The time has come...

SC Magazine is leading with the story

Monster breach hits South Carolina taxpayers.

Unfortunately this shouldn't come as a surprise to anyone anymore.  According to the report in early September "unknown hackers "probed" agency systems, and sometime in the middle of the month, they were able to access the data that was stolen".   Details related to the breach were limited to the comment that it was tied to a "server issue" by South Caroliana Department of Revenue spokesperson Samantha Cheek.

Folks, the breaches aren't stopping.  We have insecure wireless networks, servers, code and sloppy employees out there.  We've got journalists and CEOs pushing BYOD (bring your own device) and cloud technologies.  The "cool kids" are all over implementing these new ideas.  It's likely we still have folks with unencrypted tapes and computers sitting in their vehicles.  Wake up folks!  We are not ready to bring our own devices!  It's clear that the criminals are more persistent than the industry. 

Something has got to change.

Can we MAKE programmers write more secure code?  Secure the networks?  Quit buying equipment from foreign companies who insert backdoors and insecure code?  How about that cloud?  Is your information hosted in a country where privacy laws allow them to access the data you think is secure?

Social security data is the basis for critical functions for Americans.  Our social security number is the identifying number that is used to store our credit score, social security eligibility, health records (in many cases), tax records, as well as a host of other important data. 

What can we do to protect ourselves?!!  Clearly consumers cannot secure the data center or the programming running systems.  We can freeze our consumer credit (Equifax, TransUnion and Experian), stop using credit or isolate ourselves from society by living in a cave.  It's a lot of trouble to freeze your credit if you want to buy anything.  Most people couldn't live without some type of credit and living in a cave is not going to work for most folks.

Obviously the solution is to ensure equipment, software and people do the right thing for existing and future equipment.  The other solution is to increase the scrutiny used when approving loans, credit cards or anything else used to modify or use information tied to social security numbers and associated personal information. 

Do you hear me Dell?  Don't send a TV out when some yayhoo opens up a credit card and buys a $5,000 TV without scrutinizing the request.  Put additional checks and balances into the equation.  Weeks later you find out that the television went to someone other than the person it was billed to.  The system ain't workin'.

I'm still a paranoid consumer and I hope you are too.  I want to see more scrutiny out there folks! 

Tampering with PIN pads

It was reported this week that the PIN pads at Barnes & Noble were replaced with skimming devices in 63 stores.  These external skimming devices were unwittingly used by customers whose credit card numbers were compromised and in some cases used. 

Many consumers are aware of security breaches such as the T. J. Maxx/Marshalls incident in 2005 when customer data was intercepted by poorly secured wireless access points.  The breach where social security numbers and other sensitive information was lost when a Veteran's Affairs database on a laptop was stolen from an analyst's home in 2006.  In 2011 77 million Sony Playstation accounts were hacked.  The list certainly doesn't stop there.

How do we protect ourselves?  Consumers often have no role in the security of their information.  Consumers are often the victims of the reckless or careless actions of others.  I have a few suggestions:

Protect your computer.  Install and maintain a virus protection suite that includes malware protection.  Ensure your computer has up-to-date patches for software on the computer including the operating system (Windows, Mac os, etc.) as well as updated software patches.  Backup important files to a separate thumb or hard drive.  Provide physical protection for that drive.

Minimize the amount of information you provide online retailers.  Do not set up accounts where your credit card data is saved on the retailers server. 

Protect your passwords.  It's important that you create a unique password for each account you use.  Consider using a password safe where you can store your passwords electronically in an encrypted file on  your computer.

Consider using a separate credit card  for online purchases.  Many people have a credit card with a nice credit limit that they use for most purchases.  If that card is compromised the credit limit might allow a thief to rack up lots of charges.  Transferring funds to a separate card to cover expenses will lower the potential amount of hassle.  Several retailers offer reloadable cards that can be used for online purchases to limit your exposure.

Ask the cashier to swipe your card.  The Barnes & Noble breach was limited to the customer PIN pad.  Hand your card to the cashier and ask him or her to swipe your card. 

Know where to go if the worst happens.  Visit OnGuardOnline.gov to learn how best to respond if you become a victim.

Stay safe out there!