What kinds of new Internet security problems face us in the coming year? Kroll, the New York-based international security and risk consultants, came up with an interesting list that I've adapted a bit based on my own opinions [Between the brackets is me talking], as well as translating business lingo. I also cut a couple from Kroll's list that were more for companies than consumers.
You can read Kroll's fraud blog here for additional security tips, targeted more for business types but still with some application for home computer users.
More small scale breaches will make headlines. Healthcare organizations are now required to report breaches affecting 500 or more individuals, expect to see an increase in the number of smaller scale breaches reported. (An enormously valuable resource on data breaches is this chronology from Privacy Rights Clearinghouse. You'll want a cup of soothing tea.)Security risks can sometimes be "low-tech." The U.S. Department of Health and Human Services breach list indicates that 24% of reported breaches were due to laptop theft, more than any other specific cause. [And then there are those thumb drives you leave behind at a mobile office, or documents you forget to delete out of the recycle bin when you're using a hotel computer. Also, you can check out the HHS breach list here.]
Scams don't just target your computer. Risk to mobile devices will increase as well, as evidenced by the increase in smishing (SMS or text phishing).
Companies will decide to keep and store less of your data. [Not for altruistic reasons like concern for your privacy, of course, because corporations are psychopathic. They want to avoid more liability and lawsuits from data breaches.]
Get ready for a memo from HR on Twittering and updating Facebook at work. Employers will need to focus and develop an organization-wide strategy for social networking policies as they relate to data security. [Just remember what happened to Cisco Fatty.]
Encryption is one of the best defenses against malicious attempts to hack electronic data. For businesses, Kroll says, compliance doesn't equal data security and encryption doesn't equal a total solution -- it is only one tool in the data security arsenal. [Do you really need encryption at home? There's a whole range of questions to ask yourself first -- start here with PGP. At the least, you should protect your home computer with a strong password, since you don't want a burglar to steal your plasma-screen and your identity.]
Third parties will face more stringent breach notification requirements. Expect to see more organizations, even those outside the healthcare industry, placing stringent contractual obligations on their third parties to protect company data. [Let's hope so. I've been writing about this for some time. Don't you think someone ought to tell you when they make a mistake that puts your personal data at risk?]
Beau Brendler is the chairman of the North American Internet users' advisory committee to ICANN, and for eight years was executive producer of the WebWatch project at Consumers Union.
Consumer Ally Alert: Internet Security Risks for 2011