Child Identity Theft: Old Crimes, New Victims

Share on linkedin
Share on facebook
Share on twitter

Are Your Children’s Identities Safe at School?

The school year has now started in much of the world. Christmas and other end-of-year holidays are approaching. This chronology highlights a particularly insidious cyber security threat: the theft of children’s identities.

As MarketWatch.com reported during August 2018, a study found more than 1 million children were victims of identity fraud during 2017. The resulting costs? Approximately $2.6 billion.

“With limited financial history or existing account activity, children are the most likely to become victims of new-account fraud, the research showed. These attacks can occur before children even become active Internet users, with some two-thirds of victims being under the age of eight.”

Sadly, research indicates a family or friend commits approximately one-third of child identity theft. Hackers, however, are increasingly targeting children for identity theft as well. As the Rochester Democrat and Chronicle reported during August 2018, “Children are 35 times more likely to be victims of identity theft because they don’t have a credit history and their Social Security number isn’t active, according to the Division of Consumer Protection of the New York Department of State.”

Such identities are perfect for opening new, fraudulent accounts, and just in time for the holiday shopping season. Child identity theft can be undiscovered until the victim becomes an adult and tries to open a bank account, apply for a job, buy a car, rent an apartment or buy a house.

Identity Thieves Go to School, Too

How are children’s identities stolen? Often, at or from the schools they attend.

Each child who wants to sign up for a team or activity is asked for some personal information. This sometimes even includes the child’s Social Security number. The identities and personal information of staff and faculty are at risk as well.

During September 2018, Digital Trends reported how security experts demonstrated “how the fax function on a 1990s-era HP printer could be used to infiltrate network security.” Many school networks are populated with mixes of older and newer technologies, with few or no dedicated cyber security staff or resources to support them.

Beyond hacking, students, faculty and staff are at least as susceptible to phishing and social engineering as users in the corporate world. (According to the 2018 Verizon Data Breach Investigation Report, “4% of the targets in any given phishing campaign will click it. And incredibly, the more phishing emails someone has clicked, the more likely they are to do so again.”)

As Help Net Security reported during September 2018, “Earlier this year, the U.S. government ​charged​ nine Iranian hackers with stealing 31 terabytes of information worth more than $3 billion from over 300 American and foreign universities. The hackers used spear-phishing attacks [personally targeted bogus emails] to hack 8,000 accounts, including 3,768 at U.S. schools.” Most primary, middle and high schools are even more vulnerable than colleges and universities.

Child Identity Theft: What You Can Do

If you are an IT or cyber security team member at a school, then there are several steps you and your colleagues can take to increase protection of your students, colleagues and friends. (If you have kids in a school or live or work near a school, then you can share these recommendations with the technology decision makers there, too.)

  • Establish a baseline. Make sure all deployed, authorized endpoints, servers and networks adhere to strict, consistent security guidelines. If no such guidelines are yet established, ask for help to create them. Sources should include trusted vendors and recognized, respected sources, such as the Cybersecurity Framework from the National Institutes of Standards and Technology (NIST).
  • Keep protections current. Implement technologies and processes to verify continuously that endpoints and servers are running current security patches and all required security apps.
  • Remain vigilant. Routinely scan your environment for rogue devices and connections, and ensure nothing has been deployed or reset with a default or no password. This is a particular concern where so-called “Internet of Things” (IoT) devices, such as “smart” lighting, speakers, video cameras and kitchen or break room appliances, are concerned. Many of these have no or woefully inadequate security features, making them easily breached entry points into your environment.
  • Implement strong, regularly updated passwords. Demand them and enforce those demands.
  • Minimize requirements for personal and private information. The less that’s collected, the less there is to steal. At the very least, reduce or eliminate the use of Social Security numbers as unique identifiers.
  • Encrypt and password-protect everything possible. Any minor inconveniences to users will be worth the additional protection afforded to those users and the entire IT environment.
  • Encourage parents and guardians to put a “security freeze” on the credit report of every minor in their care. (Regulations and methods vary from state to state and among the credit reporting agencies.)
  • Educate everyone. The only effective defense against phishing and social engineering is emphatic, repeated training. Occasional surprise fake phishing emails can help as well.
  • Obtain the best available tools. Your IT management solutions should incorporate robust, easy-to-use features that help you discover, monitor and protect your critical IT assets – hardware, software and information.

Take Virima to School

Discovery, IT Asset Management (ITAM), and IT Service Management (ITSM) tools from Virima can help almost any school, college or university deliver the connectivity and computing power students, faculty and staff need and want, securely and economically. They can capture and inventory data about your IT environment’s components automatically. They can map dependencies; visualize relationships; and provide accurate, complete and timely information about your IT estate. These benefits can help make your environment more responsive, stable and secure. Virima’s Managed SaaS (Software-as-a-Service) Services can help you deploy your Virima solutions faster, and fine-tune them for optimal performance and value as needs evolve at your school. Learn more about Virima’s solutions here.

Share on linkedin
Share on facebook
Share on twitter

Subscribe to Our Newsletter

More to Explore

To understand the business value of service mapping, it’s important to shift to a service delivery mindset, rather than thinking about delivering infrastructure, equipment, software, and applications. Defining services is relatively simple if thought of as the commoditization of what’s…

Service mapping - the area of configuration management that perplexes so many IT professionals, yet that which provides the highest value in Configuration Management Database (CMDB) projects. There are several major reasons IT gets stopped when it comes to service…

The world of service management has changed as technology has shifted from providing tools for administrative support to being fully embedded in the delivery of the business’ core function. There’s a world of difference between using an accounts payable system…

The Configuration Management Database (CMDB) provides a single database that contains information about the enterprise’s assets, both logical and physical. In modern service management platforms, it provides core functionality that is referenced by all of the service management practices, including…

The importance of discovery comes from what it provides to the users of the Configuration Management Data Base (CMDB): trustworthy data and greater speed to value. Without discovery, the CMDB is built by feeds and data entry, which can lead…

There is an old saying that you can’t manage something unless you can measure it. Asset discovery can provide you with accurate and up-to-date data and information about everything you use in IT. You can then develop metrics using the…

Atlanta, Mar 19, 2020 (Issuewire.com)  - Virima Technologies Inc, a provider of CMDB, Discovery, IT Asset Management and IT Service Management (ITAM & ITSM) solutions, today announced that it has recently completed its Service Organization Controls 2 (SOC 2) examination under the Statement…

The most significant ServiceNow CMDB best practice is having a system with data you can trust.  ServiceNow will tell you that your stakeholders will tell you that and IT service management (ITSM) professionals will tell you that.  Achieving high-quality configuration…

CMDB - configuration management database - value potential is undisputed, you need to be careful and not blindly jump into implementation without having a clear plan in place about how this powerful tool will be used within your organization.  Here…

The past decade has introduced a tremendous change in the IT industry.  If you were to compare your IT ecosystem today with how it was ten years ago, you would likely find it hard even to recognize that you’re looking…