Every day your chief information officer tells you that your systems are secure, but that more can be done to safeguard your data and the data of your customers.
Listen to your CIO.
What should be alarming to CEOs is the rate at which criminals adapt, and how well they understand American culture and business cycles. They take advantage of our unemployed, our media hype, our compassion for others, our thirst for technology, our banking laws and more.
Here is an overview of what these criminals-based both stateside and abroad-know, and how they use it to exploit individuals and businesses.
1. Americans stink at passwords. The password "123456" is one of the most popular because it is easy to remember. Criminals know this.
2. Americans are trusting. Telephone phishing is on the rise, and has been somewhat successful due to people's willingness to give information to complete strangers.
3. We are lazy when it comes to security. People do not upgrade software systems and fail to secure wireless networks and even mobile telephones.
4. Americans are a little odd when it comes to personal information. The level of detail given out on social networking sites, and the confusion related to who can see what, is staggering. Criminals will steal from your home when you post travel plans. Business competitors are happy to know what cities you are traveling to, so they know where to go as well.
5. Criminals understand our sleeping habits. Most spam is delivered during the business day-and the business week. Most U.S. victims duped into foreign money laundering are on the East Coast and Midwest. The time difference between Eastern Europe (where many such schemes originate) and the West Coast must be too great.
6. Criminals prey on those looking for work. Cons utilize job-search sites to find unemployed people and contact them for phone interviews. When "hired," these "employees" are asked to provide checking account information so that the company can deposit funds. When an "employee" receives a deposit, he is asked to immediately wire all but some small percentage to an offshore account. These deposits are usually made by fraudulent wire transfer. When the funds' original owner reverses the bogus transfer, the "employee" is left holding the bag for the money moved offshore.
7. Criminals understand business practices and exploit them. A foreign company will hire a law firm to represent them in local matters. When the firm receives the executed letter of retainer, it also receives a check for an amount far greater than requested. The firm deposits the check, not knowing it is counterfeit, and is asked to wire funds to the foreign company. If the firm obliges and makes the transfer before the check clears, the firm will be on the hook for the transfer to the "client."
8. Americans have a voracious appetite for "hot" news trends. When a volcano erupts, or when disaster strikes in some part of the world, Americans want to help. This makes us an easy target, and criminals take advantage of search engine sites to place thousands of new, fake antivirus websites in top search positions. When one of these links is clicked, these underhanded organizations get a user's credit card information and-even worse-install malicious software that masquerades as an antivirus program, preying on those who don't know any better.
9. Criminals build attack networks. At any given time, they can activate millions of computers onto which they've placed malicious software, or malware. Thieves can perform a denial of service attack against a company, against rival criminal gangs, or against anyone else they want to attack-including governments.
10. They are patient, very patient.
So how can consumers and executives protect themselves? The answer may be a combination of vigilance and legislative action.
We believe in free trade. We are open to banking laws and regulations that assist the global marketplace. We are not open to having banks, businesses and our governments sit by and watch as American bank accounts are systematically drained by thugs.
According to the FBI, Americans lost about $560 million due to Internet fraud in 2009-more than double the 2008 number. Criminals have likely already harvested so much information that they aren't able to take advantage of it all right now, but are still collecting.
As business leaders, it is up to CEOs and CIOs to first educate their companies, and then start a campaign to educate friends, families, customers and government representatives on just how pervasive this fraud has become, and what it means, economically, if it is not addressed. Return on investment must take a backseat when it comes to data security, because the model just doesn't fit; the ROI is not the same. We need a collective response to this ever-present attack on the United States and U.S. businesses.
Charles W. Ash is an attorney and chief information officer for the city of Delaware. He can be reached at (740) 203-1275 or firstname.lastname@example.org.
Reprinted from the February 2011 issue of Columbus C.E.O. Copyright © Columbus C.E.O.