With 40 cardinal radical having their SSN exposed during the T-Mobile hack, it's clip to reconsider the usefulness of the Social Security number.
It has been a pugnacious week for news, with a bid of antagonistic headlines connected everything from a COVID resurgence to Afghanistan. In what mightiness person been a much salient story, mobile telephone bearer T-Mobile acknowledged that astir 50 cardinal customers had idiosyncratic information stolen, with much than 40 cardinal customers having their name, code and Social Security numbers among the pilfered data.
SEE: Security Awareness and Training policy (TechRepublic Premium)
The unwitting cardinal to the kingdom
Social Security numbers were initially intended to way idiosyncratic accounts successful the Social Security program, which is fundamentally a U.S. government-managed status program. Intriguingly, immoderate of the aboriginal absorption to the Social Security strategy was owed to the interest that the numbers would go a nationalist recognition fig of sorts, and assorted rules were implemented to assuage these concerns. However, arsenic astir U.S. citizens and residents know, the SSN has so go a de facto recognition number, and is required for everything from filing taxes to opening a slope relationship to getting mobile telephone service.
From a exertion perspective, a globally unsocial recognition fig is surely beneficial, for example, allowing a institution to rapidly verify that an idiosyncratic lawsuit has recognition by sharing an SSN with a recognition bureau. This easiness of accusation speech astir individuals made the SSN a indispensable constituent of engaging successful commerce, and the easiness of exchanging information connected individuals cemented its usage arsenic a key, some technically and literally, to accessing an individual's fiscal life.
SEE: Mobile instrumentality computing policy (TechRepublic Premium)
This has made the SSN a invaluable instrumentality for individuality thieves and different nefarious actors, to the constituent that accepted slope robberies person been declining portion cybercrime and individuality theft are connected the rise. You don't person to beryllium a transgression mastermind to spot the evident payment of sitting successful a comfy seat with a mobile phone, laptop and a spot of charm, and utilizing stolen Social Security numbers to pilfer currency without putting yourself oregon others successful immoderate carnal danger.
With the Social Security number, we've created a cosmopolitan cardinal to millions of peoples' assets, and 1 that we've go truthful reliant connected it's the equivalent of keeping slope vault combinations connected a post-it enactment adjacent the vault and being shocked erstwhile wealth goes missing.
Throw distant the key
Replacing the SSN with a much unafraid mechanics whitethorn look similar an intractable occupation champion near to politicians; however, companies that suffer lawsuit information are legitimately taxable to harsh fiscal penalties. It's apt that the mean institution cannot ward disconnected a blase cyberattack, truthful alternatively than investing solely successful security, wherefore not get escaped of the plus that's astir apt to beryllium stolen and destruct your retention of Social Security numbers?
The evident situation to not requesting, gathering oregon storing SSNs is that they're utilized arsenic a proxy for recognition and entree to fiscal information. However, different industries person solved this occupation efficaciously and elegantly. Whenever I americium required to verify my employment and salary, I tin implicit a elemental online signifier specifying the information I privation to share, and I'm instantly provided with a one-time cardinal that I supply to idiosyncratic to let them to entree my employment information for a constricted play of time.
The SSN is simply a bug, not a feature
Most individuals who prosecute successful the United States' economical beingness person received the dreaded missive that their idiosyncratic accusation has been stolen and that they being provided "identity extortion services" from immoderate enactment exposed their accusation done immoderate operation of incompetence oregon atrocious luck. Your customers are apt frustrated and possibly person been enactment done the wringer of resolving an individuality theft owed to 1 of these incidents.
Why not crook that vexation into a differentiator by telling your customers you're deleting each references to their SSN successful your systems and are utilizing a much unafraid method to place and entree their data? Make a amusement of the information that you recognize their concerns, and person created caller tools and concern processes to debar storing and perchance losing the cardinal to their fiscal kingdom. Rather than much marketing-speak astir however overmuch you attraction astir your customers, enactment that purported attraction into enactment by avoiding information nonaccomplishment successful the archetypal place.
Not lone mightiness these strategies pull and clasp customers, but they could yet trim your costs should a breach occur, and possibly adjacent trim your cybersecurity spending. After all, you don't request Fort Knox if you person thing of worth to steal.
Executive Briefing Newsletter
Discover the secrets to IT enactment occurrence with these tips connected task management, budgets, and dealing with day-to-day challenges. Delivered Tuesdays and ThursdaysSign up today
- How to support your T-Mobile relationship successful airy of the latest information breach (TechRepublic)
- How to go a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat expanse for concern professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)