Emory Report
February 27, 2006
Volume 58, Number 21


Emory Report homepage  

February 27 , 2006
April mini-conference to focus on ID theft, privacy

Donna Price is coordinator for communications and marketing services at AAIT.

Protecting consumers’ private information and preventing identity theft are top security challenges facing the United States today. According to data released in January, the Federal Trade Commission received more than 685,000 complaints last year about consumer fraud and identity theft, representing losses of nearly $700 million.

With security breaches and data theft at public and private-sector groups making headlines, awareness is high, but what can individuals do to reduce the chances of being victimized by these and other threats?
“There are choices and decisions we make that can either increase or decrease our risk,” said Lynn Goodendorf, vice president for information privacy protection at InterContinental Hotels Group, the world’s largest and most global hotel company. “It’s very analogous to physical crime: You may not be able to totally remove yourself from [risk], but you can make yourself an unattractive victim.”

Goodendorf will be the luncheon speaker at Emory’s third annual Information Security Awareness Mini-Conference, scheduled for April 5. At InterContinental, she helped develop an IT security program and improve the architecture, cost efficiency and operational reliability of the company’s global networks that are used for hotel reservations. In her presentation, Goodendorf will offer practical ideas and tips on reducing the risk of identity theft, discuss the relative safety of offline versus online transactions and talk about how to know whom to trust with personal information.

The conference will give University and Emory Healthcare (EHC) faculty, staff and students the opportunity to learn how to secure their digital information, protect their computing privacy and practice responsible computing when using Emory’s digital networks. The event includes continental breakfast, lunch and three sessions on topics, including identity theft and compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

“The best defense against attacks is education,” said Jay Flanagan, security team lead for Academic and Administrative Information Technology (AAIT). “Our goal with the conference is [to tell people] what you can do as an individual and as a member of the Emory community to protect private data—including your own—from being exposed.”

Flanagan, who coordinated the conference’s program, will lead the first session, followed by Steve Manzuik, product manager, eEye Digital Security; and Anne Adams, chief compliance and privacy officer for EHC and Emory Medical Care Foundation. Rich Mendola, Emory’s vice president for IT and chief information officer, will deliver opening remarks.

Manzuik’s presentation will focus on the form of identify theft known as “phishing.” The session will describe who is at risk and examine the impact of phishing, “pharming” and spyware on individuals and businesses, explore how technology can aid in detecting attempted campaigns, and predict what forms phishing may take in the future.

Adams, a member of the American Health Lawyers Association, the Health Care Compliance Association and the Association of Certified Fraud Examiners, will talk about IT security and privacy in the health care industry.

“Two major concerns on the health care side, which is probably true of any industry, are technical vulnerabilities—being attacked to the point where it impedes production—and confidentiality issues, or protecting patient data,” said Rick Aaron, director of client services for EHC Information Services (EHC IS).

“This conference is important to attend because it takes just one computer to wreak havoc,” Aaron said. “If a doctor or clinician comes in with a personal laptop, plugs it into a port on the EHC network and that laptop doesn’t have the antivirus software or other tools we require, it could affect a lot of systems. You may not have any damage to your data, but network traffic could still be slowed to the point where you can’t function.”

The conference, sponsored by AAIT, EHC IS and Network Communications, will be held in Cox Hall from 8:30 a.m.–1 p.m. There are no fees, but registration is required and seating is limited. To view the conference schedule and registration information, visit http://it.emory.edu/security_conference_2006.