Personal Security Audit - Research Paper Example

? Security Audit Security Audit Personal Security Audit In gathering information regarding the need and the process to undergo a personal security audit, the Google search engine generates an enormous amount of data and research literature on the subject. Using key words such as ‘Identity Theft Protection’ and ‘Personal Security Audit’, I was accorded vast information on guidelines to protect myself from risks associated with breach of security, privacy and confidentiality through the use of the internet and various online sites. In my personal audit, the following relevant information were collected and gathered: (1) identifying and examining if my identity is safe; (2) the reasons why I need to protect myself from identity theft; and (3) how I could protect myself using very basis guidelines against potentially exposing myself for incidents of identity theft ( (Identity Theft Protection (IDPST), 2012). During the course of the personal security audit, as I was made aware that through answering and going through the questions, the following areas were the identified strengths: (1) logging off and locking my computer every night; (2) responsible use of access information by not sharing it to others; and (3) being extra careful on transmitting personal information through email. However, one noted that there was an eminent weakness in the use of passwords. In one instance, I discovered through friends that there were sent some messages through email apparently being sent from my email address. In this regard, there was potential risk in my password being compromised. As needed, I immediately changed my password and the incident did not happen again. Through browsing more information on doing a personal security audit, I learned that by believing that I would not become a victim of identity theft, I was actually exposing myself to the risks of being unprotected and exposed to security risks. In the LifeLock official website, an organization that aims to provide proactive identity theft protection to members who opt to register, it was disclosed that through do-it-yourself personal security audits using free credit bureau reports (AnnualCreditReport, 2012), I would only receive the minimum amount of information for personal security audit. Credit monitoring done by financial institutions generates credit alerts, address monitoring and information from the credit bureau reports. The LifeLock Identity Theft Protection boasts of covering proactive protection, advanced internet monitoring, credit alerts, non-credit alerts, address monitoring, lost wallet protection and credit bureau reports (LifeLock, 2012) for prices such as $25.00 / month or $275.00 / year for a LifeLock Ultimate package or a minimum of $10.00 / month or $110.00 / year for a LifeLock package (LifeLock, 2012). The safety tips provided by the IDPST site are likewise helpful in making me more aware of areas to focus on, such as the need to dispose of mail or correspondences that has my personal address and information; never carrying the SSS card; never using the SSS card as an identification number; being careful of credit card receipts; being careful of using debit cards when shopping online; and keeping personal information within my area of residence and not to be carried along. By doing so, the personal security audit enhanced my awareness on areas to be most careful of and to follow the simple guidelines that would assist in protecting myself from identity theft. In sum, the personal security audit made me realize that my personal practices in terms of identity protection (never carrying my SSS card in my wallet; locking up personal ids and information in a safe box at home); credit cards (using a virtually difficult signature to replicate and indicating that a photo ID is required; having photocopies of the credit cards safely at home; checking and monitoring all credit card transactions) and improving my password all ensure that I would be duly protected from identity theft. Identity Theft Statistics In the book written by Wood and Smith (2005) entitled “Online Communication: Linking Technology, Identity, and Culture”, the authors emphasized that the use of technology to communicate in diverse ways actually paved the way for resourceful people to victimize unsuspecting individuals through disclosure of personal information. This was validated by Kahn and Roberds (2005) who indicated that “faster and cheaper access to data can make it is easier to fight fraud, but the increase in data-based transactions may make attempts at identity theft more attractive” (cited in (Anderson, Durbin, & Salinger, 2008, p. 183). As I observed and assessed, the prolific use of electronic medium has significantly contributed to the increased incidences of identity theft. This was exacerbated by the lack of public awareness on what to do, where to go to report incidents of this type, and that people who had been victimize have options to correct and recovery what has been stolen. From the article written as a working paper by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) (2007) there were identified stakeholders or parties that are affected by this type of criminal activity. These parties are the individuals victimized, the governments, business organizations, and law enforcement agencies. The individuals are the identity owners who often carry the most burdens in this situation. The governments were explained to assume three roles as identity