To go directly to placing a security freeze on your 3 bureau accounts, page down to the bottom section.

Every time you establish new credit (e.g., open up a new credit card, store account or bank account, finance a car or home loan, etc.), an entry is created in your credit file which is maintained by companies like Experian, Equifax and TransUnion (listed below). The trouble is, with your name, address and social security number, an identity thief can pretend to be you and can establish credit (i.e., spend your net worth) in your name.

A credit freeze is simply an agreement you make with the three main credit reporting bureaus (Experian, Equifax and TransUnion – listed below) that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time. Yes, freezing your credit takes a bit of time (maybe an hour of work), can be a little inconvenient when you want to set up a new account (that said, let’s face it, businesses want to make it as easy as possible to unfreeze your credit because they benefit when you set up new accounts and spend more money) and it can cost a few dollars (generally about $10 to unfreeze, a small price compared to the recovery costs of identity theft). And it is worth it! It’s like putting locks on your doors.

Since all states don’t allow you, by law, to freeze your credit, the three credit reporting bureaus have begun to offer credit freezes on a national basis. This is a major step forward in the prevention of identity theft, even if they are offering it for profit reasons (they make money every time you freeze/unfreeze your credit). If your state does not currently offer credit freezes by law, you can now apply with each credit reporting bureau individually. Regardless of where you live, freeze your credit today.A credit freeze doesn’t affect your existing credit – it doesn’t freeze credit cards, bank accounts or loans you already have. It only freezes access to your account unless someone has a password to get in. It’s like having a PIN number on your ATM card. It also doesn’t lower (or raise) your credit score.

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. Credit Freeze Stops Financial Identity Theft
2. Does Your Financial Advisor Protect You from Identity Theft?
3. Reading Credit Reports

To minimize the amount of your personal information bought and sold on the data market, begin “opting out”.  Opting out is the process of notifying organizations that collect your personal information to stop sharing it with other organizations. “Pre-approved” credit card offers (i.e., financial junk mail) are a major source of identity theft. Those mailers give thieves an easy way to set up credit card accounts in your name without your consent. They spend money on the card and default on the balance, leaving you with the mess of proving that you didn’t make the purchases. The solution is to opt out of receiving pre-approved credit, home loan and insurance offers as well as mass marketing databases.

Pre-approved credit offers (also called pre-screened or pre-qualified credit offers) are possible because credit reporting bureaus (Experian, Equifax and Trans Union – companies that collect and sell financial data on nearly every American) make a great deal of money selling your identity (i.e., name, address, phone number, age, credit score) to credit card, loan and insurance companies.  But it is your right to stop the sale of your information.

Fortunately, there are ways for you to “opt-out” of widespread information sharing (see the list of more than 120 ways below).

The Top 4 Opt-Out Opportunities:

1. www.OptOutPreScreen.com. Remove yourself from the marketing lists sold by the three major credit reporting bureaus, Equifax, Experian and TransUnion. There is not cost for this list.
2. www.DMAchoice.org. This puts you on a Do Not Mail list for the Direct Marketing Association. The cost is $1, but it is well worth the instant trip down in your mail.
3. White Pages. That’s right, your old-fashioned printed phone directory is the source for most of the online contact info databases. Remove your directory listing (you will likely have to the phone company every month to have your info NOT shared – I know, it’s asinine) or otherwise opt out.
4. www.Spokeo.com. To opt out, read this blog post about removing your info from Spokeo. This is one of the more utilized sites by identity thieves, stalkers and scammers.

There is a slower and more tedious process of opting out of online directories (i.e., you have to visit every one. Some (Spokeo.com)  are more important than others (Whitepages.com) because of the information that they collect. Sites such as Spokeo.com can have as much information as your physical address and pictures of your home, while others may just house your phone number. These sites spend hours upon hours scouring public records such as marriage licenses, birth certificates, and real estate purchases for this type of information.

Since most online directories typically offer a way to opt out of their listings you would think they would make it easy. Not so. They tend to hide this option deep within the site, as they don’t actually want you to leave. Luckily, The Privacy Rights Clearing House has done most of the legwork in their Comprehensive Opt Out List. I suggest starting with a few main sites, 123people.com, spokeo.com, etc. and continuously adding to it over time. Opt out of one a week if you like, and eventually your data will be less exposed. Protecting your privacy and identity is a layering process. It is easy for people to get overwhelmed, especially when it comes to online directories.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. Opting Out of Financial Junk Mail
2. Protect Yourself Against Mail Fraud
3. Protect Your Taxes from Prying & Spying Eyes

The IRS admittedly has little control over protecting your tax returns against identity theft. The problem is too big, the data too widely available, prevention too rarely attended to until it’s already too late.
Your tax returns are the Holy Grail of identity theft because they contain virtually every piece of information a fraudster needs to BECOME you. But you don’t have to be a victim; you simply need to take responsibility for what is rightfully yours – your tax return information and your identity. The changes aren’t difficult, they simply require you read through this document so that you recognize the risks. Once that’s done, you simply avoid the highest-risk behaviors.

Here is a comprehensive list of frauds, scams and high risk tax-time practices.

Top Tips for Tax Time Identity Theft Protection

Your greatest risk of identity theft during tax season comes from your tax preparer (if you use one) either because they are dishonest (less likely) or because they are careless with your sensitive documents (more likely). Just walk into a tax-preparers office on April 1 and ask yourself how easy it would be to walk off with a few client folders containing mounds of profitable identity. The devil is in the disorganization. Effective Solutions:

• Choose your preparer wisely. How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Do they have an established record and are they recommended by the Better Business Bureau?
• Interview your preparer before you turn over sensitive information. Ask them exactly how they protect your privacy (do they have a privacy policy?). Are they meeting with you in a room full of client files, or do they take you to a neutral, data-free, conference room or office? Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the next section?
• Asking professional tax preparers these questions sends them a message that you are watching! Identity thieves tend to stay away from people they know are actively monitoring for fraud. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood.
• Make sure you always (not just at tax time) pay with security checks like those provided by Deluxe.

Secure Computers. Last year, more than 80 million Americans filed their tax returns electronically. To prevent electronic identity theft, you must take the necessary steps to protect your computer, network and wireless connection. Additionally, your tax preparer should be working only on a secured computer, network and internet connection. Hire a professional to implement the following security measures:

• Strong alpha-numeric passwords that keep strangers out of your system
• Anti-virus and anti-spyware software configured with automatic updates
• Encrypted hard drives or folders (especially for your tax preparer)
• Automatic operating system updates and security patches
• An encrypted wireless network protection
• A firewall between your computer and the internet
• Remove all file-sharing programs from your computer (limewire, napster, etc.)

Even though you use a strong password to protect your data file when e-filing, burn the file to a CD or flash drive once you’ve filed. Remove the personal information from the hard drive. Store the backup in a lock box or safe.

Private information should be transmitted by phone using your cell or land line (don’t use cordless phones). In addition, never email your private information to anyone unless you are totally confident that you are using encrypted email. This is a rarity, so don’t assume you have it. In a pinch, you can email password protected PDF documents, though these are relatively easy to hack.

Stop Falling for IRS Scams. We have a heightened response mechanism during tax season; we don’t want to raise any red flags with the IRS, so we tend to give our personal information without much thought. We are primed to be socially engineered. Here’s how to combat the problem:

• Make your default answer, “No”. When someone asks for your Social Security Number or other identifying information, refuse until you are completely comfortable that they are legitimate. Verify their credentials by calling them back on a published number for the IRS.
• If someone promises you (by phone, fax, mail, or in person) to drastically reduce your tax bill or speed up your tax return, don’t believe them until you have done your homework (call the IRS directly if you have to). These schemes flourish when the government issues economic stimulus checks and IRS refunds.
• If anyone asks you for information in order to send you your check, they are scamming for your identity. The IRS already knows where you live (and where to send your rebate)! By the way, the IRS will NEVER email you for any reason (e.g., promising a refund, requesting information, threatening you).
• To learn more about IRS scams, visit the only legitimate IRS website. If you are hit by an IRS scam, contact the IRS’s Taxpayer Advocate Service.
• If your tax records are not currently affected by identity theft, but you believe you may be at risk due to a lost wallet, questionable credit card activity, or credit report, you need to provide the IRS with proof of your identity. You should submit a copy of your valid government-issued identification, such as a Social Security card, driver’s license or passport, along with a copy of a police report and/or a completed IRS Form 14039, Identity Theft Affidavit, which should be faxed to the IRS at 978-684-4542. Please be sure to write clearly.
• As an option, you can also contact the IRS Identity Protection Specialized Unit, toll-free at 800-908-4490. IPSU hours of Operation: Monday – Friday, 7:00 a.m. – 7:00 p.m. your local time (Alaska & Hawaii follow Pacific Time).
• If you have information about the identity thief that impacted your personal information negatively, file an online complaint with the Internet Crime Complaint Center.  The IC3 gives victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. IC3 sends every complaint to one or more law enforcement or regulatory agencies that have jurisdiction over the matter.
• Subscribe to an identity theft detection, protection and resolution product like CSID.

Mail Safely. A good deal of identity theft takes place while tax documents or supporting material are being sent through the mail. If you are sending your tax return through the mail, follow these steps:

• Walk the envelope inside of the post office and hand it to an employee. Too much mail is stolen out of the blue USPS mailboxes and driveway mailboxes that we use for everything else to make them safe.
• Send your return by certified mail so that you know it has arrived safely. This sends a message to each mail carrier that they had better provide extra protection to the document they are carrying.
• Consider filing electronically so that you take mail out of the equation. Make sure that you have a well-protected computer (discussed above).

Shred and Store Safely. Any copies of tax documents that you no longer need can be shredded using a confetti shredder. Store all tax records, documents and related materials in a secure fire safe. I recommend spending the extra money to have your safe bolted into your home so that a thief can’t walk away with your entire identity portfolio. Make sure that your tax provider appropriately destroys and locks up any lingering pieces of your identity as well. Tax returns provide more of your private information in a single place than almost any other document in our lives. Don’t waste your tax refund recovering from this crime.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. IRS Overwhelmed by Tax Related Identity Theft
2. 5 Business Survival Lessons from Google’s Spying
3. Google Spying Cost Them $1

It’s nerve racking to realize that the IRS increasingly struggles to control taxpayer identity theft. Since 2008, the IRS has identified 470,000 incidents of identity theft affecting more than 390,000 taxpayers. “Victims of tax-related identity theft are the casualties of a system ill-equipped to deal with the growing proficiency and sophistication of today’s tax scam artists” said  Sen. Bill Nelson, who chairs the newly formed Subcommittee on Fiscal Responsibility and Economic Growth.

Identity theft harms innocent taxpayers through (1) employment and (2) refund fraud, according to the GAO. In refund fraud, an identity thief uses a taxpayer’s name and Social Security number to file for a tax refund, which the IRS discovers after the legitimate taxpayer files. In the meantime, the victim is out the money due her, causing Sharon Hawa of the Bronx, N.Y. to take on a second job. Ms. Hawa testified before the Subcommittee, describing how she had become an ID theft victim for the second time in three years (the first in 2009) after thieves twice filed tax returns in her name and received her tax refunds. Painstakingly proving her identity to the IRS, time after time over a 14-month period, was only a small part of the stress and utter frustration in the first fraud.  And  then, as if that trauma hadn’t sufficiently wreaked havoc in Ms. Hawa’s life, it happened a second time.

In employment fraud, an identity thief uses a taxpayer’s name and SSN to obtain a job. When the thief’s employer reports income to the IRS, the taxpayer appears to have unreported income on his or her return, leading to enforcement action. Think of your stress level when you open that envelope from the IRS demanding taxes for money you didn’t earn and don’t have!

The GAO states that the IRS’s ability to address identity theft issues is constrained by several factors, one being that privacy laws limit the sharing of ID theft information with other agencies. Another problem is the timing of fraud detection efforts; more than a year may have passed since the original fraud occurred.  The resources necessary to pursue the large volume of potential criminal refund and employment fraud cases are another constraint.

