Identity Theft Council Aims To Bring 'Neighborhood Watch' Concept To Cybersecurity

Despite millions of dollars in spending and millions of hours in training, identity theft has become more widespread in 2010 than at any point in history. Maybe, a new industry group suggests, it's time to take a different approach.

The Identity Theft Council, a new consortium of business and law enforcement entities that launched earlier this week in San Francisco, proposes to attack the ID theft problem in reverse: Instead of going global, it's going local -- and personal.

"I've worked on many security awareness programs in corporations over the years, and what I've found is that they typically don't work," says Neal O’Farrell, founder and executive director of the ITC. "It's like checking the tire pressure on your car once a year -- it doesn't happen often enough. And it's hard to get people to be passionate about password management."

The ITC is taking a different tack -- building a sort of "neighborhood watch" program that brings together local businesses, law enforcement agencies, and individuals to help the victims of identity theft, share information about new threats, and build awareness at a personal level.

"In the end, people can't see the need for security unless they see that it has a direct impact on them, their families, and communities," O'Farrell says. "What we want to do is to find a different way to effect this change in people, to deal with it on a personal level."

The ITC has already tested the community-oriented security concept through a pilot program implemented in more than two dozen cities and police departments across the San Francisco Bay area. Unlike previous security awareness initiatives, the program is deployed at the community level and supported by trained counselors in those communities, as well as banks, credit unions, and law enforcement.

In addition, the ITC is attempting to take identity theft awareness a step further by implementing peer-to-peer education at the school level, along with seniors and other groups. By the end of 2010, more than 100 cities and communities across northern California are expected to be participating in the ITC, creating a model and launch pad for other councils to form across the country.

"We've had inquiries from at least 12 states that want to set up programs," O'Farrell says. "I think we've struck a nerve. We're addressing a problem that is widespread with an essentially volunteer program that doesn't require a lot of investment. We think we'll be able to take this national as soon as possible."

In the past, identity theft victims have felt powerless because local law enforcement agencies generally don't have the time or resources needed to respond to everyday thefts, O'Farrell observes. But by bringing victims together with security professionals, local law enforcement agencies, banks, and other interested parties, the ITC hopes to create communities of interest that can actually do something to help the victims -- and help other users from being ripped off.

"With Identity Theft Councils, victims now have somebody to talk to, a real voice," says Inspector Anne Madrid of California's Hayward Police Department. "They'll talk to a real person who cares about what they're going through and can talk them through the pile of paperwork that they're going to have to fill out. It's a great victim advocacy tool."

"Much like the Better Business Bureau, the Identity Theft Council is dedicated to increasing consumer trust and raising awareness," says Steve Cox, CEO of the Council of Better Business Bureaus. "The threat of identity theft can severely damage a consumer's trust in the businesses and organizations they work with on a daily basis. We are thrilled to see the Identity Theft Council stepping up, tackling the threat of identity theft, and bringing that trust back to the marketplace."

Some of the early beneficiaries of the ITC program could be small businesses, which typically don't have the resources to train and defend themselves against cyberattacks and may not get the credit protection that consumers do against fraud, O'Farrell says.

"SMBs are the next battlefront," he says. "Most of them are unprotected, and many of them don't even know when they've been ripped off. Malware is out there that is targeting SMBs specifically."

The ITC hopes to set up programs that will help small businesses -- and even larger ones -- build security awareness programs that are much more effective than those they are implementing (or not implementing) now, without adding to the expense."

"We'll help train your users, or help you train them yourself," O'Farrell says. The key is to do it in a way that's meaningful not only to the business, but to the individual employee."

The ITC is currently seeking out corporate sponsors and security professionals who want to help build identity theft awareness organizations within their own communities. For more information, contact the Identity Theft Council.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.