Our Data Isn't Secure, So What Are We Going To Do About It?

One of the great things about my job is that there's never a shortage of things to do. This is especially the case when it comes to covering data security. Before the ink is dry on one story about a stolen laptop or breached database, I find another one to cover. But this troubling trend isn't just a case of "good-for-me-bad-for-you." I, too, have been ensnared in the web of identity theft and data breaches. Where is all this going, and what have we learned?In my inaugural podcast, I speak with Ted Julian, VP of marketing for Application Security Inc., and Jon Oltsik, senior analyst for information security with IT analyst firm Enterprise Strategy Group, about the growing problem of data insecurity that really kicked into high gear with the October 2004 fraud committed against data broker ChoicePoint.

The guests on my podcast were very insightful into the problems that both the private and public sector face regarding data protection. Julian was a co-founder of network security provider Arbor Networks and has worked as an industry analyst for IDC and Forrester Research. Oltsik founded Enterprise Strategy's information security group in 2003.

In the few days since the podcast was completed, I had the misfortune of receiving a letter in the mail from a company with the dubious name of Medical Excess LLC. Although I had no idea such a company existed, it turns out Medical Excess works with my company's insurance carrier to provide "excess" insurance coverage for myself and my colleagues. I don't recall asking for this, but OK. Well, not OK. Medical Excess recently had a camera, two laptops, and a file server stolen from one of its offices that, as they phrased it, "might concern personal information about you." Apparently, my info was included in a database with the equivalent of "one hundred million typewritten pages," and I'm now being granted 12 months of free service that will alert me of any unusual financial activity.

As it turns out, Medical Excess is part of a company that goes by the oxymoronic name American International Group Inc. That's right, the very same AIG that my colleague Charles Babcock and I had the pleasure of writing about in the June 26 issue. AIG made news recently when it announced that information about 970,000 individuals was stolen (in MARCH!). Three months later, I and my colleagues at United Business Media, InformationWeek's parent company, were notified. Gee, thanks. I wonder who's been having fun with my personal information in the meantime.

Here we go again. It hasn't even been a year since I sorted out my last problem with ripped-off data and fraud. I think it's safe to say I've dropped any "couldn't happen to me" attitude I might have had. Problem is, I don't see things getting better. Data breaches, identity theft, and fraud have been around almost as long as human beings, but the pervasiveness of the Internet and the market for stolen data have grown such that these crimes now affect thousands, if not millions, of people at a time.

From the look of things, we'll continue to see more data lost or stolen at an alarming rate until companies and the government make it a priority to inventory and protect important data. Support for this will have to come from the top down within companies, since it's the people at the top who have the power to set policy and spend the money needed to improve the situation.

So check out my podcast this holiday weekend while you're grilling up the burgers and the hot dogs. Julian and Oltsik have some interesting things to say about the state of data insecurity and what you can do to protect your company. Have a safe and happy Fourth of July.