certificate issuers; identity information protectors; and identity verifiers. Business organizations, on the other hand, especially banks, credit card companies, and financial institutions assume the crucial roles of identity checkers and also as identity information protectors. By implementing stringent checking and authenticating tools and mechanisms, organizations could pre-empt the occurrences of identity theft and could even protect any impending incident to happen through announcing to their clients if any security breach or risks currently exist. In an article written by Rafter (2012), entitled “Identity Theft Statistics for 2011”, it was revealed that the latest statistics sourced from the Federal Trade Commission disclosed a total of “250,854 complaints about identity theft in 2010… (where) the most popular type of identity theft involved criminals stealing victims’ identities so that they could use their information to apply for federal benefits such as Social Security payments” (Rafter, 2012, par. 5 & 7). As I deduced, the increase in number of personal information stolen is closely related to the increased difficulties in meeting physiological needs brought about by social and economic factors, such as increased unemployment, poverty, financial and economic difficulties, among others. Likewise, identity theft incidents were disclosed to be instigated due to several reasons. The CIPPIC (2007) disclosed that identity thefts were attractive to criminals due to the high returns provided, the benefits of concealment, and apparent mild penalties or sentences when compared to other criminal activities. In addition, the ready access to available personal information was also reported to be a contributory factor to its growth. As the report also noted, the reliance on using the Social Security Number (SSN), as a personal identifier and which is readily available and accessible through internet sites, payroll accounts, and even used in credit reports, have made the information widely offered to lure prospective criminals. Statistics released by the Federal Trade Commission (FTC) revealed a significant number of people victimized of identity theft, to wit: “the most recent figures from the Bureau of Justice statistics indicate that 11.7 million people, representing 5 percent of all people in the U.S. age 16 and older, were victims of identity theft between 2006 and 2008. Identity theft can be perpetrated using such low-tech methods as purse snatching or “dumpster diving,” or high-tech techniques like deceptive “phishing” e-mails or malicious software known as “spyware”” (Federal Trade Commission, 2011, par. 1). The information is therefore alarming as the incident seemed to be unabated and therefore continue to expose larger amounts of unsuspecting victims until contemporary times. In my research, I have observed the age ranges of victims start as early as 16 when personal information are disclosed through social networking sites and where appropriate knowledge on the risks of exposure have not yet been effectively established. In the study conducted by Anderson, Durbin, and Salinger (2008), the authors likewise indicated that there are different types and prevalence of identity theft ranging from misuse of existing card only, misuse of existing accounts other than credit card accounts, and the more serious opening of new accounts or other frauds committed (p. 173). The types of misuse were reported to determine the time and amount spent by the victim to resolve the theft inflicted. The costs incurred by victims according to the types and prevalence of identity theft range from the least gross value stolen from the victim’s personal information of a median of $350 for misuse of existing credit card only, to as much as a median of $1,350 for new accounts opened and other frauds committed (Anderson, Durbin, & Salinger, 2008, p. 177). There were reported other problems faced by the victims including harassment from debt collectors; correcting information; being turned down for credit availment, loans or bank accounts applied; utilities cut off; or even being criminally investigated and being subject to civil obligations (Anderson, Durbin, & Salinger, 2008, p. 179). For corporations that have been victims of identity theft, the losses were greater, as disclosed by Romanosky, Telang, and Acquisti (2011), to wit: “identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with up to 35 percent of known identity thefts caused by corporate data breaches” (p. 256). The next sections would therefore present guidelines to prevent and correct occurrence of identity theft, as required. Identity Theft Prevention To protect the public from identity theft, the guidelines that were above mentioned had been emphasized by the FTC as the need for consumers to closely guard personal information and details, particularly the social security number (SSN) and to shred documents that could divulge relevant information, such as copies of official receipts, credit applications, bank documents, to name a few. Likewise, consumers also should develop a practice of reviewing their credit card and bank reports regularly and be increasingly vigilant on the symptoms and signs that indicate that their personal information has been compromised (Federal Trade Commission, 2012, par. 1). More importantly, we, as consumers, are made aware that exposing ourself to the risk of identity theft is predominantly due to manifested online behavior. As indicated by Milne, Labrecque, and