ICFE eNEWS #17-04 - January 25th 2017
View this eNEWS online
During the period from 2016 to 2017, both domestic and international
areas have experienced some subtle, and not-so-subtle, shifts in the
attacks by high-tech identity thieves. Both press and social media have
given a great deal of attention to cyber events, featuring both data
breaches and other incursions perpetrated by hackers.
To some extent, identity thieves are like terrorists - they only have to win once, while their intended targets have to be 100% prepared to defend against attacks. They play by a different set of rules - the military and strategic term is "asymmetrical warfare."
It's undeniable that the gross numbers of individuals whose sensitive personal information is involved in third-party data breaches has grown disproportionately. However, the basic measures both individuals and organizations must take to avoid the depredations of identity thieves cannot be abandoned. It's not a question of either high-tech solutions or instituting broad-based defensive practices; the only effective response to the present array of challenges is a both-and approach.
At both organizational and individual levels, the most important point is to make the decisions in an informed, thoughtful manner. That means education for planning and implementation of appropriate measures to identify threats and institute defenses against them.
The risk evaluation and management exercise is central to this process. Deciding which risks to retain versus which risks to lay off on service providers and insurers is an important exercise. In addition to identifying the risks, they should be categorized and separated into those where the sensitive information is under the control of the individual or organization, and those where such information is under the control of a third party.
Similarly, education and training of executives and all staff to be aware of and prepared for attempted identity theft incursions represent a fundamental and continuing requirement for the successful avoidance of identity theft incidents.
It's all too easy to overlook the basics of identity theft risk management, but periodic updates and training sessions can have a double positive effect. First, the line of defense against low-tech "traditional" identity theft is strengthened. Second, and just as important, more resources are made available to assure higher-tech defenses are in place.
Outside resources include professional services to evaluate the risks to your family and business, monitoring and restoration plans, and insurance coverage. It's up to each individual and each business entity to determine which of these is most appropriate.
Recent developments and increased occurrences of such current challenges as ransomware, malware, and cyber-intrusions will no doubt be met with new and improved protections to combat these attacks.
It's just as likely that even as such protections are placed into service, new and hitherto unexpected methods of intrusion will come to light in the coming year.
Accordingly, the best advice is three-fold: Maintain the basics of education and training, keep vigilant for indications of the unforeseen, and lay off those risks you are not prepared to face yourself.
The ICFE's Certified Identity Theft Risk Management Specialist® XV CITRMS® course is now available both in printed format and online.
The Textbook and Desk Reference edition of the course book is also available online. Bulk pricing and discounts for veterans and students available. Inquire at email@example.com
Yan Ross is ICFE's Director of Special Projects, and the author of the Certified Identity Theft Risk Management Specialist® XV CITRMS® course. As an accredited educator for over 20 years, he has addressed Identity Theft Risk Assessment and management for consumers, organizations holding personally identifiable information, and professionals who work with individuals and organizations who are at risk of falling victim to identity thieves.
ICFE eNEWS is available FREE upon request by visiting the ICFE's
and filling out the contact form, selecting "Yes" for "Add to Mailing List."
Please pass this eNEWS on to your peers and interested others and
invite them to subscribe for free. Also, visit the ICFE's new Web site:
Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)
ICFE - Institute of Consumer Financial Education - ICFE.info - 619.239.1401