Tag Archive for: Workplace ID Theft

Whose Device – Yours, Mine or Ours?

Carrying multiple personal devices is a pain and, yet, the fear of giving away critical company data is a nightmare.

For most of us, being connected equals being productive. However, this simple equation becomes complex when one has to juggle personal devices with those issued by our employers. Paramount in an employer’s mind is the protection of the company’s critical and confidential business data but they don’t want to alienate employees by being too restrictive on using their personal smartphones and tablets.

Recent research has found that nearly three out of four adults don’t protect their smartphones with security software and these same people often use their devices to access social media and websites that attract cybercrooks. Poorly-secured  devices can be easily accessed by hackers who are becoming evermore sophisticated and ferocious.

This device conundrum ties directly to corporate IT culture and the question of allowing employees to use personal devices to conduct business. The solution ranges anywhere from an outright ban (which employees often ignore) to fully embracing an employee’s choice, while building corporate safeguards to block spam and corrupt application downloading. Some companies permit it with tight controls such as having the ability to wipe the gadgets clean of all information in the case of loss. Of course that means all personal data will be wiped along with business data but studies show employee satisfaction (ergo productivity) is tied to exercising personal preference of devices.

Security and legal teams wrestle with this dilemma constantly in the mobil world of today and there’s no clear cut answer. Protecting a company and its clients’ data is essential; but also, productivity, efficiency, organization and responsiveness are but a few benefits of giving employees their choice of gadget.

Arming those same employees with the safety measures to secure their devices from fraudulent activities is where IT departments can manage risk. Building a parallel strategy that serves both corporate IT and the end-user is not only necessary, it is beneficial to the bottom-line.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper60 Minutes or Fox Business1.800.258.8076.

 

 

 

 

 

 

 

 

 

 

Identity Theft for Businesses: Mobile Data Breach

Mobile Data Theft

Technology is the focal point of data breach and workplace identity theft because corporations create, transmit, and store so many pieces of information digitally that it becomes a highly attractive target. This book is not intended to address the complex maze that larger organizations face in protecting their technological and digital assets. Rather, the purpose of this book is to begin to familiarize business employees, executives, and vendors with the various security issues facing them.
The task, then, is to develop a capable team (internal and external) to address these issues. In my experience, the following technology-related issues pose the greatest data-loss threats inside organizations:

  • Laptop Theft: According to the Ponemon Institute, 36 percent of reported breaches are due to a lost or stolen laptop.
  • Mobile Data Theft: Thumb drives, CDs, DVDs, tape backups, smart phones
  • Malware: Software that infects corporate systems, allowing criminals inside these networks
  • Hacking: Breaking into your computer system from the outside, using networks, wireless connections, remote access, and your Internet pipeline
  • Wireless Theft: Wireless connections to the Internet in airports, hotels, cafes, and conferences
  • Insider Theft: When someone in the IT department (or elsewhere) decides to make extra money by selling your data

According to the Ponemon Institute, ‘‘Thirty-six percent of all cases in this year’s study involved lost or stolen laptop computers or other mobile data-bearing devices. Data breaches concerning lost, missing, or stolen laptop computers are more expensive than other incidents. Specifically, in this year’s study, the per-victim cost for a data breach involving a lost or stolen laptop was just under $225, over $30 more than if a laptop or mobile device was not involved.’’ Continue Reading….

The post above is an excerpt from John’s latest book Privacy Means Profit. To learn more and to purchase the book, visit our website www.ThinkLikeASpy.com.

Privacy Means Profit

Prevent Identity Theft and Secure You and Your Bottom Line

This book builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

In Privacy Means Profit, John Sileo demonstrates how to keep data theft from destroying your bottom line, both personally and professionally. In addition to sharing his gripping tale of losing $300,000 and his business to data breach, John writes about the risks posed by social media, travel theft, workplace identity theft, and how to keep it from happening to you and your business.

Child Identity Theft Expert – Part II

baby2

Were you surprised the other day when I said that your children are highly attractive targets of identity thieves because they have untouched and unblemished credit records?  Let me tell you just how easy it happens.

How Does It Happen?

All an identity thief needs to ruin your child’s bright financial future is her name and Social Security Number.

“Shouldn’t my child’s age show up on any credit background check, shouldn’t the merchant recognize that the person in front of them buying a car on credit isn’t seven years old?” you ask.

Yes, it should, but the people screening the credit report rarely give it the time and care necessary to detect fraud.

