‘Workplace ID Theft’ Articles

According to a new Gallup poll of identity theft statistics, 66% of adults worry the most about their identities being stolen.

Gallup trends measuring Americans’ fear of being victims of specific crimes date back several decades, but for each of 10 crimes, the question has been updated annually on Gallup’s Crime survey since 2000. Terrorism was added to the list in 2001, and 2009 marks the first year identity theft has been included.  Gallup says the reason for big worries about identity theft might have to do with the high-profile attention lawmakers and identity-protection firms have been placing on it.

Besides identity theft statistics on American’s fear of identity theft, they also polled on the steps they would take to prevent it. Biometrics is the clear winner. Biometrics refers to methods for uniquely recognizing humans based upon one or more built-in physical or behavioral traits (fingerprint, voice pattern, gait pattern, retinal scan, etc.).  In particular, biometrics is used as a form of Identity Access Management and it is also used to identify individuals in groups that are under surveillance. According to the Gallup Survey, 58% percent of Americans said they would use biometrics to verify their identities, as long as the biometric data was secured, while 38% said they would not use biometrics. The lack of daily use of these methods causes some Americans to be hesitant at first until they are more familiar.

While the majority of identity theft schemes prey upon individuals, small-businesses and organizations are increasingly becoming targets. Business identity theft is a serious threat, but it mostly flies under the radar simply because companies are embarrassed to discuss.

Although most companies are protected by copyright, patent and trademark laws, smaller companies lack the higher IT security measures that large companies have. According to recent studies by Javelin Strategy & Research this makes them 25% more likely to be victims of business identity theft over larger businesses.  Not only do small businesses and business owners typically have larger lines of credit open than an individual, but they are unlikely to detect the fraud for six to eight months making them a prime target.

Business Identity has not been completely defined yet, but it definitely has been stolen. California has become the leader in offering identity rights to organizations and in 2006 they expanded the definition of ‘person’ in identity theft laws to include associations, organizations, partnerships, businesses, trusts, companies, and corporations. These types of amended laws have proved to deter business identity theft and provide greater assistance to those companies that have been hit.

Laptop theft and mobile data theft (tape backups, iPhones, BlackBerries, USB drives) account for nearly half of the cases of serious corporate data breach and workplace identity theft. Your corporation’s data breach protection will be significantly improved by educating your staff on the following mobile data best practices:

Before you save sensitive data to any mobile device, it is your responsibility to:

• Determine if your organization allows you to remove the data in question from the office in the first place. Are you allowed to save that database, Excel file, Word document, customer list, employee record, intellectual capital, etc. on your laptop, thumb drive or other mobile device?
• Decide if it is absolutely necessary to remove it from the more highly-controlled and secure environment of the office. In many of the major cases of reported data breach, the data stored on the mobile device did not actually need to be there in the first place.
• Verify that you have been authorized by your supervisor to place a copy on your device. When in doubt, check with your manager, supervisor or privacy officer to determine the correct course of action.
• Exhaust all other lower-risk alternatives for accessing the data. In many cases, it is possible to utilize a secure remote access connection to access the data so that it never leaves the company premises. You lower your personal liability when you access the data through centralized, highly secure methods.

Workplace identity theft isn’t caused by paper documents because we have gone paperless, right? Rubbish. Paper rubbish, in fact.

You and I both know that we use as much paper as ever. We sign up for electronic statements and then print and file them, along with important emails, financial documents, etc. Paper documents are more plentiful than ever, and they pose a significant risk of workplace identity theft and data breach.

According to a recent study* conducted by the Alliance for Secure Business Information (ASBI):

• 80% of large organizations surveyed indicated that they had experienced one or more data breaches over the previous 12 months
• 49% of those breaches involved the loss or theft of paper documents.
• The average breach recovery cost $6.3 Million!

In other words, most businesses have already been breached and half of the time it was because of paper documents!

Fact: Every day, businesses manage highly confidential information (customer data, employee records, intellectual property), leaving themselves, their employees and customers vulnerable to an extremely costly data breach.

But what many fail to realize is that paper documents pose just as much of a risk to an organization as electronic documents.

Shredding is the most concrete form of identity theft prevention and the only way to help ensure that all confidential information included on paper documents remains just that…confidential.

Identity Theft Speaker John Sileo on Traveling Safety.

Traveling Safety has become a study of its own ever since the advent of identity theft. Your biggest concern may no longer be physical in nature (pickpockets, hotel theft, muggings); the value of the personal identity you carry as you travel is worth far more than the cash in your wallet.

We all love to plan the vacation of our dreams. I can almost taste the pasta Bolognese as I read about that out-of-the way trattoria half way down the ancient narrow vicolo (blind alley) in Tuscany. But there’s one area we often overlook that can turn that long-anticipated dinner into a nightmare – the theft of our most-valuable asset, our identity. Let’s fast forward – we’ve savored the last bite of pasta and drained our pitcher of the vino rosso locale before presenting our credit card.   Our friendly waiter looks concerned as he walks back to our table to tell us that our credit card has been declined. It doesn’t take us long to discover a thief has maxed out our credit and there is nothing left to pay for our dream. If we’re lucky, we’ll have a backup plan and pay by cash or another credit card. If we are less lucky, the thief has cashed out our bank account as well, has stolen our passport numbers to set up new accounts, or has gained access to a laptop computer full of sensitive personal and workplace data. What were we thinking (or not thinking) by neglecting traveling safety?

