Résumé
Twitter
Work Blog
Guestbook
Login

Are you a trained monkey?

Share |
<= Previous Post | Next Post =>

Personal and Shared Security
My mom sent out an e-mail today about a "new" credit card scam (none of this stuff is new). Someone contacts you with an elaborate story and your personal information to back-up their story and then they strategically ask you for targeted information they don't have yet. Could be your address, credit card number, etc. But, that's all "generally public" information anyways. It's not hard to get. What should raise red flags is questions about personal passwords.

The PIN on the back of your credit card is a password that you are in possession of the card. The ATM PIN you use at the bank is a password. Whether spoken, typed, gestured, or obtained through bioelectronics, a password is a password and you should guard it as such.

There are levels of trust for information; both personal information and shared information. In one example, your name could be a password. In another, when your child is left at home alone. You might agree with your spouse to hide adult headaches from your children. You might have a password with your employer.

Always ask yourself, "What could possibly happen if I share this information?" Then, assess the risks you are willing to take, including any resulting consequences.

So, are you a trained monkey?
Companies will take what they can get, because, by definition, they exist to make a profit (see the laws of publically traded companies on the stock market). If you are a United States citizen, you can rest assured that companies love to use your Social Security Number as a personal identifier and that they limit its use internally to "protect you". Yeah right... What happens when someone calls you up with incredibly personal information and asks you for something on the same "level of trust", or perhaps 1 level deeper? Can you be certain they are who they say they are? What about someone at your house?

Companies train you to be a monkey!
It's routine for a company to ask you questions about personal information over the phone to verify your identity. But, are you holding them accountable to the level of information they have access to? Are you, in turn, qualifying their identity?

Share |
<= Previous Post | Next Post =>

Comments

Submit New Comment

*Your e-mail is not shared with others. If provided, I simply use it as a method of contacting you about your comment(s) on this website. If you have a direct question, simply contact me.

*Cannot contain HTML and NO SPAM!