Strategies are being developed to counter the calamitous predictions of increased cyber crime and the associated rising costs of computer security incidents. With all the funereal reports that the Internet has become a risky place for business, it’s hard not to cower like Chicken Little.
Participants in the two most highly regulated sectors — financial and healthcare – must indeed be diligent in addressing such concerns.
Meridien Research Inc. in Newton, Mass., has been reported as clocking bogus charges associated with online credit card fraud amounting to as much as US$24 million per day, totaling nearly US$9 billion in 2001. Identity theft is considered the fastest growing crime in the U.S., with about 500,000 to 700,000 people affected annually, according to the Social Security Administration in Baltimore. The W32.Klez worm and its variants is the latest threat, said to far exceed the Nimda virus in its destruction.
To compound these challenges, security and privacy concerns are in an unstable context with consumers shifting from one to the other as the desire for protection seesaws with the fear of losing personal freedom. That reflects in legislation shifts such as the Canadian federal government redrafting its anti-terrorism legislation.
In the May 2002 issue of sister publication CIO Canada, Paul Lewis addresses complying with Canada’s Personal Information Privacy and Electronic Documents Act (PIPIDA — Bill C6). The associate director of DMR Consulting’s security and privacy services cautions that companies don’t want to find themselves counting on an ROI based on disallowed activities within data warehouses and various customer information systems.
He also makes an excellent point on the need for good privacy practice to build trust with your customers.
“Trust remains the main barrier to the growth of e-business and the public acceptance of new technologies,” he writes. “If I can’t trust you to keep my information safe, to not share it indiscriminately, and to not spam me with wonderful offers you have established I’ll like (based on creative rearrangement of my customer profile), then guess what? I’m not doing business with you.”
The sky is not falling, but nonetheless you do need a strong roof over your organization to protect your valuables, i.e., your customers, your staff and your competitiveness. Many resources are available, including a booklet published by The Canadian Institute of Chartered Accountants. Titled 20 Questions Directors Should Ask About Privacy, it builds on CICA’s earlier publication 20 Questions Directors Should Ask About IT. The Institute can be reached at www.cica.ca.
I hope you find this issue of IT Focus a helpful, informative resource. I welcome your comments.