Manager of Information Security, Frank Russell Company
How would you advise the average computer user to protect himself?
If I were at home, for instance, and I wanted to have internet access, there
would be some essential tools that I would have that aren't sold with the
computer that you buy.
First thing I'd do is evaluate carefully whether I wanted broadband with
connections like the cable modem or a DSL connection. Those are fine
services, but they come with some additional configuration challenges that
maybe the average person wouldn't be aware of. If they're not properly
configured, those are the kinds of connections to the internet which I refer to
often as the "dirty" public wire. Those connections need to have something
that stands in the way as a gatekeeper between you and that public
So I would buy a personal firewall of some sort that would provide me a couple
of services. One, it would let me see clearly who was knocking at my door
through that connection. That's another thing that the public surprisingly is
not aware of. The internet isn't something you plug into and feed data into
and accept from people who have directed it to you. It is a random connection
that gets lots of random interaction. A firewall can clearly show you where
those random hits against your particular address are coming from, what they
I would also be careful to manage my desktop and the data on my system to limit
the kind of data I would have in my system. I'd also be careful in my habits
on the internet. I'd be careful where I'd go. I'd be more responsible and
understand that environment better than just ad hoc travelling around on that
She was a victim via the internet of "identity theft" in 1996. Another woman
assumed Frank's identity and rang up over $50,000 in credit card debt.
Assuming that there will never be sufficient public controls or communal
control to prevent [identity theft], what does the individual do?
The individual can do certain things to minimize their risk, but I have to tell
you, there's nothing that you can do to guarantee it. There are certain things
you can do that involve just being more aware. For example, getting your
credit report and looking at it at least twice a year, and seeing if there's
any fraud on it. That is the first thing to do--make sure that you get it
quarterly and see what's on there.
Because we're finding out that there's so much criminal identity theft, now
I'm telling people to go and do a criminal background search on themselves at
least once a year. Find out if someone has a murder arrest in your name. That
happened to one of my clients last year. He had no idea for two years that
there was a murder arrest, and he couldn't get a job.
He was officially a convicted murderer?
He wasn't a convicted murderer. He was supposedly arrested for murder. When
his Social Security number was mixed with another Social Security number, the
name was wrong. But when he applied for jobs, he kept getting denied
employment, because it was coming up that he had been arrested for murder.
I'm still dealing with that case right now.
But I'm telling people to get your background searched and see if someone is
committing a crime in your name. I get probably a dozen calls a month just
from criminal identity theft and maybe a hundred calls a month on financial
So the first thing you can do is to get your credit report. The second thing
is to shred all your information that you have offline. For example, if you get
a bank statement and it's got your Social Security number, shred it. Don't
keep any information around, because people can go and do what we call
"dumpster diving." They go through your trash and they fish out what they
They can do it at work. Be careful at work. Does your badge have your Social
Security number on it? In other words, make sure that you limit the use of
your Social Security number. Don't carry it around with you. Don't give out
personal information online. . . .
And another thing we tell people to do is to even shred information that's on
your computer. Confidential information should be encrypted, and any
information that you want to get off your computer, you have to shred, because
if you delete it, it does not just delete.
Another thing you should do is make sure that you don't give confidential
information by cell phone, or by a remote phone, or on the internet unless it's
encrypted. Put up firewalls so someone can't come in and steal your
information from your computer.
Chief of the U.S. Justice Department's Computer Crime and Intellectual Property
What does an individual with a little PC and an internet account do to
protect a Social Security number and various other personal data? And what does
a corporation or a company do to install appropriate firewalls?
. . . If you are going to navigate in the internet world, you don't have to be
an engineer, but it is smart to understand something about how the
communication system operates. There are different ways of connecting to the
internet. Some are faster. Some are more secure. Some have more controls. . . .
What I would suggest is, "Don't just look at fast, don't just look at cheap.
Also look at safe." This will require you to get a little familiar with the
technology. . . . Do a little bit of reading, and talk to friends who are
technologically sophisticated, and get some good advice about privacy and
security on networks.
If you are a company and you have financial reasons for wanting to secure your
network, then it's very, very important to think about personnel security and
some background checks. The cheapest contractor may not be the most secure
contractor. There are trade-offs.
home · who are hackers? · risks of the internet · who's responsible · how to be vigilant · interviews
discussion · video excerpts · synopsis · press · tapes · credits
FRONTLINE · wgbh · pbs online
some photos copyright ©2001 photodisc
web site copyright 1995-2013 WGBH educational foundation