Cromer (2009), “self regulatory policy in the United States requires consumers to be, in part, responsible for their online behaviors and to protect their privacy and security” (p. 449). The authors devled into the factors that facilitate propensities to expose oneself to security threats such as self-efficacy, adaptive versus maladaptive behavior, and protective and risky computer-based behaviors. The findings revealed that “the self-efficacious individual is more likely to protect her information and broader computing environment, and is less likely to take high-risk unprotected actions from being too trusting or lazy with respect to online protection” (Milne, Labrecque, & Cromer, 2009, p. 464). Therefore, educators, federal agencies, and security organizations should be able to create effective strategies in designing information that would assist consumers in assuming adaptive and protective behavior to ensure that identity thefts would not be on the rise. As appropriately advised, there have been standards and regulations designed and implemented by different organizations to protect the consumers against identity theft. Among the agencies disclosed are: “the Federal Trade Commission’s (FTC’s) fair information principles that outline standards for keeping consumer information safe and giving consumers notice and choice about how information is used; the Gramm-Leach-Bliley (financial institutions), HIPAA (medical information), COPPA (protection of children online), FERPA (disclosure of educational records), and FACT Act (Reporting of Credit Data)” (Milne, Labrecque, & Cromer, 2009, p. 467). The FTC was the governing organization authorized to provide authoritative information about detecting, deferring and defending identity theft through a comprehensive disclosure of information through its official website. Consumers must enhance personal awareness and be actively involved in assuming the appropriate protective stance, as required. Likewise, by keeping myself updated on these standards and regulations as well as the trends and techniques being used by identity thieves through various media, I would be more vigilant and be able to apply measures that would assist in early prevention, detection and recovery of what has been stolen from me. Identity Theft Detection We, as consumers, are reminded that the most effective way to detect identity theft is through regular monitoring of accounts: credit cards, bank accounts, financial statements, billing statements, among others. The FTC provided guidelines that would serve as reminders for people regarding detecting identity theft through being aware of the signs of identity theft; determining ways of finding out if your identity has been stolen; and what personal information should be monitored regularly (Federal Trade Commission, n.d.). Likewise, business organizations, financial services and other agencies that were identified to assume roles of identity checkers and protectors must likewise be able to immediately detect any security breach or onset for personal identity theft. From among the signs that we as consumers should be attentive to are: unexplained debts, unexplained withdrawals from bank accounts, failure to receive bills, receiving credit cards that we have not applied for, to name a few. Consumers could only be aware that their identity has been stolen when credit agencies or bill collection agencies call or send correspondences for debts or loans that have become overdue but were never incurred by you. To avoid this, as previously noted, regular and vigilant monitoring of one’s billings, bank accounts, credit account statements, and other financial records should be done, evaluated, and reviewed. Concurrently, on the side of sellers and creditors, identity theft could be detected by employing various techniques that would verify the authenticity of the presented personal information. As emphasized by Anderson, Durbin, & Salinger (2008), there are three authentication techniques that the public should be aware of, such as the (1) ‘token-based’ authentication, which was reported to be based on the physical object currently held or possessed by the user; (2) the ‘knowledge-based’ authentication, which was disclosed to be sourced from the possession of crucial and critical information that only the individual is expected to know; and (3) biometrics, which was indicated to be based on identified physical characteristic of the person himself, for instance, a particular way of signing documents (Clarke, 1994; cited in Anderson, Durbin & Salinger, 2008, p. 183). By being more stringent and meticulous in verification, the onset of identity theft could immediately be detected. Identity Theft Correction (Recovery) If we, as consumers, have detected that their identities have been compromised, the FTC, which is the governing agency tasked for public awareness on the issue, has indicated that there are steps or procedures that should be followed as soon as the incident is detected. According to the article published by the FTC entitled “Taking Charge: What to do if your identity is stolen?”, the most important thing to do is to take immediate action. The immediate steps were enumerated as: “(1) place an initial fraud alert; (2) order your credit reports; (3) create an identity theft report” (Federal Trade Commission, n.d., p. 5). In placing an initial fraud alert, the steps include contacting one of the credit reporting company (Equifax; Experian; or TransUnion); learning one’s rights; marking