Five Ways to Fight ID Theft

What's more valuable than your own good name? ID theft is the fastest growing white-collar crime in the country. What's a CSO to do?

1 2 Page 2
Page 2 of 2

That could work any number of ways. Companies could require customers to download digital certificates that would give them secure access to their account information. Or customers could log on to websites using smart cards or USB thumb drives that hold digital identification. And there's the long-awaited promise of biometric technologies that would let customers log on with a fingertip. Prices are coming down enough that it's possible to imagine a day when every new computer comes with this type of hardware; thumb scanners now cost less than $100.

In the meantime, it might be enough to advocate that your company begin digitally signing all outgoing e-mails. You might be forced to do so: Some security-savvy customers are already trashing all e-mails from businesses that aren't digitally signed.A Stitch in TimeCSOs who don't protect customers and employees from identity theft may face a more onerous task: damage control. Just ask Bob Brand, security director for Cox Enterprises, who found himself in the unenviable position of trailblazing the role of the CSO in preventing and responding to the crime.

It started four years ago when some of the 80,000 employees of Cox Enterprises, an Atlanta-based media conglomerate, began getting notices from collection agencies about overdue store credit card accounts. The credit had been issued at Best Buy, Circuit City and Federated stores in the Atlanta area, but many employees were based in Ohio and Texas and had never even been to Atlanta. Gradually, through word of mouth, affected employees realized that it must be an internal problem. An investigation revealed that personal information about some employees had leaked through contractors working on a project.

Brand admits that Cox could have prevented the problem. "What happened with us happened with a lot of companies: We grew fast," he says. "You put the system in place and then you have to play catch up with some of the administrative issues."

And if it were partially his fault, the solution was also partially his. As security director, he took charge of helping victims restore their credit. "It wasn't pleasant," he says. Dispatchers didn't understand how to take down a report of identity theft because the issues cross state and even country lines. When the perpetrators were eventually convicted, Brand shared the victims' disappointment at the sentencesprobation with no jail time. "We had an expression that unless you used the judge's identity, you weren't going to get punished," he says. Brand was so disturbed by the whole experience that he went on to help form the Georgia Stop Identity Theft Network, which brought together businesses, law enforcement and the attorney general's office, and has resulted in Georgia having some of the toughest identity theft laws in the United States.

Brand discovered at the business level what John N. Stewart had discovered on a personal level: It's still a whole lot easier to keep identity theft from happening in the first place than to repair the damage after the fact.

"This crime can be just devastating," Brand says. "It's bad business not to protect to the best of our ability an individual's personal information. Why would you want to do business with a company that does not protect your information?"

Copyright © 2004 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 hot cybersecurity trends (and 2 going cold)