Emory Report
April 10, 2006
Volume 58, Number 26


Emory Report homepage  

April 10 , 2006
Identity theft, fraud targeted at annual IT security conference

by paige parvin

Georgia ranks ninth in the nation for states with the highest rate of consumer identity theft.

In 2005, there were more than 52 million electronic customer records lost by U.S. businesses, and the Federal Trade Commission reported more than $680 million in losses to fraud and identity theft.

And every time people send an e-mail, they should assume at least one person will read it in addition to its intended recipient.

These are just a few of the disconcerting facts presented Wednesday at the third annual Information Security Awareness Mini-Conference, hosted by Academic and Administrative Information Technology (AAIT, formerly ITD); Network Communications, and Emory Healthcare Information Services.

How paranoid should Emory technology users be? Despite up-to-date electronic security measures and firewall protection, no one is entirely safe from fraud, identity theft and “phishing,” or online solicitation that attempts to capture personal information, according to Jay Flanagan, IT security lead for AAIT. But the conference panel of experts offered a range of steps individuals can take, at both their Emory and home PCs, to avoid becoming a statistic.

“We want to leave you with ways to adopt a little bit of skepticism … and what types of actions we can take to make ourselves more secure,” said Rich Mendola, vice president for IT and Emory CIO, in his welcome to the packed Cox Hall ballroom.

Keynote speaker Lynn Goodendorf, vice president of information privacy protection for InterContinental Hotels Group, focused on some of the dangers that lurk “offline” or in the physical realm, which account for some 68 percent of identity theft cases. About a third are due to lost or stolen wallets, checkbooks and credit cards—misfortunes Goodendorf has seen plenty of in the hotel business. She also warned guests to be careful with laptops, cellphones and Blackberries, all of which are a gold mine of information for whoever might find them.

In addition to keeping close watch over belongings, Goodendorf suggested people keep a close eye on financial account statements and credit reports, shredding all direct-mail offers and identifying documents, and opting out of all possible mail. When conducting business online, she said, take time to read the privacy policies of every company and look for official privacy seals that indicate a real commitment.

Finally, if one does become a victim, she added, it’s time to call the police.

“There’s a lot of value in notifying the police, even if they are not able to do anything,” Goodendorf said. Those benefits include gaining the credibility of a police report and building the jurisdiction’s justification for a cyber-crime unit—if it doesn’t already have one.

Emory’s Flanagan warned against phishing and fraud, offering some basic tips for avoiding common traps: Be skeptical even of e-mails that look like they’re from an actual business, and always think before offering any personal information, he said. Never open unexpected e-mail attachments; never click on links that ask for “confirmation” of personal information; and never enter information into a pop-up screen.

Finally, if people receive e-mail informing them they’ve won a contest, prize or other opportunity, the chances are excellent they’re being scammed.

“Don’t get caught up in the excitement of winning,” he said. “There’s no easy money.”

Steve Manzuik, production manager for eEye Digital Security, explained the difference between privacy and anonymity on the Internet and discussed a variety of high-tech tricks of the trade that even responsible, everyday users can employ to protect themselves. While one’s privacy should be preserved, he said, anonymity is not always a good thing—and it’s a hacker’s best friend.

“As consumers on the Internet, we have to give up a certain level of anonymity to protect our privacy,” he said.
Manzuik cautioned against “free” e-mail services, such as Hotmail and Yahoo, also hinted that wireless environments like those at Starbucks should not be considered secure. He also advocated keeping work and personal online business separate, since it’s reasonable to assume work e-mails are monitored to some degree.

Anne Adams, chief compliance officer and chief privacy officer for Emory Healthcare, gave an overview of the federal Standards for Privacy of Individual Identifiable Health Information, more commonly referred to as the “Privacy Rule,” and discussed what Emory Healthcare is doing to protect the privacy of its patients.