Sep 30, 2013 Dave King
In recent years, more data breaches and instances of identity theft have occurred than ever before, and this has put the nation in a tough spot economically, with billions of dollars lost to these crimes annually. One of the emerging trends is that the average business owner feels as though they are completely immune to cyberattacks, which puts corporate, consumer, vendor and employee information at risk.
Experts continue to assert that the simplest defenses can help companies avoid data breaches and instances of identity theft, yet a majority of small, medium and large firms do not have these processes in place. Oversight of ACH cards and wire accounts, firewalls, data security software and employee training are among the most effective defense available to organizations today.
Now, as another piece of evidence, one of the organizations that should have the most secure systems has been breached, with cybercriminals stealing from a direct deposit account for social security recipients.
Retirement fund at risk
KrebsonSecurity recently reported that the Social Security Administration (SSA) has suffered a major breach of information security, as identity thieves hacked into direct deposit accounts through an online management portal to steal identities and redirect funds to fraudulent parties. One of the worst parts of this most recent incident is that the hackers did not go away for a long period of time.
Rather, they kept changing their tactics to continue to fool administrators and oversight personnel, leading to losses that have not yet been determined by the Inspector General. According to the news provider, the SSA's assistant inspector general for external relations, Jonathan Lasher, stated that the direct deposit program has been a major issue since its inception. He explained that as many as 50 complaints related to identity theft taking place through this portal were recorded almost every day.
The source noted that Lasher is confident that the SSA will be able to further decrease the risk of identity theft and ACH or wire fraud through more progressive improvements that are still to be released.
"Social Security has already improved security over this online feature, and we continue to work with them to make additional improvements, while also investigating allegations we receive," Lasher told KrebsonSecurity. "While it's an issue we're taking very seriously, it's important to keep in mind that about 62 million people receive some type of payment from SSA every month, so the likelihood of becoming a victim is very small, particularly if you're careful about protecting your personal information."
Businesses need to step up
Business owners should take stories like this as serious calls to action, as no firm is safe from the risk of identity theft, data breach and ACH fraud. Decision-makers should always ensure that records management policies are aligned with regulatory compliance statutes and any industry-recognized best practices.
With employee training, stronger data security software and a commitment to accounts payable and receivable oversight, organizations will quickly begin to enjoy more secure financial management practices.