Menu
ABA Banking Journal Home
Menu

Think like a spy

Book Review: “Cloak and dagger” mindset helps fight ID theft apathy

  • |
  • By  Martin Liska
  • |
  • Comments:   comments
Privacy Means Profit: Prevent Identity Theft and Secure You and Your Bottom Line, by John Sileo, Wiley, 2010, 246 pp. Privacy Means Profit: Prevent Identity Theft and Secure You and Your Bottom Line, by John Sileo, Wiley, 2010, 246 pp.

We hear it all the time in the news how this company or that had a security breach. The first thing most of us do is determine whether we have any relationship with the company that might put our identity at risk.

In Privacy Means Profit: Prevent Identity Theft and Secure You and Your Bottom Line, John Sileo addresses this concern by providing effective guidelines to not only prevent breaches, but the devastating effects they can have on your company and your life.

Client security breaches pose elevated risks to banks and require additional client due diligence, which costs money and time. Not only do we want to protect the client, but we also need to protect the bank and its shareholders. Furthermore, security breaches can also pose significant reputational and regulatory risks that can wreak havoc on the bottom line and stock price.

Sileo begins with his own experience as an entrepreneur. He became a victim of identity theft and internal fraud that left his company in shambles. The data breach led to significant legal and financial damage, which shut down the business. An identity thief operated under Sileo’s name and identity, and as a result Sileo spent two years combating felony charges and jail time.

From this experience, Sileo became an advocate for preventing identity theft and security breaches. He developed another company dedicated to educating and assisting corporations in data breach prevention.
 
Data breaches mount

Here’s a statistic to ponder: The Ponemon Institute’s fifth annual U.S. Cost of a Data Breach Study reports that every customer record that is collected, stored, or transmitted in any way costs an average of approximately $204 if compromised. As a result, $204 is the average cost per record of breach recovery.

Now, consider the following statistics that Sileo’s book refers to:

• The TJX data breach loss was estimated at $4.5-$8.6 billion.

• Heartland Payment Systems stock value declined 64% following the days after acknowledgement of its breach.

• The average data breach costs $6.75 million.

• The number of breaches was up 47% in a one-year period.

• In 2008, 285 million records were breached.

• Of individuals affected by a data breach, 31% will terminate their relationship with the company that lost their information.
 
It all starts with the individual mindset

Companies encourage their employees to take steps to prevent data exposure. Typically this comes in the form of an internal email blast or an occasional reminder through other mediums.

That’s ineffective, because it does nothing to change behavior, Sileo states. Employees don’t perceive that the issue affects them personally, so, he says, employers need to engage them. He states that we need change the mind sets of individuals by connecting privacy to something we already know and understand at an intuitive level.

We need,  he insists, to “think like a spy.”
 
How the seven mindsets eliminate the source

Indeed, Sileo’s book revolves around the seven mindsets of a spy. Sileo suggests that if businesses can teach employees to protect their own, personal data, that it will translate into daily behavior at work, as well, that protects corporate and customer data.
 
1. Spies carry as little sensitive information with them as possible.

The fewer pieces of personal information cluttering up your wallet, computer, and filing cabinet, the lower your statistical risk of loss or theft. Sileo recommends that everyone should have freeze their consumer credit reports. He states that a credit freeze is the single most significant and effective means of protecting your financial identity. It is similar to placing a password on your credit file.
 
2. Destroy the data.
Spies eliminate their paper trail. Identity thieves are experts at collecting data that is not properly destroyed. For example, paper documents should be shredded. However, just having a shredder will not prompt individuals to use it.

Better location of the shredder will encourage action, Sileo says. If it is easier to throw the document in the trash than to shred it, that’s what will happen. So shredders should be closer than the trash can. Shredders should be placed near filing cabinets, where mail is opened, or where any sensitive documents are handled.
 
3. Secure the systems
Spies use technology to steal information and to protect their own. Secure your computer and your network (which at home is sometimes wireless). Protect your computer physically and through software by locking up your computer and installing protective software. Furthermore, protect passwords, encrypt data, and hire a professional technician to secure your technology.
 
 4. Lock the docs           
Spies operate in “safe houses” that are information tight. In espionage, nothing is more valuable than top secret documents.

Create your own safe house by designating an area within your home or workspace to lock up and secure documents. At home, this could be a fire-resistant safe in a closet or a room with a keypad lock.
 
5. Evaluate the risk
Spies are aware and prepared to act on everything that is around them. Learn the different scenarios on how thieves steal sensitive data. Some examples are phishing; get rich quick and Ponzi schemes; and internal fraud. Evaluate each request for information: Should you provide it just because someone’s asking?

The next mindset builds on the latter point.
 
6. Interrogate the enemy
Spies ask direct and aggressive questions to get answers. Sileo outlines four phases of interrogation to be aware of:

• Control: Who is in control of the interrogation?

• Justify: Can the person requesting information proof their legitimacy?

• Options: What options do I have other than sharing the data?

• Benefits: What are the benefits of the particular choice I am making?
 
 7. Monitor the signs
 
Spy networks monitor their assets to detect trouble at the earliest stages. One of the best ways to detect identity theft early on is to monitor your credit report. Reporting agencies provide services that if there is a change in your report, you can be notified via mobile phone or email. Also, most credit card companies and banks provide account alerts as well.
 
A very complete guide for a “spy”
 
Privacy Means Profit: Prevent Identity Theft and Secure You and Your Bottom Line is full of detailed knowledge, so much so that a book review give more than a sense of its approach.

Sileo’s book provides checklists; detailed preventive steps that you can perform at home and at work; helpful phone numbers and contacts to reference; and much more.

In essence, the mission and message of his book is culture. The most effective means to minimize data breaches is to promote an effective data culture that teaches people how they can protect themselves and their companies from irreparable harm.
 
 
back to top

Sections

About Us

Connect With Us

Resources