Today, most organizations continue to think of security as an “us” vs. “them” proposition.
Outside breaching entities try to punch their way in to networks, websites, data stores, etc., and we have firewalls, encryption, evolving practices, and so on, to prevent intrusions and thefts.
This mindset no longer serves, and hasn’t for awhile. Of course, a long-standing “inside” threat has been that of human error, which can lead to breach. But there’s more – oh so much more…
Authorities in New York City have busted the largest identity theft ring ever. Members have been charged with stealing the credit card information over a period of 16 months of thousands of Americans and Europeans.
The insider threat here? Many of the stolen credit card numbers were stolen by company staff persons who had access to cardholders’ numbers: People employed at stores, restaurants, banks, etc., using skimming devices. Imagine going out to dinner, paying with your card, and finding all manner of unauthorized charges in the ensuing weeks or months… would you have associated those charges – that breach – with a particular dinner out? Not likely.
But further, for any business, whether restaurant, bank, lawn service – anything – recognize that vetting employees and their associated honesty now takes on another dimension. Not only do you have to monitor for theft of physical assets or cash at-hand, but you must monitor the ethical practices of employees regarding credit, and use of electronic systems. Many organizations do this, and have for years. Many, many, more do not – particularly in the realm of small-to-medium (SMB) business.
This particular ID theft ring also specialized in the creation and use of counterfeit credit cards. The counterfeit cards were dispensed to collusive shoppers, who used the cards to purchase high-value items for resale, sometimes over the ‘net.
Recognize too that the ability to replicate swipe strips, holographic authenticators, complicated engraving… is becoming more basic and affordable – and that is daunting.
To business, and individuals, I again say: View every activity through a security prism: Assess every activity, and every plan, from a security perspective. Run frequent reports and track accounting very closely.
NP: Cannonball & Coltrane, LP.