Should you give Kevin Mitnick your name?
If you’ve ever received an email from a friend, in which she asks you to wire money to her in the Philippines because her luggage and wallet have been stolen (and yet you know she’s safe and sound down the street), you’ve known someone whose email account has been compromised. Have you ever seen fraudulent activity on your credit card? Have you ever filed a tax return only to be told a tax return for that social security number has already been filed?
Chances are, you’ve encountered at least one of these situations in the past few years. It’s easy nowadays to fall victim to phishing or have credit cards compromised. But just how easy do you think it is for a hacker to do his deed?
Unfortunately, it’s really quite easy, actually.
Kevin Mitnick’s Public Hack
At a BBVA luncheon a company CEO volunteered for a live demonstration with Kevin Mitnick, the world’s most renowned hacker. Kevin asked the volunteer to join him onstage and, after a quick introduction, searched for the volunteer’s first and last name in an online database, which charged just a dollar per search. There were a few results.
So Kevin verified the volunteer’s middle initial and hit search again. And… Bingo! On the projection screens, visible to an audience of about 200, the volunteer saw his recent home addresses among other personally identifiable information (PII).
Using this information, Kevin easily found the volunteer’s driver’s license number in another database. And within minutes and for just a few dollars, Kevin had enough information to open credit cards in the volunteer’s name, change information on existing accounts, or worse.
So Now What?
Rather than clap for the feat accomplished so quickly and deftly, the audience stared wide-eyed at Kevin, the volunteer CEO, and the projection screens, as if struck paralyzed and dumb. The fear in the room was palpable.
The fact is, no one is impervious and no entity is entirely impregnable to those wanting access. However, the more difficult it is to gain entry, the more likely the intruder will give up and seek an easier target, right? So doesn’t it make sense to raise the barrier to entry?
Fortify Your Defenses
Every small security measure you take fortifies your defenses. As Kevin Mitnick chronicles throughout his book, Ghost in the Wires (2011), physical means are often used to access digital and cyber information. He regularly dumpster dove for sensitive information that had been tossed out instead of disposed of properly. Quick takeaway: shred your documents. In his former life, Kevin also illegally accessed others’ email accounts for login credentials, passwords and business sensitive documents. Another quick takeaway: store sensitive documents in a secure place like a virtual data room.
For more information on secure document collection, sharing and storage, visit www.vaultrooms.com.