How Does Data Get Hacked?

Many of my clients worry about getting various types of infections on their computers. More than simply having their performance degrade, they are concerned about the dangers of ID theft and compromising their passwords. These are certainly valid concerns, but how real are the risks of data theft for private users as opposed to the risk of large scale hacking as Sony and several other corporations have suffered?

With that in mind, I was very interested in the one-page article in the October, 2011 Scientific American. On page 100 is a graph, which I will not repeat here, but the data in the graph came from DataLossDB according to the article. (I did not try to reconstruct it independently, but you might want to wade through it — pretty interesting stuff.)

The thing that caught my eye in this presentation was that the largest contribution to data theft is theft of either a digital device or paper with useful information on it. The category of lost digital devices and paper is considered separate from the category of stolen objects, but together they represent a major threat to data security.

Hacking data bases is another major contributor to the total number of events, but most individuals do not have large data bases of the type that attracts your better quality of hackers.

So the next time a client asks me the best way to protect his or her data, I will suggest physical locks, shredding all correspondence that is not saved in a secure location, and probably encrypting everything that gets saved. Only after implementing those measures will we discuss which anti-virus software is best for them (This is important since I do not believe any one product is best — I use a combination of compatible applications, and even that is not as good as practicing good surfing and email habits.)

Further down the rogues gallery of methods of data theft is “Fraud or Scam”. These were not defined in the article, but we have probably all been approached by a Nigerian prince or some such. I suspect successful scams are probably are lot more sophisticated than that. Some scams are laughable. A woman client received an offer to lengthen her male member. You would think the authors would be a bit more selective, but as I said, the successful ones are probably more sophisticated.

A minor contributor to data theft is virus. I am sure most of my clients would be surprised to see that. The danger of a virus infection goes beyond just data theft, of course, but in terms of the single concern of data theft, it is a minor player, much smaller than email interception, for instance.

BTW, we keep a confetti-style shredder in our house and everything with personal data goes into it instead of going directly to the trash. Has that made a difference? Probably not, but the effort is small for the peace of mind it provides. And ultimately that is what all these protection methods are about — peace of mind. If you have high risk tolerance and normal surfing habits, you might go a long time with no problems at all while using no protection. I do not care to make that experiment.