It’s that time of year again when people near and far get ready to celebrate the most wonderful holiday of them all.

OK, perhaps it isn’t exactly Christmas, but Data Privacy Day – observed on January 28th in 2012 – is no less a celebration; it’s just that this one is designed to promote best practices and awareness around privacy.  The “holiday” was begun in Europe in 2007 and continues to be observed in 30 countries as Data Protection Day.  In the U.S., National Data Privacy Day is managed by the National Cyber Security Alliance (NCSA), a non-profit public-private partnership which estimates that through media and other activities its messages regarding cybersecurity reached 175,000,000 people last year, all in the service of promoting a digital society that can best leverage the five c’s: content, community, communication, commerce and connectivity.

As our world becomes ever smaller and more networked, Data Privacy Day provides information to consumers about the ways in which personal information is collected, stored, used and shared. The international privacy promotion also helps businesses understand the laws and regulations to which they’re subjected and offers guidance about how to best shield themselves from risks.  Above all, the event is designed to foster a dialogue between different entities – citizens, private organizations and public institutions – about how to balance innovation, progress and growth with the need for privacy protection.

Since privacy is our shared responsibility, how can you contribute to this security festivity?  Train your employees, or consider hosting an event or sponsoring NPD.  If you have kids or teach them, turn to the Teens and Young Adults page, the Parents and Kids page, or the Educators page, which offer guidelines such as how to update your Facebook privacy settings, resources such as videos on how to protect your personal information and privacy, as well as your children’s.  Data Privacy Day activities will include presentations, conferences, technology demonstrations, webpage and video competitions, instructional videos, workshops, and regional events, so there are plenty of ways to get involved; for more information, turn to  www.dataprivacyday.org.

And remember to stay tuned to Experian’s Data Breach Resolution blog, where every day is data privacy day.

With the flood of online shoppers comes the accompanying tidal wave of fraudsters washing over the cheerful holiday landscape.  Hidden behind the online mistletoe, cyber-thieves lurk with seasonal scams, virtual Scrooges with plans to spoil holiday shopping for consumers and retailers.

Here, according to McAfee, are 12 common holiday scams to beware of:

1. iPad scams.  Watch out for bogus offers for free iPads on social media sites and via spam.

2. “Help! I’ve been robbed” scam. Fraudsters send emails appearing to come from the account of friends which state that they’ve been robbed while traveling abroad and need money to be wired in order to get home.

3. Fake gift cards. With these scams, cybercriminals promise fake gift cards in exchange for personal information that can be used for identity theft.

4. Holiday job offers. Fake, high-paying, work at home jobs are offered in exchange for personal information.

5. “Smishing.” Scammers “phish” via text message, or smish, often posing as a bank or online retailer requesting personal information to address a problem with a target’s account.

6. Holiday rental scams. Fake, attractive rental properties at low prices are advertised on phony websites in order to lure deposits via wire transfer.

7. Recession scams.  Financial “help” is offered to targets in the form of pay-in-advance credit schemes and pre-qualified low-interest loans, all in exchange for an upfront processing free.

8. Grinch-like Greetings. Fake e-cards are loaded with links to computer viruses and other malware.

9. Low price traps. Auction sites and phony websites are used to offer too-good-to-be-true prices on holiday gifts; the scammers walk away with information and/or money.

10.  Charity scams. Solicitations for phony charities play on the spirit of holiday giving and philanthropic generosity.

11. Dodgy holiday downloads. Watch out for holiday-themed jingles, screensavers and animations distributed via downloads, spam or dubious websites – they could contain malware.

12. Hotel and airport Wi-Fi. During this season of high travel, Wi-Fi hotspots are criminal hangouts, with scammers eager to hack into unprotected networks.

This holiday season, make sure that you, your employees and your customers are on high alert for the seasonal scams that turn up with the regularity of fruitcake…and are just as unwanted.

The tourism industry may be bouncing back from the worst of the recession, but occupancy, unfortunately, isn’t the only thing on the rise.  So are data breaches.

According to a new report by British insurance firm Willis Group Holdings, insurance claims for data theft worldwide jumped 56% last year, with the largest share of those attacks – 38% – targeting hotels, reports and tour companies.

Why are hackers increasingly making themselves at home in the hospitality sector?

According to hospitality experts, the reasons are multi-fold:

1.    Labor cutbacks.  Given the recessionary climate, hotels have reduced staff and are trying to do more with less.  While the lean and mean approach may help hospitality businesses bolster bottom lines, it hurts the industry’s front line defenses against hackers.

