Skip to content

Identity Theft: Are You an Egg?

April 12, 2013
Vincent Grimard, Nelnet Chief Security Officer

Vincent Grimard, Nelnet Chief Security Officer

A message from Vincent Grimard, Nelnet Chief Security Officer

The Nelnet Corporate Security Group takes a lot of pride in the fact that Nelnet security is based around the person—not the employee. It’s an odd approach, and not very typical, but it allows us to work with our most important asset, you, the customer. We want to make sure you and your students never experience identity theft. By sharing things we do, we hope you improve your own personal security and that of your students. Recently, I have seen a couple of articles about some interesting personal breaches in security. So interesting, it makes me wonder, “Are you an egg?”

Let’s set the definition of egg, since this can mean many things.  For this security article, egg is anything with a hard outer shell and nice soft center. For example, an egg is an organization that spends money on cameras and door locks but has no internal security or an individual who receives sensitive mail (such as bank statements) and just puts them in the garbage. If you find yourself wondering why that is a bad thing, then you’re definitely an egg (LOL). Let’s learn some more…

A person calls in to a help desk and persuades the employee answering the phone to give up sensitive information, do something for them, or both. It’s important to realize what you can control and what you can’t. You can’t control the employees of an organization like Apple or Amazon any more than I can control you. In fact, the best you and I can hope for is that the people protecting our information care, pay attention, and are well trained.

You can, however, control the two most important things: 1) The information you put online and make available to the world, and 2) Using the same password for everything.

Let this user’s mistake be a teaching moment:

 “This was my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened.”

I know it’s hard. You log-in to a lot of websites, but if you use the same password for multiple online accounts, you’re an egg.  Yes, even if you have a nice, complex password.

Next, and not to be overlooked, is the service aspect of technologies like cloud, specifically iCloud.  At the very minimum, you should pay attention to what can and cannot be done. This is a phrase that you should really think about if you use iCloud:

“My AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.”

Now, here’s where it gets kinda cool from a geek perspective—ultimately, all you need to breach an account, in addition to someone’s e-mail address, are pieces of information such as a billing address and the last four digits of a credit card on file. There are many ways to get them. I’m going to go with my favorites—your garbage, your mail, malware, and your home.

Home addresses are typically credit card billing addresses. I think it’s safe to say you won’t be able to stop someone from knowing your home address if they really want to find it. You can, however, prevent people from getting your billing statements, wireless statements, etc. Do you shred your mail?  Do you have a mailbox that locks? Do you hide personal information when you have people come to your home to do work? After reading this, is there anything you could be doing better? Do you have a hard outer shell but a soft center? Are you an egg?

As a final thought, I want to be clear that this article isn’t meant to scare you—it’s meant to educate you on both the risks out there and some of the things you and your students can do to help limit the damage and personal grief associated with identity theft. Think of security like a bicycle. It’s not if you’re going to crash, it’s when. So put your helmet on, grab your elbow and knee pads, and enjoy the ride.

How a lying ‘social engineer’ hacked Wal-Mart- CNN Money

How Apple and Amazon Security Flaws Led to My Epic Hacking- Wired

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: