In addition to denying Governor Palin access to her own account, the hacker had full control to:

• Read every saved and current email in her account (hopefully she never sent her Social Security Number, passwords or account numbers via email, not to mention correspondence pertaining to her role as candidate for Vice President of the U.S.)

• Steal the email addresses and any other sensitive information stored in her contacts (John McCain might want to change his email address)

• Send out emails as if the hacker were Sarah Palin, or worse yet, send out official emails as Alaskan Governor, Sarah Palin

The potential for abuse is mind boggling. Sarah Palin should take immediate steps to protect her stolen identity and to secure her future privacy.  Here are a sampling of the steps I would recommend:

1. Before closing down the compromised account, she should review all of the emails and contacts to which the hacker had access. Any account numbers, passwords, pin numbers or other personally identifying information that she sent via email should be handled on a case-by-case basis. For example, if she emailed her credit card number, that account should immediately be closed. This is a perfect example of why you shouldn’t send any information by email that you don’t want published on the front page of a newspaper.
2. Subscribe to an identity surveillance service so that she can monitor the illegal use of her identity beyond standard credit report tracking. Remember, less than 20% of identity theft touches your credit report, so it is important to monitor other sources of risk, including non-credit loan reports, cyber-trafficking of your personal data, and court, criminal or government documents posted online, etc. The service I use to monitor these identity items (and to insure me and help me recover in case my identity is used illegally) is CSIDentity.com. The compromised data may not be used for years, so it is important to keep a watchful eye over time and not resort to a one-time credit check.
3. Monitor her credit reports for free. This is important because it will allow her to establish a baseline credit file. In other words, she will know what the credit portion of her identity looks like before the thief has a chance to take advantage of it. That way, when her credit file changes (and she is alerted to the change by the surveillance service in step 2), she will immediately recognize the change.
4. At the very minimum, place a fraud alert on her credit file with Experian, Equifax and TransUnion. I recommend going one step further and actually placing a complete credit freeze on her social security number. This will keep any identity thieves from setting up new credit accounts in her name by assigning a password to her credit file. It is slightly inconvenient and can cost a few dollars, but it is the best step for someone whose identity has been knowingly stolen. Make sure to sign up for the identity surveillance (step 2) before freezing credit, as this makes the monitoring process more difficult.
5. Change her habits. The longer-term solution to this problem is for Governor Palin to stop revealing so much personal information (to corporations, on the internet, etc.). Identity thieves collect personal information about you in small pieces (a birthday from Wikipedia, your address from Google, your home value from mypublicinfo.com, private details from your blog or website, etc.). This is not an easy task, especially when you are a public figure. But a bit more discretion on her part will go a long way.

Unfortunately, Sarah Palin isn’t alone in needing to take these steps. You should too, before your email correspondence ends up as the top story on CNN.

John Sileo is America’s Top Identity Theft Speaker and the award-winning author of Stolen Lives: Identity Theft Prevention Made Simple. To learn more about having John motivate your audience to proactively protect sensitive information, please visit www.ThinkLikeASpy.com or call 800-258-8076. For further identity theft prevention tips, visit the Sileo Privacy Project at www.Sileo.com.

The Privacy Project: To help you better protect identity-bearing devices while they are being transported and stored in your car (RV, boat, etc.). The solution…

Watch The Video

It’s old news that thieves smash windows and break into cars for GPS navigation systems, stereos, cameras and anything else you’ve left lying around. More recently, thieves have found a more valuable treasure: laptop computers, iPhones, BlackBerrys, client files, tape backups, thumb drives, car registration documents or any receptacle of identity, personally identifying information or sensitive corporate data that can be worth thousands or millions of dollars.

Occasionally, the thieves make a big score, like they did recently when they stole a laptop out of the trunk of a car while the owner was sipping a latte at Starbucks. The laptop contained over 2 million complete identities. The data breach ended up costing the victim company more than $80 million (excluding loss of stock value, employee downtime and damaged brand).

Can you imagine if that was your car? Your company laptop? Your responsibility? It’s a nightmare scenario.