All too often, background checks involve simply matching the name and the Social Security Number provided. This leaves doors wide open for scandalous minds to wreak havoc on your child’s perfect credit. The most unsettling part is that the age of the applicant (in this case, the person posing as your child) becomes official with the credit bureaus upon the first credit application. This makes clearing a sabotaged credit record even more difficult because you have to prove to the credit bureau that your child is only seven and isn’t responsible for thousands of dollars of debt.

In no time at all, your child could have a maxed out credit card, unpaid bills and a huge mortgage for beachfront property across the country. You might not discover the illegal purchases until your child opens a bank account, applies for a job, tries to get a driver’s license or enters college. At that point, you are left with the time-consuming dilemma of cleaning up someone else’s fraudulent mess. If only clearing up a credit report was as easy as cleaning up after your kids.

Do the gaping holes in our current credit system and the audacity of criminals leave you enraged? Me too. And it is imperative that you use your anger as fuel to protect and prepare your children’s future before it is too late.

Child Identity theft is the fastest growing sector of the identity theft “industry,” and the numbers are staggering. Although it’s difficult to estimate exactly how many children lose their identities since the crime can go undetected for years, the FTC states that 5% of identity theft cases target children, which translates into 500,000 kidnapped child identities per year, and growing. The Identity Theft Resource Center discovered that in 54% of the cases, the child was under the age of six.

In my next blog, I’ll talk about Who Does This.

Identity Theft Speaker, John Sileo

Tax Time Identity Theft Prevention Tips

Identity theft speaker John Sileo shares his tax-time identity theft prevention tips.

This past week, I have been helping a gentleman recover from the theft of all of his tax records.  Before it is all over, this gentleman will have spent hundreds of hours and thousands of dollars simply preventing any further fraudulent use of his identity. That doesn’t account for any damages already done to his finances, criminal record, medical records or social security benefits. There is very little that is more damaging and dangerous to your identity than losing your tax records. After all, tax records generally contain the most sensitive personally identifying information that you own, including Social Security Numbers (for you, your spouse and maybe even your kids), names, addresses, employers, net worth, etc. Because of this high concentration of sensitive data, tax time is like an all-you-can-eat buffet for identity thieves. Here are some of the dishes on which they greedily feed:

  • Tax documents exposed on your desk (home and work)
  • Private information that sits unprotected in your tax-preparer’s office
  • Improperly mailed, emailed and digitally transmitted or filed records
  • Photocopiers with hard drives that store a digital copy of your tax forms
  • Copies of sensitive documents that get thrown out without being shredded
  • Improperly stored and locked documents once your return is filed
  • Tax-time scams that take advantage of our propensity to do whatever the IRS says (even if it’s not really the IRS asking)

Top Tips for Tax Time Identity Theft Protection Safe Preparation. Your greatest risk of identity theft during tax season comes from your tax preparer (if you use one) either because they are dishonest (less likely) or because they are careless with your sensitive documents (more likely). Just walk into a tax-preparers office on April 1 and ask yourself how easy it would be to walk off with a few client folders containing mounds of profitable identity. The devil is in the disorganization. Effective Solutions:

  • Choose your preparer wisely. How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Do they have an established record and are they recommended by the Better Business Bureau?
  • Interview your preparer before you turn over sensitive information. Ask them exactly how they protect your privacy (do they have a privacy policy?). Are they meeting with you in a room full of client files, or do they take you to a neutral, data-free, conference room or office? Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the next section?
  • Asking professional tax preparers these questions sends them a message that you are watching! Identity thieves tend to stay away from people they know are actively monitoring for fraud. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood.

Secure Computers. Last year, more than 80 million Americans filed their tax returns electronically. To prevent electronic identity theft, you must take the necessary steps to protect your computer, network and wireless connection. Additionally, your tax preparer should be working only on a secured computer, network and internet connection. Hire a professional to implement the following security measures:

  • Strong alpha-numeric passwords that keep strangers out of your system
  • Anti-virus and anti-spyware software configured with automatic updates
  • Encrypted hard drives or folders (especially for your tax preparer)
  • Automatic operating system updates and security patches
  • An encrypted wireless network protection
  • A firewall between your computer and the internet
  • Remove all file-sharing programs from your computer (limewire, napster, etc.)

