I'd like to get off subject for a bit. This is a column about identity theft but I would like to think that it is also a column about common sense. When we are confronted with a new situation or a new set of problems what is the most productive way to solve it? Well, the most common way to look at new problems is through the lens of history. A response like "history tells us" or "conventional wisdom is" and so forth is pretty common. That means comparing new situations to previous ones. Quite impossible to do. A healthier way to tackle a new problem is to consider the results you want and think "What if history doesn't repeat itself?"
In the turmoil of our current economic crisis we seem to be applying old remedies to new problems. Look at the lending institutions as an example. Not every bank is going to fail. The institutions that will most likely fail are the ones that did not concern themselves with the probabilities that the lending economy might not be able to sustain itself without some dramatic changes. There are plenty of organizations both small and global that saw this likelihood however. JP Morgan, for example divested from loans to the government bond market. As the mortgage crisis grew they found themselves, as predicted, doing better rather than worse. What does this tell us about conventional thinking? In the simplest terms it means that we need to look at the worst case scenario and weigh that against the likelihood of it occurring. One will mitigate the other every time. The worst case is always possible and the likelihood will raise or lower the possibility, but the possibility always exists. This means one thing must be done. Get cheap insurance. Always hedge your liability with a tool. History will not repeat itself. If you don't count on the past to predict the future but instead guard against the worst case you cannot fail.
As most of you know I represent Pre-Paid Legal Service plans for small businesses and families. I speak with HR managers who due to the economy are increasingly concerned that their constituents can't afford or most likely won't want to participate in a Pre-Paid Legal plan for their families due to the cost. I understand the concerns they have. The real cost is obvious. So is the investment value, and it is that value I feel we must stress.
What do you think would have happened if the majority of the homeowners with an ARM who are faced with foreclosure had used an attorney to look over their loan documents before they signed? Do you think that at least some of them might have listened to counsel and not signed on to something they could not afford? That is just one example that in times such as these using an attorney is even more critical than ever. This amounts to cheap insurance. History will not repeat itself. Every situation we encounter is new and requires a new solution. Contrary to conventional belief there is no longer a correlation between a persons' assets and using lawyers. The risk of making mistakes is the same, and the downside is relative. Scale is merely that, a scale. There is no difference between JP Morgan and operating a family of four living on a tight budget except scale. When Morgan saw the coming crisis they sought the counsel of experts and made a prudent decision. That one decision effectively separated them from Bear Stearns, which Morgan eventually bought at a few cents on the dollar. When a family seeks counsel before making a major decision they are doing exactly the same thing. We ought to be preparing for the future not relying on the past. Now more than ever a good understanding of the law and individual rights and options is crucial. Over the last few years my family has saved several thousands simply by utilizing the counsel and help of our attorneys not to chase law suits but to seek counsel and be aware of our rights and exercise them when it became necessary.
This also relates to identity theft. In case you haven't noticed you have no privacy. Everything there is to know about a person is readily available for a price. From the day we were born to the present most every thing we have done is in a database somewhere. those databases have proved over the years to be sieves, leaking their contents to anyone who wants them. Do you know anyone foolish enough to try to plug up a sieve? We cannot apply old solutions to new issues.
Friday, July 25, 2008
Thursday, July 24, 2008
Before I go on
I know in my last post I said I would talk about the value of our data to thieves but I wanted to weigh in on one other subject first.
When it comes to a company initiating a policy regarding sensitive information and employee responsibilities I repeatedly run into the issue of corporate or management participation.
It is absolutely essential for management, whether a board of directors, company president, or owner, to totally commit to the implementation of the policy. The policy must be a part of the business' commitment to excellence and be an integral part of daily procedure. The policy needs to be understood by everyone in the company in order for the "culture of security" to work.
I like to rant on about training but there is a reason. When it comes to data security the human factor is the most critical link. Staff needs to understand both the what and the why of the procedures they are supposed to follow. Management will set the tone by their participation. If management is ambivalent then the employees will take the same attitude. If management is engaged then so will the employees. Fortunately more executives are seeing the benefit of a non-public information policy and training. It will greatly enhance the business' confidence that everything that can be done is being done to avoid data loss and theft.
With all of the national press about identity theft the public is very wary of business losing important information. The savvy business owner can actually benefit in the market place by showing the attention they are giving to this issue in ads and press releases.
When it comes to a company initiating a policy regarding sensitive information and employee responsibilities I repeatedly run into the issue of corporate or management participation.
It is absolutely essential for management, whether a board of directors, company president, or owner, to totally commit to the implementation of the policy. The policy must be a part of the business' commitment to excellence and be an integral part of daily procedure. The policy needs to be understood by everyone in the company in order for the "culture of security" to work.
I like to rant on about training but there is a reason. When it comes to data security the human factor is the most critical link. Staff needs to understand both the what and the why of the procedures they are supposed to follow. Management will set the tone by their participation. If management is ambivalent then the employees will take the same attitude. If management is engaged then so will the employees. Fortunately more executives are seeing the benefit of a non-public information policy and training. It will greatly enhance the business' confidence that everything that can be done is being done to avoid data loss and theft.
With all of the national press about identity theft the public is very wary of business losing important information. The savvy business owner can actually benefit in the market place by showing the attention they are giving to this issue in ads and press releases.
Tuesday, July 22, 2008
and now for my next trick
Fiduciary trust. Rather than Web 2.0 I think we could name the new paradigm in data sharing "What everyone agrees to do and actually does with all my stuff." Everything about Web 2.0 is inherently reliant on all file sharing being done for all the right reasons. All the big companies are on record swearing to be vigilant. Since all that delicious information is packeted in encrypted bits where could it go wrong? Google, Microsoft, ChoicePoint, all the players have a gun to each others' head, promising to be good, or else.
Well, I guess with the biggies and all the software solutions in place we can put data loss behind us as a real issue. All that softsaber rattling sure is impressive. The "solutions" are so sophisticated and the marketing language is so fraught with inside gibberish no one really knows what is going on, but it sure is impressive so it must work, right? Hold on just a minute! Even the word solutions conjures an image intended to make us think that if we plug in a piece of software our data security problems are solved. A hundred years ago that was called snake oil. The guy would come into town, put on a little show, and sell you a bottle of alcohol and cocaine laced mint water for a buck and cure all your ills. With all that alcohol you simply forgot you had a problem, and maybe what you thought was your problem wasn't the problem after all. Whats' the difference with today's' solutions hucksters?
In the final analysis there is only one way to solve the problem of data theft and misuse. I hate being right early but alas, someone has to. Are you ready for the solution? Here it is;
Take the value out of the data. Now, wasn't that easy? No one ever steals anything that is worthless, I guarantee it. Wait a minute, you say you can't take the value out of the data? Then, I posit, you can't solve the problem either. I'm afraid all those solutions are just commerce in the guise of an elixir. As long as the data has value there just as many clever people working day and night to crack the vault as there are folks dedicated to locking it. That's just free enterprise. There is one way to take the value out of the data however. In my next column I promise to show you the only foolproof way to short-circuit the problem of data theft. I will indeed show you how to take the value from the goldmine. Until then..
Well, I guess with the biggies and all the software solutions in place we can put data loss behind us as a real issue. All that softsaber rattling sure is impressive. The "solutions" are so sophisticated and the marketing language is so fraught with inside gibberish no one really knows what is going on, but it sure is impressive so it must work, right? Hold on just a minute! Even the word solutions conjures an image intended to make us think that if we plug in a piece of software our data security problems are solved. A hundred years ago that was called snake oil. The guy would come into town, put on a little show, and sell you a bottle of alcohol and cocaine laced mint water for a buck and cure all your ills. With all that alcohol you simply forgot you had a problem, and maybe what you thought was your problem wasn't the problem after all. Whats' the difference with today's' solutions hucksters?
In the final analysis there is only one way to solve the problem of data theft and misuse. I hate being right early but alas, someone has to. Are you ready for the solution? Here it is;
Take the value out of the data. Now, wasn't that easy? No one ever steals anything that is worthless, I guarantee it. Wait a minute, you say you can't take the value out of the data? Then, I posit, you can't solve the problem either. I'm afraid all those solutions are just commerce in the guise of an elixir. As long as the data has value there just as many clever people working day and night to crack the vault as there are folks dedicated to locking it. That's just free enterprise. There is one way to take the value out of the data however. In my next column I promise to show you the only foolproof way to short-circuit the problem of data theft. I will indeed show you how to take the value from the goldmine. Until then..
Monday, July 21, 2008
Your Privacy
Some would rather die than to change. That is a frightening thing to consider. Imagine being so entrenched in your habits or thinking that it becomes easier to trade your life as compared to making some adjustments in your life. We are all confronted with that decision every day and I'm sad to say most of us make the wrong choice. We eat the wrong foods, ignore health warnings our bodies scream at us every day. Someone once said we dig our graves with our teeth. Will today's' greasy hamburger take you down? Probably not, but eat three or four of them every week and you will soon understand the effect of compounded errors in judgement.
So it is with the trade off between our individual privacy and the convenience of databased information. As a people we seem to be quite willing to trade one for the other. And this is most assuredly a trade off. That's a societal right. Societies have to determine for themselves what is tolerable and what isn't. It is impossible to maintain individual privacy in our databased world, that is the fact of the matter. And so long as our individual pieces of data have value there will be a trade market in that value. In fact there will be two markets, the first where companies sell your information, and the second where people steal it. Again, that is reality. So long as we take into account what we risk when we consciously opt for convenience then we must accept the reality of identity misuse and theft.
So it is with the trade off between our individual privacy and the convenience of databased information. As a people we seem to be quite willing to trade one for the other. And this is most assuredly a trade off. That's a societal right. Societies have to determine for themselves what is tolerable and what isn't. It is impossible to maintain individual privacy in our databased world, that is the fact of the matter. And so long as our individual pieces of data have value there will be a trade market in that value. In fact there will be two markets, the first where companies sell your information, and the second where people steal it. Again, that is reality. So long as we take into account what we risk when we consciously opt for convenience then we must accept the reality of identity misuse and theft.
Subscribe to:
Posts (Atom)