The Privacy Solution: SentrySafe AutoSafe.

Until recently, the only solution was to have a custom safe built for and bolted into your car. They tended to be cumbersome, extremely inflexible (once there, they are always there) and very expensive. In the past month, the makers of the SentrySafe line of home and office fire safes introduced the AutoSafe. It was designed with traditional theft in mind, but it serves the alternative purpose of protecting identity. Take a look at the short video above to see how the AutoSafe works.

I recommend the AutoSafe to help you protect the following identity sources (remember that the inside of a car can reach extreme temperatures - make sure you remove any temperature-sensitive devices after transit):

• Laptop hard drives (see video for explanation)
• Cell phone (when not needed in person)
• Thumb and jump drives, Palladin and data-transport devices
• Data CDs, DVDs and Tape Backups
• PDAs
• Passports or other identity documents that you need to transport
• Car-based identity documents (registration, insurance card, etc. - don’t forget to tell the policeman why you are keeping your documents in a safe before you start to get out of the car)
• Unfortunately, this safe is not large enough to store sensitive document files

Features (As published on the SentrySafe website):

• High security key lock: key drives the bolts
• 2 steel locking bolts
• Steel security cable anchors to seat or trunk
• Steel cable is vinyl coated to protect painted surfaces
• Designed to fit in foot well under seat or trunk
• Stylish aluminum and molded exterior design - reinforced with steel interior
• Foam lined to cushion contents
• Easy installation - no tools necessary
• Anti-slip protection includes: Velcro disks, rubber feet, carpet screw
• Color: Black

To purchase a SentrySafe AutoSafe AS-1, you must be a member of Costco. As soon as they are available elsewhere, I will let you know.

John Sileo
Identity Theft Speaker

If so, you need to know that 11 people, including a Secret Service informant, have been charged in connection with those retail data breaches. In other words, the spies (in this case, a crime ring syndicate) have been caught.

Unfortunately, this doesn’t mean that your stolen identity is now safe. Most likely, your data was either used or sold off within days of being stolen from the retailer - long before you were even notified of the identity theft.

Nor does it mean that you will receive any compensation or redress for what was taken from you (your money, your time, your name and possibly your reputation).

The companies that were targeted, like TJX, will receive little in return, either. Their collective costs from the data breaches are so high that the government won’t even hazard a guess. The TJX breach alone has been estimated to cost TJX upwards of $1 Billion.

But there is good news. The indictments mean that the Department of Justice is actively pursing and prosecuting large identity theft crime rings, and even catching some of them. This is significant because it sends a signal to future identity theft rings that they cannot work without some regard for being punished for their illegal activities. Unfortunately, since 8 of the 11 people charged operated outside of the US, there is no way for the DOJ to effectively bring them to justice. Which means they continue in their highly profitable and highly illegal business.

It also means that corporations and government institutions will come under immense profit pressure to analyze and fix data security weaknesses like the wireless routers left relatively unprotected by these retailers (they didn’t properly encrypt their wireless networks, leaving access to their systems open to anyone driving by with a laptop computer and sniffing software).

The best news of all, however, is a statement made by Homeland Security Secretary Michael Chertoff, who, commenting on the indictments, said:

Today’s indictments are a reminder of a growing threat that every American faces in the 21st century — the fact that each individual’s greatest asset is their names, their identity.

Chertoff underscores and acknowledges what we, as victims, already understand - that your identity, your name, your personally identifying information, is your most valuable asset in life. It is worth everything you have, financially and even emotionally. As the government begins to recognize the profitability of protecting it’s citizens’ identities, so too will corporate America recognize the unparalleled costs of ignoring data breach, identity theft and the value of it’s customer data, employee records and intellectual capital. And as they come to grips with the financial burden of data breach, they will begin to aggressively educate their workforce on the means to prevent it.

There is hope.

John Sileo
Professional Data Breach Speaker

John Sileo
Keynote Speaker

For more tips of this type, please visit my YouTube Identity Theft Expert Video Channel at www.YouTube.com/JohnSileo. It is relatively new, but my office is working diligently to add content every week. Some people like to read, some like to watch, so I will continue to add blogs of both types. Travel wisely this summer.

