Over the past two decades, my work in information technology has exposed me to home end users, as well as corporate environments of every shape and size, throughout most sectors of the industry. These experiences have provided a unique perspective into the struggles that individuals and organizations face regarding personal information and proper user identity and data management.
Throughout my many encounters with those who’ve been exploited and the countless hours I have spent designing, implementing, and supporting various IT projects, one topic has always stood out as the key security factor – Identity.
These days, there's no getting away from the term. Identity is everywhere. In the news, reports of identity theft and fraud are an almost daily occurrence, with both companies and consumers facing millions of dollars in damages each year dealing with the fallout from such events. Identity theft has become such an issue that the U.S. Department of Justice has created a webpage specifically to address the subject, complete with a consumer quiz to help educate the public.
But wait… what is identity?
While a quick Google search yields numerous definitions, here are the first two results I found:
- The fact of being who or what a person or thing is.
- The characteristics of determining this
- (of an object) serving to establish who the holder, owner, or wearer is by bearing their name and often other details such as signature or photograph
- A close similarity or affinity
OK. So, those are dictionary definitions, but what IS identity?
Identity is much broader than these definitions. These days, your identity reaches into almost everything you touch. Not only is it a broader perception of who or what you think you are, but it also encompasses your lifestyle, characteristics, thoughts, feelings, and dreams.
However, for the purposes of this blog, we’ll consider it everything one has put out in public, specifically the digital realm. And in this sense, identity isn't just unique to individuals; companies have identities as well.
Identity gets personal
Let's be candid. People have a tendency to put just about anything online. Social media profiles abound with information, ranging from addresses and phone numbers, to photos, to information about employers, hobbies, interests, and even the personal information of family members. The internet is brimming with personal information – a virtual treasure trove, if you will, of identity information.
Putting all this information out in public might seem trivial at the time, but in the greater scheme of things, many people don't stop to consider the ramifications of exposing themselves to such an extent. After all, each little tidbit by itself isn't all that important, right?
The example of John Smith
Well, let’s play out this scenario to see just how much weight identity actually carries. For this example, we’ll use a fictional character named John Smith.
Who cares that John Smith has three daughters named Sarah, Jillian, and Phoebe or a Siberian husky named Rex? Who cares that he has pictures of himself catching fly balls at a baseball game or hunting exotic animals in Africa? I mean, his friends all need to know about how much he enjoys living! He's led a very successful life, right?
However, what John Smith doesn't understand is that malicious entities are quietly waiting, gathering these little nuggets of information, and building profiles of virtually every user they encounter – including John! They've uncovered his birthdate and all of his email addresses. Plus, they know the types of things on which he spends money. With a little effort, these thieves can easily impersonate John.
They start by opening credit lines in his name. First, slowly siphoning money and making small purchases to ensure they don't arouse suspicion, and then, suddenly cashing in on all of his credit, buying luxury items, taking trips – living large!
What's more, they've opened copycat profiles on social media sites. They impersonate him, ruining relationships with his friends and family and even befriending and stalking his daughters. They've found “interesting things” in John's personal data and have begun maliciously publishing this private information all across the internet – a term known as dox’ing.
The cycle continues to swirl, getting worse and worse. Soon, what once was a wonderful existence for John is now a diluted and corrupted mess. Serious damage has been done to his personal life and career, and it could take years before John can recover and live a normal life again.
With cases of identity theft and fraud more common than ever, it’s crucial that you understand the value of identity. While an extreme case, the John Smith example provides a glimpse into what can and often does happen, should proper training and handling of identity-related data not be exercised. I encourage you to examine your own online habits, and to take steps to ensure you aren’t oversharing your own personal information.