Georgene Rice interviews Randy Skoglund, a technology expert with Americans for Technology Leadership. He discusses the intrusive leak of public and private information announced by the FTC (Federal Trade Commission) and other threats that may exist, the security risks these breaches pose, and whether or not any changes in law enforcement policies may bring greater security in the future.
Georgene: First of all let’s talk about the notification by the FTC last month to 100 companies about the data breach of sensitive information. What does it mean to the employee, customers or clients of these companies?
Skoglund: Unfortunately, it means the data was out there in the open for virtually anyone to get through peer-to-peer file networks. These networks became very popular several years ago when people were sharing music files. People don’t realize that when you have these networks downloaded on your computers you have to be very careful about saying which of your files you want to share. Too often folks just say they’ll share all the files on their hard drive, which means anything that is on that computer can be found by anyone else on the peer-to-peer network.
Georgene: The FTC didn’t give the names of the actual companies that were involved in this particular breach. It is my understanding they were both public and private, including schools and local governments—information that a dishonest person wanting to defraud someone could find very useful.
Skoglund: Absolutely, and it isn’t the first we’ve seen of this. Back in 2009 a junior level staffer in one of the Houses of Congress took some files home, uploaded the information on a peer-to-peer network on his home computer to work on them. It contained information on 30 members of Congress that were being investigated. The information found its way to the Washington Post and out to the public.
Georgene: Who ultimately is to blame, the careless employee who uploads information without thinking, or the holder of the information that makes it accessible to the employee where it can be abused?
Skoglund: Employees need to be aware of the information they are sharing. Companies should have policies in place at work that would ban peer-to-peer networks.
Georgene: How do we reduce the incidents of data release? Does there have to be a policy change? Is there something law enforcement can do?
Skoglund: Many times when it comes to cyber security it is us, the consumers, who are on the front line taking the steps necessary to protect our computers. A lot of it has to do with awareness. At ATL, we talk about educating people about information they may be sharing and how that information can be used.
I think the FTC took a good first step making these companies aware of the breach, so that company policies could be put in place to address this, or so that companies could see if their employees or staff are being lax about the policies. Some of the information, such as Social Security numbers, should be locked down so it is not shared anyway.
Georgene: At times we are required to give that type of personal information to schools or other governmental agencies. Are there things we should watch for before disclosing that information?
Skoglund: In many instances there isn’t a lot that we can do, for example when credit card information is stolen from a store. We suggest people check their own credit report. You are allowed to get your credit report once a quarter. There are three major credit reporting agencies and the links can be downloaded. Consumers should also have anti-virus software on your computer and make sure it is updated. These companies spend billions of dollars each year to protect the consumer, but if the information isn’t updated, the protection isn’t there.
Georgene: What resources could you recommend for people to get educated on protecting their personal information?
Skoglund: You can go to our website at https://www.techleadership.org./. We provide common sense tips for consumers and we have links to the FTC site. Or you can go online and just start searching for cyber security.
Disclaimer: Articles featured on Oregon Report are the creation, responsibility and opinion of the authoring individual or organization which is featured at the top of every article.