‘Human error single biggest threat to cybersecurity,’ panelists say

While added security measures may seem cumbersome, actions taken by consumers can prevent long lasting problems

By Kayla Daugherty

Public policy expert Randi Parker said that employees don’t have to be IT specialists to be involved in security efforts.

“Everyone in your organization has a role to play in security,” said Parker, director of public policy and public advocacy for CompTia in Washington D.C. “Sixty-three percent of work devices are being used for personal activities as well.”

Parker said most of hackers get into business systems through corrupt emails or bugged pop-ups clicked by uninformed employees.

She was among six panelists recently invited by Rep. Bill Foster (D-Ill.) to discuss how business owners and consumers can identify and counteract any potential cyber threats.

“It seems that every month we hear about a new breach or hackers swiping data from businesses that represent the public,” said Foster whose aim is to protect and provide businesses with information on how to recover data should a firewall be breached.

“Once that number is out on the black market, is out there forever,”

– Mike Lee, KCT Credit Union

Bill Hodor, an attorney for the Federal Trade Commission, said that the agency noticed an increase in consumer concern about data security.

“Certainly looking back years ago consumers did not place as much importance on the security of their data because quite frankly they were unaware of it,” Hodor said.

He said times have changed as consumers now tune in because to the availability of information.

“They read their newspapers, they listen to the news, they see the headlines about these breaches that have impacted millions, tens of millions of Americans, so it is very important to consumers that their data be secure,” Hodor said.

Due to this increase in consumer concerns the FTC is encouraging companies to act responsibly with the data they collect. Companies need to know what customer information they have and what third party or employees have access to that information. Additionally, Hodor and his associates in the FTC stress to companies that if they don’t need the information, they shouldn’t keep it.

Also emphasized in the panel discussion was the need for businesses to have physical security, electronic security, employee training and oversight and a service provider. According to the FTC, companies should properly dispose of the information that they no longer need, simply deleting a file or tossing files into a dumpster is not a responsible practice. Lastly, companies need a plan for when or if security breaches occur.

Since 2002, the FTC has brought over 50 data security cases that have resulted in settlements, which Hodor feels has altered vital security of data practices.

One of the more recent security changes are the new security chips in credit cards.

The main thing consumers need to understand is that while changing passwords or credit cards every couple of years might seem burdensome, the alternative is mush more costly.

According to a report published by Javelin Research & Strategy, nearly 31.8 million U.S. consumers had their credit card information stolen last year, more than three times the number of consumers affected the year prior.

“Once that number is out on the black market, is out there forever,” said Mike Lee, president and CEO of KCT Credit Union in Elgin, Ill.

As a long time professional in the banking industry, Lee said has seen how credit card or identity theft can change a person’s life and ability to function. Lee adds that it puts his company and security analysts in a difficult position.

“One of the biggest issues with the cyber attack is that you kind of have to have a sick mind, he said. “You have to think like these people. We are constantly trying to think what the next thing is going to happen. How am I going to protect my data?”

Photo at top: While added security measures may seem cumbersome, actions taken by consumers can prevent long lasting problems.(Kayla Daugherty/Medill)