John Sileo
Motivational Identity Theft Speaker

In fact, there are tangible identity protection benefits delivered by many of these services. Having researched many of them, I settled on CSIdentity for my personal use because of the “engine underneath it’s hood”. Unlike LifeLock, it provides a portfolio of monitoring tools: credit reports, pay-day loan fraud detection, public records, illegal cyber-trafficking of your personally identifying information, etc. It also offers insurance in case you get hit. For $10-12 a month, it actually allows you to monitor many aspects of your identity simply by checking your email (the email you if they detect a problem). No, I don’t make money when you sign up for their service, I use it because it works.

There are rumors going around that LifeLock might be adding some of this type of detection functionality to its product. Time will tell… that is, if they survive the onslaught of bad news that comes from advertising a car for sale that, at this point in time, doesn’t actually have an engine under their very shiny hood.

John Sileo
Identity Theft Expert and Speaker

Direct Marketing Association Do Not Mail List. To place your name (and your spouse’s/partner’s name) on the list maintained by the DMA that let’s businesses know that you don’t want unsolicited marketing mail (junk mail), please visit the DMA site.

State Do-Not-Call Lists. Most of the state do-not-call lists have been combined into the national list. However, you can still find information about your particular state’s do-not-call lists by visiting the DMA website.

National Do-Not-Call List. You will accomplish the same end by registering with the National Do-Not-Call List.

Do-Not-Email List. Finally, you can put your name on a Do-Not-Email list with the Direct Marketing Association. I am not sold that this actually lowers SPAM a great deal, but it is worth trying. Visit the DMA Do-Not-Email List for more information.

Are you an expert at something?

In the world of professional speaking, you are expected to be an expert in your topic (to be taken seriously and to make a living). So speakers begin calling themselves experts, sometimes before they deserve the title. It’s like giving yourself a nickname - it feels a bit self-congratulatory.

I’m no exception. After becoming a two-time victim of identity theft, writing a book on identity theft prevention, and delivering approximately 50 identity theft speeches, I suddenly became an identity theft expert. One day at a speech, someone introduced me as John Sileo, identity theft expert. A local TV station was there filming, so that night on TV I became a local ID theft expert. And that eventually led to some modest national recognition. The name stuck - because it was good for marketing and because, compared to the people in my audience, it was usually true. But compared to a criminal investigator who’d studied financial crime for 20 years, it was untrue. My expertise was really about DELIVERY - distilling and delivering the most important prevention information in a way that inspired people to take action. Which is great… but does it make me an identity theft expert?

Here’s the kicker. Had I not been branded an identity theft expert before it was probably true (if, in fact, it is true even now), I would have never been given the opportunities to BECOME an expert. Once I was branded “the expert” (and it’s later incarnation, “America’s Top Identity Theft Speaker”), I was invited to speak for Fortune 500 companies, participate on boards, contribute to panels and conferences and articles and to meet other experts on the topic. That exposure increased my expertise. But the chicken/egg sensation still troubles me - which came first, the title or the expertise? All too often, I think the title is first. Is that necessarily a bad thing?

Which brings me to my point. How do we become genuine experts in our field? I think that this is the single most important professional question we face as a nation as professional jobs increasingly go to people with greater expertise (sometime in other countries). If my friend Patrick (a pilot for Continental) were to call himself an expert as early in his career as I did, we would all be taking our vacations by car this summer. Ditto for a doctor, teacher or Army general. Expertise obviously varies by what we are applying the term to. But I would like to find the common denominators among these fields (expert pilot, speaker, guitar player, coach, mom, golfer, chess player, etc.). Out of this conversation, I’d like to collect an understanding of some of the common qualities that experts share (if such a list exists). With that knowledge, maybe it will be easier to become an expert. I’ll share my thoughts and learnings once I’ve heard yours.

