Moderated by Rick Badie
A bank executive implores Atlanta to utilize its businesses, technology centers and research institutions to lead the nation in combating cyberattacks, and suggests how to fight what he deems a threat to our regional economy. A companion essay continues the conversation and offers consumer tips on personal identity theft prevention. The third essay notes the local uptick of women in technology.
Prevent cybercrime
By Christopher Torie
Cybercrime is today’s version of a bank heist, except the bad guys are trying to crack open the digital vault with access to millions of pockets at once. Cyberattacks, according to the Center for Strategic and International Studies, cost the global economy a whopping $445 billion a year.
Given that the majority of the nation’s credit and debit card transactions are processed in Georgia, it’s easy to see why the area might be a beachhead for financial cyberwarfare. As an international gateway, Atlanta – with its businesses, technological centers and research institutions like Georgia Tech – must lead in developing cybercrime responses, banding together to protect economic growth across the region.
The breaches at Atlanta-based Home Depot and at Target, Michaels and P.F. Chang’s are well-known, but companies of all sizes are vulnerable. According to the Ponemon Institute’s 2014 Cost of Data Breach Study, a data breach costs a company an average of $3.5 million, 15 percent more than in 2013. For a growing company, a breach can hurt financially or even be fatal. It can also cause significant and lasting reputational harm.
As managing director of the Atlanta office of Bank of the West, a subsidiary of BNP Paribas, I’m invested in helping the business community with cybercrime responses. Working with David Pollino, our chief fraud prevention 0fficer, we recommend the following guidelines:
• Create a plan. Incident Response Plans provide an overarching approach to managing incidents your business may experience, such as a leak of customer information, prolonged website outage or smokescreen attack used to hide the real fraud. A distributed denial of service attack, for instance, bombards a network to the point of crashing the website. But such an attack can also act as a diversion to hide the real crime. The plan should be available at a moment's notice in both electronic and printed form.
• Identify stakeholders. Include representatives from IT, finance, legal, communications, senior management and many others. Indicate at which point each person needs to be informed, with current contact and social media information, such as Twitter handles. Provide key executives with access to emergency infrastructure like satellite phones to ensure open communication lines.• Develop proactive communications. What to say, when and to whom is essential in any crisis and can have a material impact on the reputation and financial well-being of your business. Far in advance of an event, draft a communications plan that will serve as a foundation for engagement with your stakeholders – such as clients, media and the public.
• Consider external partners. It is unlikely your business will go it alone in a breach. Pre-negotiate with potential partners like identity theft monitoring services, forensic consultants and outside legal counsel before disaster strikes, so you'll have maximum leverage and can marshal support on short notice.
• Test tools regularly.
Itemizing the tools that will investigate, mitigate and quantify a potential incident will better prepare your business for future threats and strengthen your incident response plan. But testing the plan is as essential as creating it. Conduct an initial drill to see if the plan is complete and functional, and then schedule follow-up drills – ideally quarterly, but at least annually – to improve it.
Cyberattacks come in many shapes and sizes. Advance planning can make an incident a much more manageable experience for your business, your team members and, most importantly, your customers.
Christopher Torie is managing director of the Atlanta office of Bank of the West.
2015: another data breach year
By Trey Loughran
Home Depot. JPMorgan Chase. Staples. UPS. Michaels. Sony. Last year did not go lacking in significant data breaches at some of America’s – and Atlanta’s – biggest companies.
A total of 783 data breaches exposed more than 85 million records, according to the Identity Theft Resource Center. In early 2014, security experts were already dubbing it the “Year of the Data Breach.”
So what does that mean for 2015?The theft center’s data shows a more-than 27 percent increase in breaches between 2013 and 2014. At Equifax, we expect that trend to continue in the new year. Already in 2015, we have seen more companies announce they are investigating possible data breaches.
Data breaches are a lucrative way for criminals to get hold of information for identity theft. According to Javelin Strategy & Research, one in three people who received a data breach notification letter in 2013 later became a victim of identity fraud. Hackers may sell your information on the black market to other criminals looking to steal money, get access to health care or secure illegal employment.
Beyond the weeks or months it may take for an identity theft victim to regain his or her financial footing, the emotional impact of identity theft can have a lasting impact. Victims suffer emotional effects of financial stress, and feelings of loss of control or vulnerability. After all, identity theft is such an invasive yet invisible crime.
What’s a consumer to do when faced with near daily reports of lost or stolen information?
For starters, don’t panic. There are practices that can protect you from becoming an identity-theft victim: Lock up important documents; install anti-virus software on computers and smartphones; use unique passwords on websites you visit, and only shop with reputable companies.
The problem is that aside from always using cash or going completely off the grid, it’s impossible to not provide personal information at some point. But if you do open the newspaper one day and read one of your favorite brands has experienced a data breach, a few immediate steps can mitigate consequences.
First, hold onto any letter or email notifying you of the breach. Many businesses offer free identity theft monitoring services after a breach, and you should take advantage of it if they do.
Next, place a fraud alert or credit freeze by contacting the three credit reporting agencies – Equifax, Experian or TransUnion. Fraud alerts protect against new account fraud by requiring any credit grantor to take extra steps to verify your identity. A credit freeze prevents credit grantors from accessing your credit report altogether, so they would need to be lifted if you need to access credit for a major purchase down the road.
Also, contact the appropriate creditors or banks associated with the breached company and either close those accounts or take your bank’s recommended steps.
Continually monitor your bank account statements and credit reports to look for unusual activity, keeping in mind identity thieves may not use your personal information right away. Consumers are entitled under law to receive a free annual credit report from each of the three credit reporting agencies at www.annualcreditreport.com.
Some signs that you may have become a victim of identity theft after a data breach include failing to receive monthly bills, being denied credit, or receiving calls from debt collectors for accounts you don’t recognize.
None of us are impervious to becoming a data breach victim. Everyone from celebrities to your neighbors has been victimized. And so far, it looks like 2015 could be another “Year of the Data Breach.”
Before you start cutting up all your credit cards, devise a plan for what to do if you receive a data breach notice. Armed with the right knowledge, consumers can take control of their information, identity and finances.
Trey Loughran is president of Equifax Personal Solutions.
Women’s time in technology is now
By Jennifer Bonnett
It’s late on a fall Saturday evening. While most of Atlanta is out partying or home watching movies, I sit surrounded by about 60 idea people, designers and coders working diligently on turning an idea into a company within 54 hours. The next day, the teams will make presentations to a panel of investors and corporate innovators that will award prizes in excess of $10,000. As I look around the room, I am energized and thrilled with the turnout, specifically the diversity.
I attended my first StartupWeekend in November, 2008. I joined a team and coded. More than 125 people participated. I was one of only six women that weekend, and there were even fewer people of color. The lack of diversity led me to launch StartupChicks in early 2009.
Today is different. We had more than 100 people involved in our recent weekend. Approximately 30 percent was female, and almost one-third, non-Caucasian. This is a big deal and a lot of progress in six years.
Statistics tell a different story. In May, Google, Yahoo, Facebook and LinkedIn released diversity statistics showing female employees made up only 21 to 39 percent of their workforces. Women are nearly 50 percent of the U.S. workforce, yet fill only 14.6 percent of Fortune 500 executive seats.
Also, fewer women are studying computer science today than in the mid-1980s, when I studied. More than half the women who pursue careers in technology eventually leave the industry. Only a tiny amount of venture capital funding goes to female-founded companies.
None of these things surprises me. I have been a female executive in technology and start-up companies nearly 24 years. I am used to being the only female in room. I have also experienced sexual harassment, as have many of my female peers. I learned to ignore it, stand up for myself or move to the next opportunity. I also believe my career was accelerated, partly because I was a smart, young woman with excellent coding and communication skills.Today, I’m proud there is a strong ecosystem that supports women in technology, especially in Atlanta. StartupChicks, Women in Technology, GeekGirl Dinners, RailsGirls, PyLadies, WomenWhoCode and BlackGirlsCodeATL are just a few of the organizations that offer community, coaching and training for females who want to start companies or pursue technology careers.
Ernst & Young, PWC, Accenture, Coca-Cola, IBM, Google, SunTrust and most of our large corporations have programs to mentor and groom women. We need to encourage females to study science, technology, engineering and math. We also need to make it fun, so instead of dolls, why not buy your niece a 3D printing pen or a set of snap circuits for Christmas?
Women need role models they can relate to. They need help developing the confidence to sit at the table and speak up. And they need young men to be their allies; we’ll all accomplish more by working together. So yes, we still have an issue with the lack of diversity in the tech world. The tide is turning. From where I sit, there has never been a better time to be a woman in technology.
Jennifer Bonnett, assistant director of education and community outreach at the Advanced Technology Development Center, is chief chick/founder of StartupChicks.
