Today marks the end of National Identity Fraud Prevention Week in the UK and for some, the end of a week of raising awareness.
Here at SC Magazine I have shamelessly jumped onto this bandwagon as I feel that fraud awareness is an important part of information security and something that should be considered. After all, we spend plenty of time talking about spyware, data harvesting and identity protection, and surely identity fraud is the next stage on from that?
The official website of the week claims that ‘National Identity Fraud Prevention Week is a nationwide effort to help in the battle against identity fraud'. At the start of this week statistics showed that 97 per cent of British consumers do not trust the way that their data is handled, while 62 per cent of businesses fear consequential financial loss and 43 per cent worry about the effect fraud could have on their reputation.
The figures are arguably not really surprising, but what can the public do to protect themselves against fraud? The stop-idfraud.co.uk website places a heavy emphasis on destruction of sensitive documents.
Writing in a blog earlier this week, Graham Cluley, senior technology consultant at Sophos, claimed that this really scratches the surface of fraud prevention.
Cluley welcomed the initiative, claiming: “I think anything which helps raise awareness of identity theft is to be encouraged.”
However when he looked at the website, he said: “Maybe I'm a wee bit biased because I work in the computer security field, but I must admit I was somewhat disappointed to see such a heavy emphasis on the importance of using paper shredders and the relatively shallow descriptions of how to protect against online threats.
“A little more digging and maybe I shouldn't have been so surprised about the heavy promotion of paper shredders. The site's tips for how individuals and businesses can prevent identity fraud links phrases like ‘shredding paper' and ‘shredders' to the online product catalogue for Fellowes, a shredder manufacturer, and even specifically names them as a provider of affordable shredders.”
He further claimed that it was ‘disappointing' to see the emphasis placed on ‘the producer of one particular type of device that can be helpful in preventing some types of identity fraud - when there are also many other identity theft threats that should be brought to the public's attention'.
Perhaps it is a case that the impact of the campaign has not really stretched to the wider area of security.Dave Divitt, fraud solutions consultant at ACI Worldwide, claimed that he was not really aware of the week and had heard of it before but was not familiar with what was planned or going on.
Divitt said: “It is definitely the case that anything is better than nothing but just being constant is better and the only way to keep it in current. You should see advice everywhere in banks and shows because the techniques are changing.”
Divitt also claimed that policies on paper shredding, as mentioned by Cluley, were good but there should be more focus on internet and social networking-based identity protection.
“People have to be aware about what they are putting on the internet and they are not protected at all. I have seen an ad on TV in Amsterdam where a woman stands in the middle of a town square and announces her details, and it says that putting information on a social networking site is the same. It is something that is starting to be pushed,” said Divitt.
Moving back to the theme of fraud, I met with Didier Guibal, European vice president for worldwide sales for Websense, who claimed a simple way to protect yourself against fraud is to not ‘put your cash on the table'.
Speaking on the general awareness of fraud, Guibal said that he was afraid that people will get tired and while policies are employed by businesses ‘to prevent people from acting stupid, in reality you know that people will still have to be dangerous'.
Guibal said: “I am thinking that the blame goes beyond education and high level managing, you do the right thing by the business. You look from every perspective to profile users and make business sense out of it.”
So as National Identity Fraud Prevention Week comes to an end, the US government's National Cybersecurity Awareness Month continues in October and I am sure that the GetSafeOnline.org campaign will begin again next year.
While these aims to promote awareness should be welcomed, they should also promote the right message, and as Cluley pointed out, be more than a venture to promote an enterprise, company or product. It would also be worth bringing in expertise from all areas to be sure that a concise and clear message is delivered, and most importantly maintained.