How to safeguard your identity

Businesses that believe their trusty paper shredder keeps them safe from identity fraudsters are seriously underestimating the scale of the crime, a BBC documentary revealed this week.

Broadcast on Wednesday, BBC1's 'They Stole My Life' lifted the lid on how easy it is for crooks to copy the lives of any person or company which fails to take pro-active preventative measures.

The programme interviewed Peter Wood, head of R&D at First Base Technologies, a company with almost two decades of experience in security solutions, to find out his top tips for combating ID theft - now dubbed 'Britain's fastest growing crime.'

For any business with a Web-based presence, he said it's vital not to put trust in technologies, as "security products are only as good as the people who install and maintain them."

Freelancers, mid-sized firms and large corporates alike were advised to treat security "not as an IT issue - but as a business issue."

Regardless of a company's size, Mr Wood's advice was that "security should be treated as a core business process," and not as an afterthought or an IT problem.

In terms of personnel working at a business, including sub-contractors and freelancers, it is crucial to treat all with respect, to reduce the risk of disgruntled workers engaging in "malicious activities" which may compromise personal or business security .

The relentless pace of technology also poses problems too: wireless networks, a common feature in many home-based businesses, were singled out as potentially dangerous devices for three reasons, as Mr Wood explained.

"Firstly, with the right equipment, your wireless data transmissions can be intercepted in the same manner that a radio receiver can be tuned into radio station broadcasts. If your wireless network doesn't use encryption, an attacker could easily read that intercepted wireless data. If the "data" consists of usernames and passwords, credit card and bank information, sensitive documents and personal data, the attacker has all they need to commit ID fraud.

"Secondly, if no authentication is used, an attacker could join your own wireless network and commit bandwidth theft - use your Internet access to launch attacks on other networks or to download illegal content. In that case, the ISP and law enforcement would come knocking on your door rather than the attacker's.

"Thirdly, if the computers using your wireless network are insecure (poor passwords, for example) an attacker could use the wireless network to access that computer directly - they could then obtain whatever documents and information that they wish, use it as a store for planting illicit material, or plant a Trojan for example.

"The problem is that"out-of-the-box" wireless equipment is not generally configured in a way as to prevent such attacks. Whilst organisations access the administrative interface of wireless devices and configure them securely before they are deployed, the majority of home users simply plug and play such equipment with no awareness of the risks!

"Such home users are then easy prey for war drivers [hackers] and other miscreants. So get out that user manual and secure your wireless devices before it is too late!"

Listed below is Mr Wood's best practice advice for anyone who doesn't want their life stolen.

1. Don't let your important documents (e.g. passport, driving licence) and credit/bank details get into the wrong hands and don't issue photocopies of such documents unless you really have to. Take out document/card insurance such as CPP to assist if these documents are lost/stolen.

2. Don't use a PIN number with a value that an attacker could find out - using your birth date is asking for trouble and change PINs on a quarterly basis - sooner if instinct tells you to.

3. Use your hand to shield against overlooking your PIN number when using a shop's card machine.

4. Subscribe to a service such as Equifax to keep an eye on your credit record - if you get black marks, you can quickly track if they are yours or an attacker's and take action.

5. Use a password safe such as "Password Agent" or similar on your PC to store credit card numbers, bank information, username and passwords for web sites, etc - don't have them on your PC in plain text.

6. Always read the warning messages that appear when you login to your bank - they are there for a reason!

7. Never click a hyper-text link in an e-mail purporting to be from your bank, credit card or any organisation with which you have credentials that could be stolen. Open your browser and use your favourites, or manually type in the bank or other address (not the address that is in the e-mail) - this will stop you from falling prey to phishing attacks.

8. Never open e-mail attachments - first scan them with anti-virus software to make sure they don't have a malicious payload. Turn off the preview pane.

9. Always use a personal firewall, anti-virus and anti-Trojan software on your computer, select strong passwords and use the best security you can for PDAs & mobile phones. Never use a public PC for anything private or sensitive.

10. If using wireless networking, use an SSID that doesn't identify you or the location, disable SSID broadcast, use MAC filtering, don't use DHCP - use static IP addresses instead, use WPA-PSK as a minimum and make sure the router has a strong password set for administrative access.

In a message to Brits who want to keep hold of their personal details, Mr Wood said: "In the 21st century, your digital identity is also your cheque book, your credit rating and your status in the community. If you lose your digital identity you may have to convince credit card companies, insurance companies, banks and even the police that you were not responsible for actions and expenditure carried out in your name. This process could take months and is extremely stressful."

Recent research from Experian supports Mr Wood's verdict. The credit specialist found that it takes each Brit an average of 450 days to discover their identity has been stolen - and a further 300 hours to reclaim it as theirs.


2nd February 2007

Related News

Latest News