My fascination with this topic has lead me to read academic papers on the topic. Drawing from those, let me set a common foundation by defining a couple of terms:

1. Expert: “One who is very skillful and well-informed in some special field” or “someone widely recognized as a reliable source of knowledge, technique, or skill whose judgement is accorded authority and status by the public or his or her peers” (Webster’s New World Dictionary, 1968, p. 168).
2. Expertise: “the characteristics, skills, and knowledge that distinguish experts from novices and less experienced people” (The Cambridge Handbook of Expertise and Expert Performance, 2006, p. 3).
3. Expert Performance: the ability to consistently reproduce superior performances - to land the airplane safely in a monsoon every time, to win half of the golf tournaments you enter in a year, to play the guitar like Tommy Emmanuel:

So this is the question: How do we become experts? What, exactly, makes you the expert you are?

Is it knowledge? Experience? Coaching? A certain type of practice? Is it in our genes to become an expert? Is it a personality trait? Hard work? Focus? What made Bobby Fischer a better chess player after 9 years than his opponents, some of whom had played competitively for 30 years? They had more knowledge (knew more combinations of moves), more experience (games played), higher IQs, better coaches (according to some), etc. But comparatively, he was the greater expert at age 16. Why? I don’t want to oversimplify, but to find common ground. To explore some universal truths about expertise.

I’m sending this blog post to people that I truly consider experts in their field. I’d love to hear their thoughts on the topic, and yours.

John Sileo
Identity Theft Expert

Tax time is like Christmas for identity thieves. Our personal information sits out on desks (ours and our tax preparer’s), is mailed improperly, emailed incorrectly and stored unsafely. And to top it all off, we are used to giving our personal data away during tax time, and therefore preconditioned not to give the risks much thought. It’s time to think about it.

Top Tips for Tax Time Identity Theft Protection

Safe Preparation. If you use a tax preparer, understand how they protect your privacy. Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the second tip below? How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Asking professional tax preparers these questions directly sets an excellent standard for your relationship. They should be able to answer them without pause. If they know that you are aware that tax documents attract identity thieves, they will probably be more careful with your information. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood.

Secure Computers. Last year, more than 77 million Americans filed their tax returns electronically. To prevent electronic identity theft, you must take the necessary steps to protect your computer, network and wireless connection. Have a trusted computer security professional help you implement the 7 steps to a system lock-down (Passwords, Anti-virus/Anti-spyware, Encryption, Automatic Operating System Updates, Secure Wireless Networks, Firewalls and Mobile Computing Devices) and make sure that your tax preparer does the same. Also, make sure that all peer-to-peer networking is turned off or configured to disable the sharing of your personal folders (so that the identity thief can’t download your tax return). Lock all PDF printouts of tax documents with a password (a feature available in Adobe PDF products).

Don’t Buy it! If someone promises you (by phone, fax, mail, or in person) to drastically reduce your tax bill or speed up your tax return, don’t believe them until you have done your homework (call the IRS directly if you have to). Anytime someone is promising too much (bigger refunds, faster service), or threatens you (e.g., “the IRS will come after you if you don’t do this”), your instincts should warn you that they are probably trying to get information out of you by playing on your desire to get something for nothing, and your desire to avoid confrontation. This is especially apparent with the new economic stimulus tax-time checks that go into effect this May. If anyone asks you for information in order to send you your check, they are scamming for your identity. The IRS already knows where you live (and where to send your rebate)!

Mail Safely. If you are sending your tax return through the mail, make sure to carry it inside of the post office and send it by certified mail so that you know it has arrived safely. Too much mail is stolen out of the blue USPS mailboxes and driveway mailboxes that we use for everything else. Don’t email any private information to your tax preparer or spouse unless you are very comfortable with how to encrypt email. If you don’t know how to encrypt, don’t count on email as a secure form of communication. If you don’t want it published in the newspaper, don’t put it in an email.

Shred and Store Safely. Any copies of tax documents that you no longer need can be shredded using a confetti shredder. Store all tax records, documents and related materials in a secure fire safe. I recommend spending the extra money to have your Sentry Safe bolted into your home so that a thief can’t walk away with your entire identity portfolio. Make sure that your tax provider appropriately destroys and locks up any lingering pieces of your identity as well.

