All I want for Christmas is my identity back!
If you were a cyber criminal, the most valuable identity you could possibly steal would be one that you could use for a host of malicious activities over the course of a long period of time without anyone noticing, right?
The problem for malicious actors is that credit monitoring sites, vigilant credit card companies and education about identity theft and cyber security have made it hard to find adults that can have their identity stolen or accounts compromised for a long period of time before noticing it.
Someone in the United States would have to effectively choose to live with their heads in the sand and ignore multiple red flags and warnings to go an extended period with no knowledge that their identity and accounts were compromised.
But there is a group of people that won’t apply for a credit card, loan or credit monitoring service for years. This group of individuals could effectively have their identity stolen or accounts compromised and know nothing about it for a decade or more. Who are these people? Here’s a hint – they’re short, have very little actual responsibility and they make up approximately 23 percent of the American population.
That’s right…it’s kids!
A child’s identity is one of the most valuable identities that malicious actors can acquire. They’re even worth the most on Internet black market sites. And there’s a good reason. These identities and accounts can be compromised and stay compromised before someone notices for a very long time. This makes the reward much greater than the amount of work needed to acquire them.
This is particularly important right now, with Christmas – and its carnal bacchanalia of wrapping-paper ripping, excited screams and Santa-fueled debauchery – just days away.
A new generation of network-connected, Wi-Fi enabled toys, social networks and the proliferation of tablets and other mobile devices among children has created an environment where more digital information about the most vulnerable – and valuable – of us is readily available. And many of these toys and tablets will be unwrapped in fits of joy on Christmas morning.
The concern about children’s identities being exposed by children’s toy manufacturers is very real. In fact, electronics giant, V-Tech, which makes many electronic and digital toys for children of all ages, recently had their networks breached in late November. According to the publication, Motherboard, data that included names, email addresses, passwords and home addresses of 4.8 million parents was compromised. Also compromised were the first names, genders and birthdays of more than 200,000 children.
According to the Wall Street Journal, the company will inevitably face lawsuits from parents. V-Tech also saw a drop in their stock price following the attack, and will most likely suffer other financial concerns and challenges following the announcement of the breach.
But aside from the business challenges of a breach like this, there’s also a moral and ethical issue. When parents purchase a toy for their children – whether it’s an action figure or a tablet – they do so expecting that the toy they purchased is safe and won’t do any harm. In the case of V-Tech and other similar breaches, that trust is being violated.
Companies that sell toys and other children’s products need to hold themselves to a higher standard of security. This means encrypting data to ensure that it’s useless if stolen. This also means ensuring that only trusted people can see it. Whether their data is stored in their own networks or on third party networks, they need to ensure that everyone that has access to it is who they say they are, and that they’re accessing it with good intentions.
And this is where advance authentication solutions can come into play. Today’s out-of-band authentication tools can ensure that only approved people can access a company’s information and data. They also can gauge the intent of that individual and get an understanding of where and why they’re accessing it. Finally, they make authentication easy – albeit strong – so that users don’t forsake the authentication process and do silly things, like save data on their own personal computers and clouds.
Christmas – and all of its excited gift giving and receiving – is rapidly approaching. But this season isn’t just about joy, peace, giving and good will. It’s also a time for reflection. And all companies selling Internet-connected toys and products for children should be thinking deeply about the efforts they’ve made to protect their customers and their customers’ extremely valuable identities. After all, very few things could spoil the holidays more for parents than learning a gift they gave their children compromised the security and safety of their loved ones online.