one’s calendar for the fraud alert to take effect within 90 days and could be renewed afterwards; and updating one’s files that has been significantly affected) (Federal Trade Commission, n.d., p. 6). To order the credit reports, as I have learned from the personal security audit, each of the three credit reporting companies could be contacted. Likewise, updating my files is the next logical step. Since the FTC is the governing agency tasked to provide accurate and authoritative information in identity theft, it would be useful for consumers to log in and access their official website: http://www.ftc.gov/bcp/edu/microsites/idtheft/index.html to secure the needed information on prevention, detection and defending oneself through correction and recovery measures. For instance, creating an identity theft report has been explicitly indicated to involve three steps, as follows: (1) “Submit a complaint about the theft to the FTC. When you finish writing all the details, print a copy of the report. It will print as an Identity Theft Affidavit. (2) File a police report about the identity theft, and get a copy of the police report or the report number. Bring your FTC Identity Theft Affidavit when you file a police report. (3) Attach your FTC Identity Theft Affidavit to your police report to make an Identity Theft Report” (Federal Trade Commission, n.d., p. 9). By taking charge and instituting immediate action as soon as consumers detects that his/her identity has been compromised, appropriate government agencies and departments should be alerted and effective means could be instituted to recover what he/she has lost or what information needs to be corrected. Conclusion This field project and research paper assisted in achieving my goals of enhancing awareness regarding making a personal security audit and illuminating myself on the pertinent issues relative to identity theft: its current statistics, prevention, detection, and correction. I am hereby greatly enriched by the comprehensive information learned about the importance of protecting personal information and the need to assume a protective stance in terms of manifesting responsible online behavior. Through the wealth of credible and reliable information gathered from various sources on the background, causes, and patterns used by criminals to lure unsuspecting victims to disclose personal information, I realized the importance of being vigilant and being more self-efficacious, not to be totally trusting, and to assume an ever protective behavior in all personal and professional transactions. As the incident is highly related to technological advancement and breakthroughs, I have been apprised of the need to assume a proactive stance in guarding personal information to ensure privacy and confidentiality, as a paramount goal. Through the guidelines in preventing, detecting and correcting identity theft and through being apprised that identity theft continues to pervade contemporary society, I am made more aware of the need to adhere to protecting personal information, not only in dealing with others through the online medium, but more so, in whatever current or future endeavors I intend to pursue. References Anderson, K., Durbin, E., & Salinger, M. (2008). Identity Theft. Journal of Economic Perspectives, Vol.22, No. 2, 171–192. AnnualCreditReport. (2012). About Us. Retrieved April 18, 2012, from https://int.annualcreditreport.com/cra/helpabout Canadian Internet Policy and Public Interest Clinic (CIPPIC). (2007). Identity Theft: Introduction and Background. Retrieved May 4, 2012, from http://www.cippic.ca/sites/default/files/bulletins/Introduction.pdf Clark, R. (1994). “Human Identification in Information Systems: Management Challenges and Public Policy Issues.” Information Technology & People, Vol. 7, No. 4, 6–37. Federal Trade Commission. (2011, September 9). Identity Theft and Data Security. Retrieved April 22, 2012, from http://www.ftc.gov/opa/reporter/idtheft/index.shtml Federal Trade Commission. (2012, January 13). What Consumers Can Do About Identity Theft. Retrieved April 22, 2012, from http://www.ftc.gov/opa/reporter/idtheft/consumeradvice.shtml Federal Trade Commission. (n.d.). Detect Identity Theft. Retrieved April 24, 2012, from http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/detect.html Federal Trade Commission. (n.d.). Taking Charge: What to do if your identity is stolen? Retrieved April 25, 2012, from http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.pdf Identity Theft Protection (IDPST). (2012). Is Your Identity Safe? Retrieved April 18, 2012, from http://www.idpst.net/ Kahn, C., & Roberds, W. (n.d.). Credit and Identity Theft. Federal Reserve Bank of Atlanta Working Paper. Atlanta, Georgia: Bank of Atlanta. LifeLock. (2012). LifeLock Identity Theft Protection. Retrieved April 19, 2012, from http://www.lifelock.com/ Milne, G., Labrecque, L., & Cromer, C. (2009). Toward an Understanding of the Online Consumer’s Risky Behavior and Protection Practices. Journal of Consumer Affairs, Vol. 43, Issue 3, 449-473. Rafter, D. (2012). Identity Theft Statistics for 2011. Retrieved April 20, 2012, from http://creditshout.com/blog/identity-theft-statistics-for-2011/ Romanosky, S., Telang, R., & Acquisti, A. (2011). Do data breach disclosure laws reduce identity theft? Journal of Policy Analysis and Management, Vol. 11, No. 2, 256-286. Wood, A., & Smith, M. (2005). Online Communication: Linking Technology, Identity, and Culture. Mahwah, NJ: Lawrence Erlbaum Associates. Read More