The TJX security data breach is our fault.

TJX Cos. has been ordered to pay $9.75M in a data breach security lawsuit. The data breach settlement will be awarded to 41 states because TJX failed to protect customers’ financial information from a massive computer breach announced in 2007 that exposed millions of customers’ personal and credit card data to hackers.

The settlement amount is probably the largest ever, and it is comically low.

TJX lost somewhere between 40 and 90 million customer records, and there is a good chance yours was one of them if you shop at T.J. Maxx, Marshalls, HomeGoods or A.J. Wright. If only 10% of those breached records were ever used to commit identity fraud (let’s say 7.5 million records, to be conservative), at the average cost of identity theft recovery ($700), the damage to you and me is approximately $490 Million. So TJX paid about a 2% penalty for failing to protect our data. They value the safety of our being a customer at about 2%. They care about their own profits about 98%.

Security awareness programs (data security education) are drastically lacking in American corporations, and it is leading to an increase in data breach and workplace identity theft.

Look at these numbers about employee data security just released by the Ponemon Institute. They appeared in a post by the Ponemon Institute’s Founder, Larry Ponemon (the quote is theirs, the emphasis, mine):

Laptop anti-theft, or protecting your mobile data, is a MUST for corporations and consumers. Almost half of workplace identity theft takes place because of mobile data. And the average value of the data on your laptop can be worth hundreds of thousands of dollars to a corporate spy or experienced identity thief. At the higher end of the scale, the value of the 26 million Veteran identities on a laptop lost over a year ago was estimated to be worth more than $100 million. Those are the types of computer security risks that can make your business unprofitable. But there are solutions.

Broken Window Theory: By removing graffiti and repairing broken windows in crime hot-spots throughout New York City, the NYPD was able to drastically reduce the entire city’s overall crime rate (not just the quantity of graffiti and broken windows), including thefts, burglaries, muggings and murders. In other words, certain actions that we take (e.g., focusing on crime hot-spots rather than on every type of crime) can have a disproportionately positive effect on achieving our goal (e.g., lower crime rates). Business translation: you get a far higher return on investment for certain well-planned tactical strikes than you do for far more expensive strategic initiatives.

My point? In the world of workplace identity theft and corporate data breach, laptop computers are the biggest broken window. Not only do laptops account for a disproportionate amount of data theft, but training the organization to properly protect mobile computers has a radiant effect on all other types of identity protection. Good habits in one area breed good habits in others.

Stop the theft of corporate laptops (or personal laptops with corporate data on them) and you have eliminated approximately 50% of the entire data breach problem at a fraction of the security cost.

Laptop theft generally occurs in transit: airports, hotels,  cars, commuter trains, conferences, off-site meetings, vacations, coffee shops, etc. Build laptop anti-theft training into your organizational culture of privacy:

7 Laptop Anti-Theft Tips for Travelers
Technorati Profile

If I’ve learned one thing as an identity theft expert these past few years, it’s this: As bloggers with something to gain (monetarily) from our daily posts, we do everything we can to veil our advertisements deep within the text. Nearly every blog post has some financial gain tied to it: Google AdWords down the right side of the column, gentle product sales, magazine subscriptions, you name it.

That’s the trade-off: bloggers give you content and in return, you agree to watch our commercials. With a few exceptions (truly altruistic and non-commercial blogs, which do exist), anytime someone tells you that they gain nothing financially from their blog, tell them HOGWASH! They are simply hiding behind their content. When you get something of value, you are paying with something of value. When you read the Wall Street Journal, you agree to at least browse their advertising (however passively). When you read my blog about identity theft prevention, you learn that I speak to corporations and organizations around the world about data breach and identity theft.

So I’m not going to even try and conceal the commercial nature of this post: the very hilarious and very famous Larry Winget endorsed me as a speaker. I tell you for one reason: to get you to hire me as an identity theft expert and identity theft speaker, and to hire Business Humorist Larry Winget. Period. Let us expose your audience to messages of financial responsibility and financial privacy before they bring their poor habits into your organization.

Here’s a statistic that’ll get your attention!  285 million records were compromised in 2008 according to a new data breach study from Verizon Business.  The report claims that organized crime is responsible for a large increase in the number of breached corporate electronic records.

The report of industries affected by data breach shows that Financial Services was the major gainer in 2008.  That industry doubled its percentage of data breach to 30% while Retail is still the most affected industry (barely) at 31%. The shift to data breach in Financial Services will affect all of us more drastically.

According to the study, which Verizon Business compiled using data from the 90 confirmed corporate network breaches it recorded last year, roughly 93% of all records breached came from the financial sector. The company also says that nine out of every 10 of these breaches involved “groups identified by law enforcement as engaged in organized crime.” Verizon says that the 285 million electronic records breached last year were more than the total number of records breached in the past four years combined. The reason for the sharp increase is that attacks on financial firms’ networks have become more sophisticated and successful, the company says. Although only 17% of the attacks studied by Verizon constituted “highly sophisticated” data breaches, these attacks were responsible for 95% of all records breached. Verizon says that cybercriminals are targeting financial service companies’ networks to get customers’ personal identification number (PIN) information in order to withdraw cash directly from their accounts. Cybercriminals are also selling PIN information on the black market, the company says. Read the full report on data breach. (Scroll down when you see “285″). Technorati Profile