2.    Software and equipment reductions.  While hotels ride out the recession, security maintenance, implementation and upgrades fall lower in the priority checklist, creating an easy welcome mat for fraudsters.

3.    Multiple entry points.  Customers book hotels through hotel websites, online travel reservation portals, phone calls, email, postal mail, and in-person with concierges.  Each channel offers its own risks for data breaches and must be individually addressed.

4.    Large access to personal data.  The hospitality industry keeps massive amounts of personal data on file for years and can sometimes lose track of what they have stored and where – all within databases that may be far less than bullet-proof.

5.    Guest room computers with flimsy protection.  Those networked desktops that hotels sometimes provide for guests can be so helpful…and harmful.  Often these computers are riddled with viruses or hiding bits and bytes of old customer data.

6.    Insecure cultures.  Even in the best of times, much of the hospitality industry simply doesn’t prioritize security as it should.  By creating business cultures that don’t sufficiently respect privacy, hotels are jeopardizing the trust of their customers.

Given that hackers have identified the hospitality sector as a soft target, what can hotels do to keep these unwanted guests out?  Here are some tips from industry watchdogs:

1. Minimize data collection.  If you don’t need it, don’t collect it.
2. Understand and comply with PCI-DSS.  Make sure your business is completely aware of its “cardholder data environment” and is providing appropriate protections.
3. Find and digitally shred unneeded information.  Old, forgotten data is dangerous. Don’t be “data blind” – eliminate what you no longer need.
4. Simplify your reports.  For example, don’t offer up social security numbers if not needed.
5. Limit access.  Employees should be on a “need to know” basis with PCI and HR data.
6. Split up your network.  Create electronic firewalls that limit the spread of viruses and attacks.
7. Encrypt. Proper encryption renders hacked data unusable.
8. Understand your network.  Review network logs for unauthorized activity, and make sure your security professionals do, too.
9. Don’t put security in the ghetto.  Security isn’t just for IT professionals; make sure your entire organization creates and respects a culture of privacy that prioritizes security as the basis for all of its operations

According to a recent study by the Identity Theft Resource Center, data breaches in the healthcare sector are occurring at a higher rate than in other industries.  The study found that of the 385 data breaches that occurred in the U.S. in the first half of 2010, 30% of those affected were healthcare providers.  In comparison, data breaches reported in banking and other financial institutions for the same time period totaled 10%.

What is the cause of this large discrepancy between industries?  According to commentary provided by eSecurity Planet, the increase may be due to the many different types of workers that have access to areas in healthcare organizations buildings where sensitive data is stored. This unrestricted access provides an opportunity for unauthorized employees to access laptops, USB drives or desktops with sensitive information from areas that are far less secure than at a bank or other financial institutions.

This sharp increase has caught the attention of the US Congress that is set to approve $1.7 billion to fight healthcare fraud. A large portion of that spend will go towards creating fraud “task forces” in up to 20 cities across the U.S. Watchdog groups and patient privacy advocates are also putting pressure on healthcare organizations to protect patient’s medical records and personal information especially as patient records become digital and are stored by third parties.

Deterring and detecting data breach threats does not happen by chance.  Now more than ever, it is important for healthcare companies to take advantage of proven data security solutions and to develop policies, like those used in other industries, to help protect patient data.

Smart phones and other wireless devices are increasingly popular among individual and business users with a 64% year over year market share growth, according to Canalys.  As more business users work remotely and travel the use of wireless devices has become a necessity in the workplace to access data. However, using wireless devices presents new challenges to keep transmitted and stored data secure.

Earlier this year, it was reported that several senior level Washington DC politicians purchased iPads and individually set up their wireless accounts using their service provider’s account verification process.  A security company identified a data security flaw and was able to hack the verification process.  This clever hack resulted in the theft of over 100,000 email addresses and unique numbers associated with the devices purchased.  Affected politicians included White House Chief of Staff, Rahm Emanuel and New York City Mayor, Michael Bloomberg.

Individual email addresses and device serial numbers may not sound significant at first glance.  However, nefarious individuals can leverage this data to guess more relevant information such as provider account number…which is linked to personally identifiable information (PII) of the end user.

Defining wireless device use standards is paramount. Corporate executive leadership must enable the communication between leaders in the Compliance, IT and consumer- facing teams to develop standards for device adoption and for how sensitive data is handled or distributed.  Policies and standards must be in place to help prevent the occurrence of a data breach.

What is your company doing to define wireless device usage and data standards?