Mark Pribish

Lost electronic devices can lead to data breaches

By Mark Pribish
Vice President and ID Theft Practice Leader

Nearly half of all data breaches occur when ID-theft criminals access information because we lost a device.

In fact, nearly 41 percent of all data breach events from 2005 through 2015 were caused by lost devices such as laptops, tablets and smartphones, according to a new TrendMicro report.

TrendMicro's analysis included data breaches by business sector, and one of the significant findings was that missing devices and untrustworthy insiders made the health-care industry responsible for more data breaches than any other business sector in the last 10 years.

To gain a security expert's perspective on reducing the impact of lost or stolen devices, I reached out to Alan Saquella, a member of the Merchants ID Theft Advisory Board that I co-chair and the Western region manager of security/investigations for Cox Communications.

"The two things that we do at Cox to prevent and/or minimize lost devices is to implement a required, annual training on privacy and security, which is tracked by employee for compliance," he said.

In addition to education, "all devices are tracked with GPS and/or CompuTrace (a laptop tracking software) and so far, we have been very successful in recovering lost or stolen equipment," Saquella said.

To help you understand where the major risk areas are beyond lost devices, TrendMicro reported that data breach events happen in the following ways:

  • 25 percent of breaches were caused by hacking and malware
  • 17.4 percent of breaches were caused by unintentional disclosure (not including lost devices)
  • 12 percent of breaches were caused by malicious insider leaks

The report said that that health-care business sector was the largest target, accounting for 26.9 percent of data breaches this decade, followed by education (16.8 percent), government (15.9 percent) and retail (12.5 percent).

At the same time "healthcare had a significant insider leak problem (17.5 percent of its breaches). Insider leaks were the primary source of identity theft cases (44.2 percent) and healthcare was hit harder by identity theft than any other sector, accounting for 29.8 percent of cases."

While IT and hacking are the sizzle that continues to create data breach headlines, the truth is, most events are caused by device loss and the insider threat.

While attackers certainly target personal identifiable information, credentials, more specifically the credentials of a network administrator, can be more lucrative. Administrator level credentials can provide attackers with the ability exploit an entire organization in an attempt to gain valuable Intellectual property such as trade secrets, or copywritten works.

Although retailers have suffered many major losses as the result of data breach events, the most affected industry is the health-care sector.

Realize that devices will be lost, thus your organization needs to take steps to minimize the sensitive information contained on these devices, encrypt the data when it cannot be avoided, track and retrieve the devices when necessary, and remotely wipe devices if all else fails.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scam Alert -- Beware of Job Offer with an Online Interview

October 05, 2015

Looking for a job? Watch out for this twist on the common job hunt con that uses real business names and "interviews" job candidates over instant messenger.

How the Scam Works:

You spot an online job posting or receive an email about a position from a "recruiter." You search online for the company name. It's a real business with a website, so you email your resume to the hiring manager.

The "manager" replies and invites you to interview for the position. Instead of coming into the office, the "manager" asks you to do an interview over an instant messenger service. He or she urges you to download the program and answer questions about your qualifications.

The interview goes well and the "manager" offers you the position. Don't take it! Job scams steal money and/or personal information from victims. In one version reported to Better Business Bureau, the "job" is actually a crime. The position involves assisting criminals in transferring stolen money or good out the country. If you participate, you could be prosecuted.

How to Spot a Job Scam:

  • Check the business's website. Scammers frequently post jobs using the names of real companies to lend legitimacy to their cons. Check on the business's website for the position and/or call to confirm.
  • Some positions are more likely to be scams. Always be wary of work from home, secret shopper positions or any job with a generic title, such as caregiver or customer service representative. These positions often don't require special training or licensing, so they appeal to a wide range of applicants. Scammers know this so use these kinds of titles as a hook.
  • If a job looks suspicious, search for it online. If the result comes up in other cities with the exact same job post, it is likely a scam.
  • Watch out for on-the-spot job offers. You may be an excellent candidate for the job, but beware of offers made without an in person interview. A real company will want to talk to a candidate before hiring him or her.
  • Look for other warning signs. Watch out for communications riddled with typos and bad grammar. If a job posting claims it pays significantly higher than comparable jobs, that is warning sign. If the "hiring manager" is very persistent in his or her communication with you, that's another red flag.

For More Information

To find out more about other scams, check out BBB Scam Stopper (bbb.org/scam).

Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/

If you believe your identity has been stolen, call 866.SMART68 today.