It’s imperative that we taxpayers take responsibility and implement the steps necessary to protect ourselves. There is very little that is more damaging and dangerous to your identity than losing your tax records. After all, tax records generally contain the most sensitive personally identifying information that you own, including Social Security Numbers (for you, your spouse and maybe even your kids), names, addresses, employers, net worth, etc. Because of this high concentration of sensitive data, tax time is like an all-you-can-eat buffet for identity thieves. Here are some of the dishes on which they greedily feed:

• Tax documents exposed on your desk (home and work)
• Private information that sits unprotected in your tax-preparer’s office
• Improperly mailed, emailed and digitally transmitted or filed records
• Photocopiers with hard drives that store a digital copy of your tax forms
• Copies of sensitive documents that get thrown out without being shredded
• Improperly stored and locked documents once your return is filed
• Tax-time scams that take advantage of our propensity to do whatever the IRS says (even if it’s not really the IRS asking)

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. Protect Your Taxes from Prying & Spying Eyes
2. Identity Theft Expert John Sileo on 60 Minutes
3. Business Killers: Identity Theft and Data Breach Protection FREE WEBINAR

To go directly to placing a security freeze on your 3 bureau accounts, page down to the bottom section.

Every time you establish new credit (e.g., open up a new credit card, store account or bank account, finance a car or home loan, etc.), an entry is created in your credit file which is maintained by companies like Experian, Equifax and TransUnion (listed below). The trouble is, with your name, address and social security number, an identity thief can pretend to be you and can establish credit (i.e., spend your net worth) in your name.

A credit freeze is simply an agreement you make with the three main credit reporting bureaus (Experian, Equifax and TransUnion – listed below) that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time. Yes, freezing your credit takes a bit of time (maybe an hour of work), can be a little inconvenient when you want to set up a new account (that said, let’s face it, businesses want to make it as easy as possible to unfreeze your credit because they benefit when you set up new accounts and spend more money) and it can cost a few dollars (generally about $10 to unfreeze, a small price compared to the recovery costs of identity theft). And it is worth it! It’s like putting locks on your doors.

A credit freeze doesn’t affect your existing credit – it doesn’t freeze credit cards, bank accounts or loans you already have. It only freezes access to your account unless someone has a password to get in. It’s like having a PIN number on your ATM card. It also doesn’t lower (or raise) your credit score.

Since all states don’t allow you, by law, to freeze your credit, the three credit reporting bureaus have begun to offer credit freezes on a national basis. This is a major step forward in the prevention of identity theft, even if they are offering it for profit reasons (they make money every time you freeze/unfreeze your credit). If your state does not currently offer credit freezes by law, you can now apply with each credit reporting bureau individually. Regardless of where you live, freeze your credit today.

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1–800–685–1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1–888–909–8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1–888–397–3742

John Sileo became America’s leading Identity Theft and Social Media Privacy Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To bring John in to protect your next conference audience, contact his office directly on 800.258.8076.

Related posts:

1. How to Freeze Credit to Stop Financial Identity Theft
2. Reading Credit Reports
3. Credit Card Scams: Celebrities Targeted

I’ve got a neighbor who’s going back to college this week and reminds me that this is by far the highest risk group for identify theft and it’s for a couple of reasons.  When these kids are going off to college, it’s the first time they are getting true financial independence, which might never have been trained to handle.  They have access to credit cards, to new bank accounts, and they’re managing it themselves.  That’s a huge red flag that there’s going to be trouble.  Number two, they’re going into an environment where their stuff is not particularly protected.  They’re in a dorm room, they’ve got roommates that may need extra cash; they know they can take advantage of them.  So it’s kind of a high risk environment.  The third reason is because they do so much online.  There’s so much social media interaction and that’s where ton of information is stolen. So you need to take some of these steps that are in this blog post.  Help your students take them.  It will help them out not just this year in college but helping them build their financial future going forward.  Your identity is pretty much everything in terms of your net worth. You got to take care of it now.

John speaks professionally about social media privacy and identity theft to college students.

Related posts:

1. College-Bound Students are Vulnerable as Identity Theft Targets
2. College Students Destroy Financial Future with Poor Choices
3. Identity Theft Speaker

Why You Should Share Facebook Privacy Settings with Friends

A true friend does more than just post updates about their conquests on your wall. They share information with you that makes your life better, even if it isn’t exactly what you want to hear. And you do the same for them. But are your friends unwittingly sharing too much information about you with others (strangers, advertisers, app developers, scammers)? Probably. For example, if they (or you) haven’t customized your privacy settings lately, you are giving Facebook permission to:

• Publish your name, photo, birth date, hometown and friend list to everyone?
• Indirectly share your restricted data with outsiders through your friends?
• Let your friends check you in to embarrassing locations where you aren’t?
• Post your Likes as advertisements on friends’ walls using your name?
• Authorize Google to index, access and share your information on the web?

Taking simple steps will make a significant difference. Start with the 7 Facebook Privacy Settings below and ask your friends to do the same. It benefits their privacy and yours. The video to the left quickly walks you through how to get to each level of privacy setting. If the video is too small for you to see the pointer, simply click on the four arrows in the bottom right-hand corner of the video viewer (to the right of the YouTube logo) to view in full-screen mode. For better resolution, use the drop down menu to switch to 720 HD.

7 Facebook Privacy Settings to Share with Your Friends

1. Hide Your Hometown, Friends & Interests from Strangers. You may want every last soul on Facebook to know who your friends are, but your friends might not appreciate being part of your popularity contest. And believe me, you don’t want outsiders knowing where you live, where you were born and what interests you. To block people other than your friends from seeing your these items, in the upper right hand corner of your home Facebook screen once you are logged in, click Account>>Privacy Settings. Then go to View Settings (under Connecting on Facebook). Set See your friend list, See your current city and hometown, See your education & work and See your likes, activities and other connections to Friends Only. You can even block everyone, including friends, from seeing these personal tidbits by clicking on the Everyone button, selecting Customize and choosing Only Me.
   
2. Restrict (or alter) Your Personally Identifying Information (PII). Facebook PII includes your Birthday, Address, Email, IM Screen Name and Phone Numbers. With just your name, birthdate and hometown, a scammer can easily recreate your Social Security number, steal your identity, or rob your home while you’re on vacation. My recommendation is to leave these fields blank in the first place (where possible) or fill them with partial or inaccurate information (make up a birthdate that is close to yours but not exact. Please note this may be in violation of Facebook’s user policy.). Either way, you should also limit others from accessing your PII. Click on Account>>Privacy Settings and then Customize Settings (towards the bottom of the sharing grid – look for the tiny pencil). Each drop down box to the right allows you to Customize your setting for that item. Using the Customize option, set Birthday (under Things I share) and Address, IM Screen Name, Email, Phone Numbers (under Contact information) to Only Me. Consider setting Religious and political views and Interested in to Only Me or Friends Only as well. The primary way a social engineer (information con artist) exploits you is by understanding what interests you. 
3. Stop Broadcasting Your Whereabouts in Places. Like the popular application Foursquare, Facebook Places allows you to check in to real-world locations and share your whereabouts with friends (so that burglars know exactly when to rob you). There are two relevant settings regarding Places. First of all, you should limit which users can see which places you can check in to. Click on Account>>Privacy Settings and then Customize Settings (see the first video for direction). Set Places you check in to (under Things I share) to Only Me (using the Customize feature) if you want to disable Places or to Friends Only if you want your friends to know your location. In a very strange default setting, Facebook allows your friends to check you in to places (e.g., a friend checks you in to a strip club while you are at the library). To turn this off, on the same screen, click on Edit Settings next to Friends can check me in to Places (under Things others share). In the drop down menu, choose Disabled and click Okay.
4. Limit How Your Photos & Videos are Shared. If you allow everyone to see photos or videos in which you are tagged (the default), anyone can post a compromising photo of you (friend or otherwise) and then share it with the world by tagging you in the photo. This can lead to some very embarrassing situations (you’d never post the pictures taken at the bachelorette party, but the scorned bridesmaid just might). There are two settings you need to change to fix this. First, click on Account>>Privacy Settings and then Customize Settings (find the pencil). Click on Edit Settings next to Photos and videos you are tagged in (under Things others share). Change the drop down menu to Customize and change the setting to Only Me if you don’t want others to see your tagged photos or to Friends Only if you want your friends to see the tagged photos. Click Save Settings. Then, in respect for your friends, make sure you aren’t accidentally allowing their friends to see photos in which you tag them. To do this, go to Account>>Privacy Settings. Towards the bottom of the page (above the pencil) is a check box that says Let friends of people tagged in my photos and posts see them. Uncheck this box. 
5. Restrict Google and Apps from Mining Your Identity. By default, Facebook allows search engines like Google and applications (apps) like Farmville access to certain personal information. After all, Facebook is in the business of inventorying your identity and then selling it to vendors and advertisers. To regulate how much is shared, click Account>>Privacy Settings and then Edit your settings (under Apps and Websites in the bottom left-hand corner). First, go to Public search and Edit Settings. Unclick the Enable public search check box to keep the search engines out of your profile. If you use your Facebook profile for business and want to be searchable, leave public search enabled. Next, go to Apps you use and click Edit Settings. Review and Edit every app that has access to your private information or delete the access entirely. Having all of your social networking profiles connected and using Facebook as a centralized login for convenience is a recipe for privacy disaster.
6. Limit What’s Accessible Through Your Friends. No matter how tightly you lock your privacy down in Facebook, if you don’t restrict what strangers, vendors, advertisers and Friends of Friends can see through your friends, you have done very little to actually protect yourself. Here’s how to limit what your friends can share (knowingly or unknowingly). First, click Account>>Privacy Settings and then Edit your settings (under Apps and Websites in the bottom left-hand corner). Next to Info accessible through your friends, click Edit Settings. You will see an entire list of data that can be accessed through your friends Facebook page, EVEN IF THE SAME INFORMATION ISN’T ACCESSIBLE THROUGH YOUR PAGE (because you customized your privacy settings in steps 1-5). This is quite possibly the most devious aspect of Facebook. I only have two or three items checked here – those pieces of information that I wouldn’t mind seeing on the front cover of USA Today. That is how public these bits of data become if you allow your friends to share them. 
7. Turn On Your Account Security Features. Facebook has several built-in security features (turned off by default) that make your social networking a safer virtual world. Click on Account>>Account Settings and then Security (left column). First, under Secure Browsing (https), check the box next to Browse Facebook on a secure connection (https) whenever possible. The gives you bank-like security when accessing your Facebook pages. Under Login Notifications: When an unrecognized computer or device tries to access my account, check the box next to Send me an email. That way, if someone gains unauthorized access to your Facebook account on a non-registered computer (your computers and phones will be registered), Facebook automatically locks the user out. If you don’t mind sharing your mobile phone number with Facebook (I don’t share my # with them), you can implement a third security feature. Under Login Approvals: When an unrecognized computer or device tries to access my account, check the box next to Require me to enter a security code sent to my phone.

If you just took these first 7 Steps to protect your Facebook privacy – congratulations – your profile and data are more secure than 99% of the Facebook population. Now it’s your turn to be a good friend – pass this on to someone you care about, and ask them to spend a few minutes protecting themselves. It’s a win-win for everyone.

John Sileo is the award-winning author of Privacy Means Profit and a keynote speaker on social media privacy, identity theft prevention and manipulation jujitsu. His clients include the Department of Defense, Blue Cross, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com or contact him directly on 800.258.8076.

Related posts:

1. 5 Steps to Avoid Facebook Destruction in Business
2. 5 Steps to Good Privacy Habits
3. Facebook Reveals the End of Privacy

Here is how the theft is most often committed in your industry:

• Competitors hire one of your employees and they leave with a thumb drive full of confidential files, including client lists, personally identifying information on talent and employees, financial performance data, etc.
• Social engineers (con artists) mine your employee’s Facebook profiles to gain a heightened level of trust which allows them to manipulate your human assets
• Cyber criminals hack your lax computer network or sniff the unprotected wireless connections you and your employees use while traveling (Starbucks, hotels, airports).
• Mobile Computing Thieves target your digital devices (Laptop, smartphone, tablet) and other weak points while on the road.
• Opportunistic Vendors (Cleaning services, painters, landlords) quietly collect data assets from your desks, filing cabinets, trash cans and dumpsters when you aren’t even in the office.

Research is screaming at us—more than 80% of businesses surveyed have already experienced at least one breach (average recovery cost according to the Ponemon Institute: $7.2 million) and have no idea of how to stop a repeat performance.

A Quick and Dirty Way to Calculate Your Risk as a Meeting Professional

Here is a quick ROI formula for your risk: Multiply the number of attendees, employees and executives for whom you store any one of the following pieces of sensitive identity – name, address, email, credit card number, SSN, TIN, phone number – and multiply that by $240 (the industry average per record of lost data). So, if you have identifying information on 1,000 individuals, your out-of-pocket expenses (breach recovery, notification, lawsuits, etc.) are estimated at $240,000 even if you don’t lose a SSN or TIN. That is not a guess, those are real numbers.

As agencies who already stretch every resource to the limit just to stay in the game, you need to do more with less. I can’t possibly give you all of the answers to protecting your bureau or management company in a simple article, but I’d like to share 7 Data Theft Hotspots that you should address first.

1. Start with the humans. One of the costliest data security mistakes I see departments make is thinking that this is a problem for large businesses only. It is a big problem for large businesses, but data theft is far more damaging to governmental organizations because of the increased regulation and legal scrutiny. Strategy: Give your people the tools to protect themselves personally from identity theft. In addition to showing them that you care (a good employee retention strategy), you are developing a privacy language that can be applied at work without spending all kinds of money on a security risk assessment. Once they understand opting out, encryption and identity monitoring from a personal standpoint, it’s a short leap to apply that to your attendee databases and intellectual property. You can do this in very simple, inexpensive ways. While this doesn’t necessarily train them on the specific tools to protect your bureau’s intellectual capital and customer data, it does increase their awareness of data theft and shows them that their self-interest is involved (i.e., their job depends on it). To get them started on protecting themselves, you are welcome to use this free Identity Theft Prevention Checklist.
2. Immunize against social engineering. The root cause of most data loss in professional services companies like yours is not technology; it’s a human being who makes a costly miscalculation out of fear, obligation, confusion, bribery or sense of urgency. Social engineering is the craft of manipulating information out of you or your staff by pushing buttons that elicit automatic responses. Data thieves push these buttons for highly profitable ends, including spear-phishing, social networking fraud, unauthorized building access, and computer hacking. Strategy: Immunize your employees against social engineering. First, when asked for information, they should immediately apply a healthy dose of professional skepticism (Hogwash J). Train them to automatically assume that the requestor is a spy of some sort. Second, teach them to take control of the situation. If they didn’t initiate the transfer of information (e.g., the credit card company called you, not vice versa), have them stop and think before they share. Finally, during this moment of hesitation, empower them to ask a series of aggressive questions aimed at exposing fraud. This is the key – getting them to be curious in the face of a request for sensitive information. These are some of the materials that I went through in an abbreviated fashion during IASB, but you can communicate them just as well as I can.
3. Stop broadcasting your digital data. There are two main sources of wireless data leakage in the meeting professionals world: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Both connections are constantly sniffed for unencrypted data being sent from your computer to the web. Strategy: Stop trying to keep your computer and network security in house and inexpensive – it is part of the costs of owning all of that processing power. Have a security professional configure the wireless router in your office to utilize WPA-2 encryption or better. If possible, implement MAC-specific addressing and mask your SSID. Don’t try to do this yourself. Instead, just hand a qualified technician this paragraph and continue to do what you do best (booking me J) while she earns your wisely spent dollars. While she’s there, have him do a security audit of your network, including firewall penetration, password strength, user-level access permissions, etc.Another major source of data theft (especially in the meetings industry) is Wi-Fi hotspot usage. Most Free hotspots do little to protect the data that you transmit over the wireless network. In fact, many home and company wireless networks are not set up to provide a secure connection to the internet and are, therefore, no safer than those you access for free in cafés, airports and hotels. Just say no to using free Wi-Fi hotspots, on your phone and your laptop. The most common form of exploitation associated with hotspots are “man-in-the-middle” attacks where a spy intercepts the transmission between your wireless network card and the cafés wireless router or modem. Using a legal, free and simple-to-use tool like Firesheep, a thief (or competitor/law enforcement, etc.) can sit next to you in a café and “sniff” your connections. Luckily, your Smartphone can provide a proactive way to help you protect your connection to the Internet when surfing wirelessly. Strategy: Tethering connects your computer to the Internet using a Smartphone (or Internet-enabled cell phone). It increases security because the mobile transmission between your cell phone and the cell tower is encrypted (scrambled) and hard to intercept. Therefore, when you use your Smartphone to surf the web, you are accessing a protected connection that probably can’t be sniffed. The connection might be slightly slower than a traditional Wi-Fi hotspot, but it is also much safer. Simply call your wireless provider and ask them if your Smartphone has tethering capabilities. You shouldn’t have to pay more than about $15 per month to put this solution into affect. Remember to do it for all company Smartphones as well.
4. Eliminate the inside spy. Chances are you don’t always perform a very serious background check before hiring a new employee. That is short sighted, as most of the worst data theft ends up being an “inside job” where a dishonest employee siphons information out the back door when no one is looking. Many employees who are dishonest now were also dishonest in the past, which is why they no longer work for their former employer. Strategy: Invest in a comprehensive background check before you hire rather than wasting multiples cleaning up after a thief steals valuable data assets. Follow up on the prospect’s references and ask for some that aren’t on the application. Investigating someone’s background will give you the knowledge necessary to let your gut-level instinct go to work and will discourage dishonest applicants from going further in the process. Finally, make sure that the prospect you are employing knows that you are going to these lengths to check them out. Most people who are trying to gain employment in order to defraud you are scared away when they know you are investigating them.
   