Your tax records are one of the most comprehensive and complete collections of your identity. Don’t take the threat of them disappearing too lightly.

John Sileo
Identity Theft Speaker

 First, a little background. During the speech, I shared three general techniques with them to help them protect the identities they hand every day (their clients’ and their own):

1. The Privacy Reflex. How to recognize a scam, fraud, identity thief or dishonest transaction before it harms you. This uses a combination of anti-social engineering tools that retrain the audience to trust their instincts when they are sharing data (either their own or their clients).
2. The Interrogation. How to ask effective and highly specific questions in order to determine who can be trusted. 
3. Targeting the Enemy. In this section, I talk about the specific tools that can be used by financial planners to lower the risk that either their identity or their client’s identity is stolen. This included stopping financial junk mail, moving to on line statements, freezing credit, limiting data collection inside of the business, protecting laptops and mobile data devices, investing proportionally to value in regard to professional document shredding and computer network security, and utilizing existing Identity Surveillance tools (http://www.csidentity.com/, http://www.annualcreditreport.com/, eMoneyAdvisor) to protect client identities.

But during the speech, I gave them a piece of advise that I would like to amend. One of the most frequent forms of the theft of financial advisor client information happens when a laptop computer is stolen from the advisor. And one of the most common places this happens, ironically, is when the advisor is attending an out-of-town conference or meeting. Instead of lugging the laptop with them to each event, it’s just easier to leave it back in the hotel room.

But when you ask yourself who is in control of that computer once you have left the room, the answer is full of risk. Of course, it’s the cleaning staff. Most room service personnel are trustworthy, but you can’t bank on that always being the case. With that in mind, I recommended several options to protect the identities on that computer:

1. First of all, use strong passwords and data encryption to protect the data on the notebook computer in case it does disappear.  
2. Stop carrying data on your computer that you don’t absolutely need. If you don’t need to have client information on there, don’t put it on in the first place.
3. Carry it with you to the events. Of course, when you set it down during a coffee break, your risk goes back up.
4. Lock the laptop in the room safe. Sometimes they don’t fit, so I suggest that you pull the hard drive out of the laptop (which is where all of the identity lives) and place that in the safe.
5. Use the hotel safe. Most hotels will lock up computers for you in their safe. Now you just need confidence that the hotel staff are trustworthy.
6. The option that I liked best (until yesterday) was to place the DO NOT DISTURB sign on my door as I leave each morning so that no one enters my room. True, your room doesn’t get cleaned, but you are keeping potential thieves not just from your computer, but from any client documents, passports or intellectual capital that might be in the room. Hiding things is a poor option, as a thief will know every one of those spots by heart.

Unfortunately, when I got back to my hotel room at the Marriott after spending the day in downtown Los Angeles, the cleaning staff had eventually ignored the Do Not Disturb sign and cleaned the room anyway. You should have seen me go after the manager who was on duty. Not only is this a violation of my privacy, it is a violation of hotel policy.

Or is it?

No one on duty yesterday could tell me what the policy is for a room with a Do Not Disturb sign on it. If it hangs all day, are they allowed to enter the room? At this hotel, it would appear so, but absolutely no one could tell me the ACTUAL POLICY. Which means that this is no longer as strong an option as I thought it was. I have stayed in more than 400 hotels over the past few years and this is the first time someone has entered the room when the sign was hanging on the door (that I know of). Luckily, my computer was in the safe and my client files were with me in downtown LA (I like to use layered levels of protection and not just rely on one factor - I’m a bit paranoid in that way because of what I’ve been through).  But I need to add a caveat to yesterday’s speech: Do Not Disturb signs don’t always work. If you are going to use this option, make sure you call down to house keeping and let them know that you don’t want your room cleaned or entered.

In the meantime, lock the data up in the safe as much as possible.

John Sileo
Identity Theft Speaker for Financial Planners