Private information should be transmitted by phone using your cell or land line (don’t use cordless phones). In addition, never email your private information to anyone unless you are totally confident that you are using encrypted email. This is a rarity, so don’t assume you have it. In a pinch, you can email password protected PDF documents, though these are relatively easy to hack. Stop Falling for IRS Scams. We have a heightened response mechanism during tax season; we don’t want to raise any red flags with the IRS, so we tend to give our personal information without much thought. We are primed to be socially engineered. Here’s how to combat the problem:

  • Make your default answer, “No”. When someone asks for your Social Security Number or other identifying information, refuse until you are completely comfortable that they are legitimate. Verify their credentials by calling them back on a published number for the IRS.
  • If someone promises you (by phone, fax, mail, or in person) to drastically reduce your tax bill or speed up your tax return, don’t believe them until you have done your homework (call the IRS directly if you have to). These schemes flourish when the government issues economic stimulus checks and IRS refunds.
  • If anyone asks you for information in order to send you your check, they are scamming for your identity. The IRS already knows where you live (and where to send your rebate)! By the way, the IRS will NEVER email you for any reason (e.g., promising a refund, requesting information, threatening you).
  • To learn more about IRS scams, visit the only legitimate IRS website, which is www.irs.gov. If you are hit by an IRS scam, contact the IRS’s Taxpayer Advocate Service at www.irs.gov/advocate.

Mail Safely. A good deal of identity theft takes place while tax documents or supporting material are being sent through the mail. If you are sending your tax return through the mail, follow these steps:

  • Walk the envelope inside of the post office and hand it to an employee. Too much mail is stolen out of the blue USPS mailboxes and driveway mailboxes that we use for everything else to make them safe.
  • Send your return by certified mail so that you know it has arrived safely. This sends a message to each mail carrier that they had better provide extra protection to the document they are carrying.
  • Consider filing electronically so that you take mail out of the equation. Make sure that you have a well-protected computer (discussed above).

Shred and Store Safely. Any copies of tax documents that you no longer need can be shredded using a confetti shredder. Store all tax records, documents and related materials in a secure fire safe. I recommend spending the extra money to have your safe bolted into your home so that a thief can’t walk away with your entire identity portfolio. Make sure that your tax provider appropriately destroys and locks up any lingering pieces of your identity as well. Tax returns provide more of your private information in a single place than almost any other document in our lives. Don’t waste your tax refund recovering from this crime.

John Sileo became one of America’s leading Social Networking Speakers & sought after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Uncovering Business Identity Theft

While the majority of identity theft schemes prey upon individuals, small-businesses and organizations are increasingly becoming targets. Business identity theft is a serious threat, but it mostly flies under the radar simply because companies are embarrassed to discuss.

Although most companies are protected by copyright, patent and trademark laws, smaller companies lack the higher IT security measures that large companies have. According to recent studies by Javelin Strategy & Research this makes them 25% more likely to be victims of business identity theft over larger businesses.  Not only do small businesses and business owners typically have larger lines of credit open than an individual, but they are unlikely to detect the fraud for six to eight months making them a prime target.

Business Identity has not been completely defined yet, but it definitely has been stolen. California has become the leader in offering identity rights to organizations and in 2006 they expanded the definition of ‘person’ in identity theft laws to include associations, organizations, partnerships, businesses, trusts, companies, and corporations. These types of amended laws have proved to deter business identity theft and provide greater assistance to those companies that have been hit.

Most commonly criminals assume the name of a business, rent out office space in the same building and order everything from corporate credit cards to hundreds of computers and equipment. In one instance the culprit billed a law firm for $70,000 in purchased equipment, hired a moving truck and disappeared from the building before the fraud was ever detected.  This has been not only costly, but timely. If businesses had the same protection as individuals this would have been quickly resolved and the victims would have moved on. Credit card companies have also followed suit and began to remove the distinction between business identity theft and individual identity theft.

The lack of publicity on this type of Identity theft is solely due to a lack of reporting by companies. Businesses are required by federal law to notify consumers who’s personal information has been hijacked, but not if their businesses identity has been stolen. In order to save face, most business owners would rather not own up to such a breach to avoid looking like the pawn in a criminals scheme. Without incentives and assistance to a company who has experienced this type of transgression there is little reason for them to come forward.

Until businesses and their owners come forward to help uncover business identity theft there will be less laws in place to deter criminals and small businesses will remain vulnerable.

For more information on this issue check out BusinessWeek.

John Sileo provides identity theft training to human resource departments and organizations around the country. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.