Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Shoddy govt security making identity theft too easy

  • 0
admin
Tuesday, 31 March 2015 / Published in Woo on Tech
Warning

In 1986, Ronald Reagan is quoted as saying, “The nine most terrifying words in the English language are, ‘I’m from the government. I’m here to help you.'” As relevant as that sentiment was in his day, it’s still ringing true, this time with at least three government websites that are doing you no favors in terms of protecting your identity. Krebs on Security has an alarming report of identity theft and fraud via the IRS.gov website wherein he shares the story of a taxpayer who discovers someone has already filed a fake tax return under his name, for the purposes of stealing his tax refund. At fault is a identity authentication standard known as KBA, or “knowledge-based authentication” which is pretty widely used in the credit reporting and finance industries. Basically, you prove you are you by answering questions that supposedly only you would know, including former addresses, loan amounts or payments, and other personal data that is – surprise, surprise – readily found on the internet. By anyone.

What this means for you:

Ironically, people avoid creating accounts on websites because they are afraid of their data being leaked. And now you get to be afraid of NOT creating an account on a website for fear of someone else creating it for you, with the added “bonus” of this fake account further decreasing the probability of you being able to prove you are actually who you say you are. “Invasion of the Body Snatchers” anyone? What makes this situation alternately terrifying and ludicrous is that it’s our own government creating this mess in an effort to provide better reporting, accountability, and accessibility. The other two sites that are also potentially weak to this “account snatching”? How about the Congress-created AnnualCreditReport.com and another federal behemoth: the Social Security Administration website. Brian Krebs’ recommendation is to make sure you get an account established for these three website pronto, if only to prevent someone else from pretending to be you and creating accounts that will be used to commit fraud and money laundering. Unfortunately for most of us, the surge of interest created by this article (and blogs like this one) have essentially paralyzed (are you surprised?) the account creation process of these websites, but keep trying, if only to let them know we actually care about our identities enough to want properly secured government websites.

  • www.irs.gov
  • www.annualcreditreport.com
  • www.socialsecurity.gov
creditgovernmentidentity theftirssecuritysocial securitytaxes

GAO to IRS: Your Security Needs Work

  • 0
admin
Wednesday, 20 March 2013 / Published in Woo on Tech
The GAO Seal

With results that will probably surprise no one (and warming the hearts of black-hat hackers everywhere), the US Government Accountability Office has published its findings on a recent security audit of the Internal Revenue Service. The summary  reads like the report card every good parent dreads, “Needs improvement.” Despite having a comprehensive security plan (the development of which was funded by your dollars!) the GAO has found that the IRS has failed to follow through in many areas of implementing and enforcing that plan in various parts of its operation, and these failures have severely compromised the overall security of the very important data the IRS collects on all American citizens.

What this means for you:

As you might expect, the 31-page GAO report is not the most exciting of page-turners. I’ll save you the dry read with the “moral” of the story: having a security policy is only as good as how well it is enforced and maintained. It does your company no good to say that “All employees must use strong passwords that are changed every 60 days” if no one is checking to see if they are actually adhering to the policy. It’s actually much worse for your company if you do have a security policy, experience a breach, and then discover that the breach was due to lack of enforcement.

Don’t get me wrong – I’m not recommending against having a security policy. You should have a security policy, especially if you handle sensitive data of any sort, and you should be making every effort to enforce, update and maintain that policy on a regular basis. A simple security breach could cause untold damage to your company’s reputation, and even more so if you have to admit that it happened because you failed to follow through on your own company’s policies.

data breachenforcementgaogovernmentirspolicysecurity

Recent Posts

  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...
  • Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote work is no longer a temporary arrangemen...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP