media you should physically destroy it by breaking or shattering it before disposing of it. There are shredders designed specifically to shred CD / DVD media.