Identity theft has evolved to become a widespread issue. Thieves will go to far lengths to try and nab personal information, using tactics such as hacking, malware, social engineering, or dumpster diving, to name a few.
Considering the consequences of identity theft, with the problems arising from becoming a victim, why are some people complacent with securing their own data and/or businesses not adequately safeguarding personal identifying information?
ID Theft Tops List of Consumer Complaints
According to the Federal Trade Commission (FTC), in 2010 19 percent of the overall complaints it received were related to identity theft. 1 That same year the Internet Crime Complaint Center (IC3) cited identity theft as the second largest Internet-related crime complaint in 2011. Fast-forward to 2015 and this continues to be an ongoing problem. According the FTC in 2014, identity theft topped the list of consumer complaints for the 14th consecutive year. 2
Another big problem has emerged in the form of child ID theft. Experts suggest this issue is growing at an alarming rate. Every thousands of child identities are stolen and children are at 51 times greater risk of being targeted as a victim. Thieves actively use the identities of children as they are "a clean slate", as Richard Power notes in a report published by Carnegie Mellon CyLab. 8
Is Society Too Complacent About Identity Theft?
Despite these statistics and consequences resulting from falling victim to identity theft, it appears some people are still lax about protecting personal information. In May 2014 a survey conducted by Credit Donkey showed, despite more awareness and warnings, consumers may not be taking the risk of identity theft seriously. The company surveyed 510 American adults. Results found 3 in 10 of individuals surveyed share their password with a friend, 31.6 percent of participants used the same password for multiple websites, and 24.5 percent of those surveyed friend people on Facebook they do not know. 3
This small sample shows statistics which, if these are any indication, perhaps illuminate people may either not be aware of, or are simply lackadaisical, to the consequences of poor password practices and/or too much sharing of personal information online.
Over the years as we become more integrated with technology and being "connected", passwords have evolved to become the virtual equivalent of house keys to safeguard personal belongings. In fact, so much that it has become challenging for many people to remember the many passwords needed these days. We might write them all down, put them all in an Excel spreadsheet or encrypt them using security software, to name a few approaches of trying to keep track of all these strings of characters. The difficulty in trying to keep track of personal and work passwords is likely a primary factor why people are lax in protecting their information; remembering all of these entry codes has become burdensome. In fact, so much, some industry experts believe passwords will soon become extinct, being replaced by biometrics.
Sharing Passwords with Friends
Perhaps people view sharing passwords with friends not unlike handing a trusted neighbor with a house key. In this respect, individuals ask their friends to help safeguard their online information in the event they forget a password or can't access. This, however, is bad practice for several reasons. A friend may be just as lax with a password, could get hacked or just simply not be as trustworthy as one thought. A traditional house key is easier for the average individual to track in the event of a breach, a password? Not as much control.
Facebook and Other Social Media
On social networks, such as Facebook, the websites are heavily gravitating towards using "real" identities, unlike the anonymous nature of yesterday's Internet, perhaps more remembered as the America Online era. So while trends have changed, people's habits have not. It is common for people to share all sorts of daily details about their lives on networks such as Facebook without giving it a second thought.
Additionally, Facebook and some other networks, give the impression of a "small town" feel, while in reality is an open world, despite privacy settings. Also, people are often trusting and believe stranger profiles to be who they say they are, but in theoretically these identities can be an entire fabrication.
The world is changing and as "real life" gravitates towards the online environment, this alters the dynamics of society. Identity theft is a real threat, and for those afflicted, it can be a real nightmare. In order to reduce the risk of falling a victim to identity theft, it is important to recognize the risks and then put smart practices into place such as strong passwords and keeping them private. Also, it is of value to pay mind to what information is shared online. There are those online just waiting to nab the information, some even cultivating friendships with the motive of identity theft.
"In reality, identity theft can strike any of us, and just like you shouldn't leave your front door unlocked, you should take basic precautions to protect yourself," advises Charles Tran, founder of Credit Donkey.
Businesses and Data Breaches
While it's important we all do our part in trying to protect our own data, perhaps even a bigger problem is the data we don't have any control over. The data that is supposed to be protected by our governments, companies we do business with, and any other organization we associate with either once or routinely. Yet, it seems every week new reports of data breaches emerge and, if the Anthem, Target, Sony and Home Depot attacks are any indicator, they are getting bigger and more problematic.
As more and more data breaches are exposed (and these are the only ones we're being told about), it seems to becoming clearer many businesses/organizations do not adequately secure data, instead hiding behind the excuse of a "sophisticated attack". Lately, I've read a number of security reports that seem to indicate many of these attacks are not as "complicated" as the organizations make it sound.
"Every significant data compromise is said to be sophisticated. Well, sophisticated attacks are now average attacks. Deal with it," says Ira Winkler in a Feb. 10, 2015 Computerworld article. 5
Organization or businesses that house our personally identifying information need to take security more seriously. For the last several years a list comes out highlighting the most common business passwords. Usually topping that list is"123456" and "password" and 2014 was no exception. In January 2015, Splash Data came out with its annual list highlighting the most common leaked passwords and, yep, you guessed it, those two were the top, followed by "12345", "12345678", "qwerty", "1234567890", "1234", "baseball", "dragon" and "football" as rounding out the top 10.
Yes, security is expensive, but that is one of the costs of doing business in a high-tech world. And using passwords such as "123456" and "password" (or the more clever "password1") should be prevented by security measures indicating it is too weak.
Identity theft is something we should all take seriously, both on a personal and business level, employing consistent good practices can at least reduce some of the risk.
[Related reading: Are Your Passwords as Secure as You Think? ]