Page 30 - GS190701
P. 30
CoverStory
contact information when prompted to avoid
Armed with publicly available being contacted later. Companies spend a lot of
money for these leads, but without using proper
information and open-source intelligence validation, they can end up spinning their wheels,
(OSINT), criminals can access online he said. A validation process would raise the
quality score of the leads.
accounts and steal identities. This makes
it imperative to understand and properly When customers fill out forms or download
ebooks, effective lead generation programs route
configure the media platforms you use. their details to CRMs, enabling agents to begin
working those leads right away, Akhrin said. PCI
Level 1 compliant programs can transfer, store and
push encrypted data into accounting software and
million transactions from peer-to-peer payments app other platforms throughout an enterprise, while
Venmo and published the dataset on GitHub in June 2019. also generating real-time reports.
Anyone can grab the data, Salmon warned, without even
using an API key. "There is some very valuable data here Fail safe, fail secure
for any attacker conducting OSINT research," he wrote on "The U.S. is constantly poking at privacy legislation,
GitHub. mostly having to do with opting in and opting out and the
right to be forgotten," Punzirudu said. "But there is a lot
Sam Bakken, senior product marketing manager at of information out there. Consumers need to learn about
OneSpan, observed that Venmo intentionally made its themselves and take ownership of their online accounts."
default settings public to enable users to share their
purchase activities. Bakken feels that while users can For example, qualified security assessors and hackers
decide whether their transactions are shared publicly, can use OSINT research to scrape up to 30 sites at a time.
with friends or not at all, Venmo should default to private Simply typing an email address on a search site will
settings. He questioned why anyone would want to make confirm if a user ID was used on a site. "I could go online
their Venmo transactions an open book, as "attackers and search for you and see the last two places where you
might potentially find such information valuable as fuel lived," Punzirudu added. "The privacy argument is big,
for social engineering schemes or maybe even blackmail." but there's a lot of data that you have little control over."
Pete Philomey, national sales manager at South Seas Data, "Fail safe" describes a feature or practice that responds
has transacted on Venmo with friends but said he doesn't in a way that will cause no or minimal harm if a specific
get the allure of the app's shared buying experience. "I type of failure occurs. "Fail secure" typically means that
don't really care that you paid your cleaner $100," he said. if the power is interrupted or fails, the door stays locked.
"Whatever! I have the app's social shut off because who I When applied to security, these principles ensure that
pay is my business." when something breaks, it doesn't cause harm, Punzirudu
stated. Lock your doors to prevent intrusion, but not so
Dimitri Akhrin, president of IRIS CRM, concurred, stating securely that you're stuck inside if there's a fire.
that scrapers sometimes extract and use data in ways that
companies didn't intend when they made those sources Punzirudu proposed the following fail safe/fail secure
available. As a Venmo user, he noticed Venmo profiles approaches to protecting consumer and business data:
are public unless users toggle back the settings. Not every
user realizes this; consequently, there's a lot of aggregated 1. Be diligent about your online identity. Use tools to
data floating around, he noted. spot your Internet impersonators and fake accounts.
Separate true from fake Delete Me, an online subscription service, removes
your information from 150 sources.
Akhrin has also seen plenty of fake information on the
Internet. "Businesses need to weed out the bad actors 2. Be aware of what's going on around you. Assume
behind today's content overload," he said. "When bad someone already is pretending to be you. If you're
information comes in, employees lose time verifying email concerned about physical security, install vehicle
and phone numbers, attempting to schedule appointments dash cams and home surveillance cameras.
and pursuing fake leads. Two-factor authentication, such
as sending a code to a mobile phone, would mitigate many 3. Subscribe to a credit bureau or similar service
of these issues." that notifies you when accounts are opened in your
name.
Anybody can submit garbage on a form, and not everyone
does it with bad intent, Akhrin noted. People who want 4. Evaluate and protect data. Business owners: if
to download a report or access a video may enter bogus you don't need data, don't accept it. Consumers: stop
30
