Though the threat from a massive data breach at the Department of Veterans Affairs has been mostly neutralized, the war against identity theft rages on. Here's a list of the most recent skirmishes:
- A Michigan man reportedly in possession of 112,000 customer records of Sentry Insurance has been caught trying to sell 36,000 of them to a U.S. Secret Service agent working undercover. The price? $25,000.
- A public computer in the service of the city of Hampton, Va., accidentally published sensitive data on thousands of taxpayers, including Social Security numbers.
- Recent research from Gartner shows that only 20% of U.S. banks are in compliance with federal guidelines for securing data.
Discouraged? You should be. Clearly, our public institutions are operating without needed body armor, which leaves consumers exposed on the front lines.
Enough with the bad news
But, hey, let's try to be a little optimistic. After all, it's only been a little more than 60 days since the appointment of former attorney Rick Romley as the VA's new Special Advisor for Information Security. Today, there's news of progress in his 100-day assignment: TheWashington Post reported Sunday that two arrests have been made in the VA security fiasco.
Bravo, Mr. Romley. But, please, don't rest easy. If press reports are to be believed, you and your colleagues still have much to do. Here are a few Foolish tips to make the remaining days more productive.
A lesson from the guy down the street
Few know security better than the defense contractors. There's a reason for this, of course. For Lockheed Martin, Northrop Grumman
Why not actually enforce a similar policy at the VA? After all, the agency's Washington, D.C., headquarters are spitting distance from Lockheed's Bethesda, Md., home. Surely someone there would be more than happy to help with the VA's reinvention effort.
Password plus
Simpler still would be to make sure password-protection guidelines are strictly enforced, for systems and files alike. Reports from the VA Inspector General indicate that many VA employees do not even have the automatic session timeout feature activated on their computers. That's lazy, and it leaves veterans vulnerable to identity theft.
In my own life, I make myself jump through hoops to get at my information. If someone were to steal my PowerBook tomorrow, it would take more than a little time to hack into my financial life. I don't store passwords for the financial sites I use on my Mac. I re-enter the data for my bank, credit card, and brokerage sites every time. And good luck breaking into my Quicken files; they are password-protected with a unique combination that I don't use for any other software or service.
The Foolish bottom line
ID thieves are ruthless, clever, and completely uninterested in a cease-fire. Fortunately, our public institutions are slowly waking up to this truth. In the meantime, the casualty list grows. Don't become one of the fallen. Keep your tools close, and your passwords closer.
Of course, that's just the beginning. For other tips on keeping more of what you have, consider Motley Fool GreenLight. Our new newsletter service has everything you to need to know to live richly -- from how to make your credit profile look beautiful, to the banks for your bucks, to how to dress up your fund portfolio for a luxurious retirement. Click here to learn more.
This article was originally published on June 7, 2006. It has been updated.
Fool contributor Tim Beyers hopes none of the 26 million vets affected by the latest breach suffers at the hands of an ID thief. Stay vigilant, folks. Tim didn't own shares in any of the companies mentioned in this story at the time of publication. You can find out what is in his portfolio by checking Tim's Fool profile . The Motley Fool has an ironclad disclosure policy .
