Your identity defines you from birth, and is how you live, work, and play. People know you by your name, your address, your place of employment and other personal information.
Your personal information also includes your date of birth, medical history, financial information, and most importantly your 9-digit SSN or Social Security Number. If your 9-digit SSN falls into the hands of an identity thief your whole life will change. Once an Identity thief has your SSN they in essence – recreate you.
If you become a victim of identity theft the real you will cease to exist, and statistics indicate it is not if but rather when you will become a victim of identity theft.
One of the most common ways of stealing your identity is by looking through your garbage – this is called dumpster diving. Throwing away personal information almost guarantees identity theft. A simple and fairly inexpensive prevention is a paper shredder. Shred everything that has your name, date of birth, social security number, address, employment, school or medical information. Yet, the easiest way to steal your identity is by taking a credit card statement out of your mailbox.
Consider the following scenario. You receive a phone call from the security department of your personal credit card company. The security department noticed an unusual charge amount from a local electronics store for stereo equipment for $800 dollars and asks if you made this purchase in the last hour. After you tell them you have not made any purchase the man or woman from the security department of your credit card provides you with your first and last name, the name of your credit card company, your home address, phone number and your credit card number. By feeding you the information to you, rather than asking you for your information you feel comfortable that the person on the other end is legitimate.
The head of security assures you that you will not be responsible for any of the $800 charged on your card, and that the account is now closed to prevent any other unauthorized charges. You are asked to please cut up your old card, since a new card will be forthcoming in 4-6 weeks. You only need to verify you are the credit card holder by giving the last four digits of your SSN and the 3-digit security code on the back of your credit card and by now you are relieved the security department was so efficient in catching the unusual charge you quickly give them the last bit of information needed to steal your identity.
By the time you realize your new credit card has not arrived in 4-6 weeks the identity thieves will have already stolen your identity and wreaked havoc on your personal and financial life. What takes only hours to do can take you years to undo and may cost thousands of dollars to fix. Could this happen to you? You bet. It can happen to anyone. Yet, now you are armed with the valuable information necessary to prevent identity theft. Remember prevention is the key.
Privacy, Speech Restrictions Emerge in Debate Over Social Media
The U.S. government’s move to seek information from social media sites has prompted concerns about a possible crackdown on privacy and free expression. Government agencies have maintained they are not trying to quell dissent and just want to monitor crises and be able to disseminate security-related material.
Up to this point, the Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), Central Intelligence Agency (CIA) and the research agency for federal intelligence efforts–the Intelligence Advanced Research Projects Agency (IARPA)–and others have wanted to see what’s on the web for indications of public views about subjects related to their various areas of activity.
DHS, for one, is watching tweets on Twitter as well as Facebook posts and comments. According to an article by Mark Hosenball, “Homeland Security watches Twitter, social media” January 11, 2012 on Reuters, “such monitoring is designed to help DHS and its numerous agencies, which include the U.S. Secret Service and Federal Emergency Management Agency, to manage government responses to such events as the 2010 earthquake and aftermath in Haiti and security and border control related to the 2010 Winter Olympics in Vancouver, British Columbia.”
In addition to certain keyword search terms used, the department is interested in such sites as the Drudge Report, WikiLeaks, Hulu, Jihad Watch, NYTimesLede Blog, Newsweek Blogs, the Huffington Post, YouTube, Flickr, Foreign Policy, Live Leak, Vimeo, Cryptome, Global Security Newswire, Google Blog Search, LongWarJournal, Plowshares Fund, Popular Science Blogs, STRATFOR, Technorati, and Terror Finance Blog.
The U.S. Department of Justice, for its investigation into WikiLeaks head Julian Assange, has asked for data on three individuals accused of aiding WikiLeaks in providing classified information to the site.
The Electronic Privacy Information Center (EPIC), a privacy advocacy group, filed a Freedom of Information Act (FOIA) request regarding the Homeland Security Department for more information about its online surveillance program. EPIC wrote, “DHS has stated that it will routinely monitor the public postings of users on Twitter and Facebook. The agency plans to create fictitious user accounts and scan posts of users for key terms. User data will be stored for five years and shared with other government agencies. The legal authority for the DHS program remains unclear.”
Some conservative bloggers who are critical of the Obama administration, argue it would be helpful for the government to monitor particular sites to see information appearing there. They specifically cite writings by U.S. Army Major Nidal Hasan on forums before he was charged with carrying out the deadly shooting rampage at Fort Hood, Texas, and blogs on drug cartels along the U.S.- Mexican border.
