The irony couldn't be greater.

Here we are, in the middle of a worldwide security storm.Thieves are deploying every technology imaginable to capture ourdata and steal our money. State and federal governments are passingnew legislation. Agencies are publishing new guidelines. Creditunions and other companies spend billions of dollars each month toprotect our information from the thieves.

Then we log onto Facebook or Ancestry.com where we enter most ofthe personal information those same thieves need to access ouridentities and our assets.

Does it matter that pundits and security authorities havewarned? That headlines, security articles, presentations and evenregulatory letters have alarmed? That thieves have been caughttrolling social networks for user information? That spectacularbreak-ins have resulted from the careless entry of personalinformation on sites like these? Not enough.

Recent surveys show that nearly half of all public profiles onsocial networking sites expose the day, month and year of theirbirths. More than half share the name of their high school. Dig alittle deeper and you'll find mother's maiden name, street whereyou grew up, the name of your first dog or cat, you name it. It'sall out there, waiting to be gleaned.

How much more does a criminal need to open a new checkingaccount, crack passwords or answer challenge questions on existingaccounts?

Companies have also suffered the consequences of unthinkingemployees posting too many details online. Smart criminals usesocial networking for reconnaissance. They use details fromFacebook and other social media sites to understand theorganizational structure and roles of staff. Armed with thisinformation, they customize attacks to specific roles (such assending a malicious document titled “Benefits Summary” to HR staffrather than IT staff, for example).

The fact is that social engineering works very well. We want toshare everything from our favorite recipe we just cooked to thePersian cat we just coiffed. Armed with these personal andrevealing details, hackers don't have to work overly hard to commitfraud.

Increased use of mobile technology also has fueled fraud.According to some security experts, smartphone owners are 33% morelikely to be victims of ID fraud than non-owners. Driving theincrease may be simple laziness. Nearly one third of smart-phoneowners do not regularly update their phones' operating systems.Nearly two thirds of smart-phone users do not use passwords ontheir home screens, and nearly one third save login information onthe device.

One effective method of thwarting cybercrime continues to beconsumer education. Credit union staff and others faced with safetyand soundness must continue to impress upon consumers theimportance of basic security measures. Most of these measures havenot changed appreciably from years ago, and are well within thecontrol of the consumer:

• Limit the amount of personal information you post in socialforums
• Use strong passwords and change them frequently
• Apply software updates as soon as they are released
• Beware of suspicious emails containing links and attachments –even those coming from known addresses
• When you work on your PC, use the administrative role only whenmaking software changes. The rest of the time, sign in as a userwith limited rights

More than the laws passed and the rules handed down, these basicmeasures can go a long way toward turning the tide on cyberattacks. If consumers would stop releasing personal information andsecure their technology, we would be in a much better place.

Perhaps the credit union movement can continue to be the voiceof reason for the public. Given the level of trust consumers placein their personal financial institutions, who better to drive homethe importance of security?

Kevin Hamel isvice president and security officer at COCC Inc. in Avon,Conn.