Government, Business Can Do Better With Our Data
We've spent years trying to secure our computers against online identity theft, but the clumsiness or incompetence of Big Government and Big Companies is going to leave us unguarded anyway.
Since early 2005, everybody from the Department of Veterans Affairs and Ernst & Young to Georgetown University and even the Federal Trade Commission -- yes, the government body charged with defending your privacy -- has managed to lose valuable data about customers and citizens.
Sometimes an online hack has been to blame; other times an employee's laptop has been stolen while out of the office. Either way, the payoff to any crook -- bank account, credit card and Social Security numbers -- far outstrips what could be gained from cracking any home computer.
Thanks, guys! So helpful of you all to guard my data that carefully.
Amazingly enough, nobody has been able to identify any serious exploits of the data lost in these escapades, but it's bound to happen. The potential reward is too high: An identity thief can vacuum out your bank account, wrecking your credit in the process.
People whose data have gone missing in this way have usually gotten only a "mistakes were made" apology and a year of free credit monitoring.
That's not nearly good enough. A lifetime of credit monitoring can't substitute for doing the job right the first time.
That has nothing to do with tougher penalties for laptop thieves or database hackers (though those wouldn't hurt). It has everything to do with reducing the chances of a successful data theft -- and then limiting the damage when the inevitable mistakes happen.
Those steps may not be easy, but neither is keeping the average home computer secure. The government and corporate America -- any organization that's treated, and traded, our data like a cheap commodity -- will have to suck it up and deal.
- Stay up to date with security. (Duh.) Install security patches when they're released; more important, use more secure software in the first place. Stop putting Windows 2000 on new computers just because you bought a site license to that operating system way back when; upgrade to XP, which includes far more security fixes than are available for Win 2000. Or switch to Linux or Mac OS X. If your computers don't all run the same system, they can't all be taken out by the same attack.
- If your employees need to access sensitive data out of the office, make them do so through a secure, remote connection -- not by taking their own copy of the file with them. This way, when a laptop goes missing, the important data do not.
And if that means traveling employees have to watch a movie or read a book on a plane instead of crunching away on the personnel database, so much the better.