A post on the Facebook page of a Peoria, Arizona, police sergeant showing a photograph of high school students in his hometown, with some holding guns and one with a T-shirt with a bullet-riddled image of President Barack Obama, prompted a U.S. Secret Service investigation of the matter. The picture, which was also on the Facebook page of one of the students, was posted just prior to a visit by the president to the state.
Given its role as a vehicle for information on worldwide protest movements–such as in Egypt, Bahrain, Tunisia, Syria, Iran and Occupy Wall Street in the United States–Twitter has come under fire for its plans to allow country-specific censorship of tweets about government crackdowns on dissidents that might violate local laws. Under the new policy, a tweet breaking a law in one country could be disabled there but still seen elsewhere.
This move is also seen as potentially chilling journalism sources online. The debate continues overall as to whether the U.S. government’s monitoring of social media sites could extend to examining views expressed there on news events beyond watching how news is reported, and if it’s being done to follow potential threats or public reaction to prospective governmental actions.
Aside from questions about what the government is doing, EPIC has expressed doubts too about how scrupulously Facebook is sometimes following privacy guidelines. Appearing on the April 10, 2017, Diane Rehm Show on National Public Radio, Marc Rotenberg, executive director of EPIC, said of Facebook: “They have privacy policies and people rely on those policies. We think this is very important, actually critical. Some people might choose to post a lot, other people might choose to post very little, but whatever choice a user makes, Facebook should respect.”
He noted Facebook has not always adhered to individual privacy considerations in making users’ photographs available to others, and then requiring anyone who didn’t want their pictures seen by those unknown to them go in and change their privacy settings back to the original preference.
Other observers have pointed out that when Facebook made people’s friend lists public, some from Iran who had family members studying in the United States and who could be identified from Facebook posts on their pages were arrested by Iranian authorities.
In addition, Rotenberg has criticized Facebook’s new “Timeline” feature for removing control from the user about which information is being made publicly available. This kind of action has led to companies selling what users consider their personal information without consent, posing considerable difficulty for individuals in removing such information, he said,
In “FTC asked to probe Facebook Timeline for privacy violations” on January 9, 2012, ZDNet’s John Fontana wrote: “EPIC sent a letter to the [Federal Trade Commission] on Dec. 27th asking it to investigate Facebook’s new ‘Timeline’ feature to insure that it meets with the terms of a Nov. 29th FTC-Facebook settlement that requires the social networking site’s privacy practices be audited every two years for 20 years by an independent third-party. The settlement also barred ‘Facebook from making any further deceptive privacy claims, and requires that the company get consumers’ approval before it changes the way it shares their data’.”
EPIC’s letter to the FTC stated that Facebook “has now made information that was essentially archived and inaccessible widely available without the consent of the user.”
Facebook users can update to the new feature but otherwise will eventually be moved to Timeline automatically. It cannot be disabled once it is activated.
This new feature, which tracks users’ entire catalog of Facebook activity from when they first joined, has options to hide posts from public view. But it automatically makes public the following information: every “public” event to which a user has RSVP’d on Facebook, the date a user’s Facebook page began, and when users signed on to particular Facebook applications.
Due to the ever increasing security incidents within companies these days, and the potential for more to come, there are some procedures that, if implemented, will increase the overall security of the company’s databases.
These procedures include adding more stringent rules for passwords on all computers and databases and adding profiles, privileges and roles to the company databases. Implementing these procedures may take some manpower in the beginning, but will add significantly to the security and integrity of our company’s most precious resource, its information.
As far as passwords go, each database should have its own unique password. Some companies have a couple databases that are all using the same password. Although this may be easier for people to remember, it is not at all secure as some people that are using one database should probably not have access to others. Another feature that should be added to the rules for passwords is that all passwords, whether on the databases or on user’s workstations, should be at least 8 characters long, include at least one capital letter, one number and one special character.
If you give all users access to all databases and all parts of the databases, then your data is not really secure. You need to find the fine line between allowing access so your employees have the access that they need to do their jobs and making sure that they don’t have access to information that they don’t, or shouldn’t, have access to.
Profiles, privileges and roles are specific to databases and are needed to ensure that all users that have access to any company database can only access the information that they need to access to do their job. These database functions are different ways to accomplish database security by allowing access to people, or groups of people, based on what they need the database for. By using profiles, privileges and roles you ensure the confidentiality of the data in each database.
To implement these new policies and procedures one should assign various individuals from different departments, to include management and IT resources, to come together as a team. This team will make decisions on who needs access to which databases and which parts of the database they need to view, edit or update. They will then write up the new policies and create a training procedure for ensuring that users of the databases understand the new procedures and rules.
By implementing these new policies and procedures your company will put a stop to security incidents and prevent future issues that may have arisen and create a more secure company.