How Bosco and Data Security Relate


SecurityComp

In the 1995 “Seinfeld” sitcom episode “The Secret Code,” the character George Costanza, played by Jason Alexander, was obsessed with protecting his pass code for access to his bank account via an ATM.

A protective George would not give the code, Bosco, to his live-in girlfriend, fearing she would access his money.

This was followed by an awkward dinner with Elaine’s boss, the catalog publisher J. Peterman. George and Jerry were invited to dinner with Peterman, but Elaine was a no-show and Jerry left, leaving George with Peterman, whom he did not know well. Soon George was in a position to visit Peterman’s dying mother, to whom he told his secret code. Peterman was with his mother when she said her last word: Bosco. He asks George, what does this mean? But George does not say.

Later, Peterman later asks George to help free someone whose sleeve was caught in an ATM. George has to give up his pass code to unlock the ATM.  And he does.

Nowadays, we are beyond the simple pass codes of the dog name Fido, 12345 or the brand name for chocolate syrup. Bosco is becoming 12 characters, and maybe 16. Now  the problem remains: Too many people are giving it up.

There are numerous issues surrounding the protection of data that should remain private, said Mark Eichorn of the Federal Trade Commission. Nevertheless, data that should be private is shared; data that should be secured is exposed.

Tax identity theft is so lucrative, he said in views expressed as his own, that the bad guys are turning away from illegal drug supplying and focusing on how to steal tax identifications, using them to open or occupy bank accounts, buy automobiles and new homes.

In 2014, 7 percent of the population of the U.S. had their identities stolen, Eichorn said March 27 at the American Payroll Association’s 2017 Capital Summit in Washington. He referred to agency guidance on FTC.gov and some basics for employers, including:

•Don’t collect personal information you do not need. Retain it only as long as you have to. Don’t use personal information, if you have access to it, when you do not need it.

•Examine service-level agreements with third parties that have access to employment data and sensitive, private information. Employers should ensure that after they encrypt data, it stays encrypted during the lifecycle of the information.

Then there are system-protection protocols, such as limiting access to certain types of data to only those who need it. Employers should store information securely and protect against authentication bypass.

And passwords should move to 12 and 16 characters because thieves have the resources to easily crack shorter pass codes, Eichorn said. The use of dual authentication, or two-factor authentication, is becoming more necessary now, he said.

But all that awareness and protection is worth little if the George Costanza in your organization gives up his password.

Take a free trial of Bloomberg BNA’s Payroll Decision Support Network, your one-stop resource for reliable, up-to-date guidance and analysis in every area of payroll administration and compliance.

Follow Michael Baer on Twitter @MichaelTBaer  and join the Bloomberg BNA U.S. and Global Payroll group on LinkedIn.