5. Don’t let your mobile data walk away. In the most trusted research studies, 36-50% of all major data breach originates with the loss of a laptop or mobile computing device (smart phone, etc.). Mobility, consequently, is a double-edged sword; but it’s a sword that we’re probably not going to give up easily in the high-travel world of the bureau and meetings industry. Strategy: Utilize the security professional mentioned above to implement strong passwords, whole disk encryption and remote data wiping capabilities. Set your screen saver to engage after 5 minutes of inactivity and check the box that requires you to enter your password upon re-entry. This will help keep unwanted users out of your system. Finally, lock this goldmine of data down when you aren’t using it. Either carry the computer on your person in a backpack, store it in the hotel room safe, or lock it in an office or fire safe when not using it. Physical security is the most overlooked, most effective form of protection and for people who travel as much as you do, it’s a major risk.
   
6. Spend a day in your dumpster. You have probably already purchased at least one shredder to destroy sensitive documents before they are thrown out. The problem tends to be that no one in the business uses it consistently. Strategy: Take a day to pretend that you are your fiercest competitor and sort through all of the trash going out your door for sensitive documents. Do you find old W9s, invoices, credit card receipts, bank statements, customer lists, trade secrets, employee records or otherwise compromising information? It’s not uncommon to find these sources of data theft, and parading them before your staff is a great way to drive the importance of privacy home. If your employees know that you conduct occasional “dumpster audits” to see what company intelligence they are unsafely throwing away, they will think twice about failing to shred the next document. Also, check to make sure that these same documents are locked in a filing cabinet, safe or password-protected electronic format.
   
7. Anticipate the clouds. Cloud computing (when you store your data on other people’s servers), is quickly becoming a major threat to the security of organizational data. Whether an employee is posting sensitive attendee info on their Facebook page (which Facebook has the right to distribute as they see fit) or you are storing meetings data in a poorly protected, non-compliant server farm, you will ultimately be held responsible when that data is breached. Strategy: Spend a few minutes evaluating your business’s use of cloud computing by asking these questions: Do you understand the cloud service provider’s privacy policy (e.g. that the government reserves the right to subpoena your Gmails for use in a court of law)? Do you agree to transfer ownership or control of rights in any way when you accept the provider’s terms of service (which you do every time you log into the service)? What happens if the cloud provider (Salesforce.com, Google Apps) goes out of business or is bought out? Is your data stored locally, or in another country that would be interested in stealing your secrets (China, Iran, Russia)? Are you violating any compliance laws by hosting customer data on servers that you don’t own, and ultimately, don’t control?

This is a very quick overview of some of the risks that I see as most pressing for meeting professionals. Here’s the good news… your espionage and data theft countermeasures don’t need to be sophisticated or expensive to be effective. Targeting the hotspots above is a savvy, incremental way to keep spies out of your agency. But it won’t start working until you do.

John Sileo speaks professionally on identity theft, social media exposure and online reputation and is the award-winning author of the newly released Privacy Means Profit. His clients include the Department of Defense, the FDIC, FTC, Pfizer and the Federal Reserve Bank. Learn more about bringing him in to motivate your organization to better protect information assets and develop information leaders.

Related posts:

1. 13 Data Security Tips for Meeting Professionals – SGMP
2. Meeting Planners: On Site Protection
3. Information Security Speaker: 5 Information Espionage Hotspots Threatening Businesses

1. Meeting professionals collect, store and transmit massive amounts of private data on attendees
2. Data theft risk skyrockets when travel is involved, which is a frequent occurrence for meeting planners and professionals
3. Meeting professionals are busy nearly 24 hours a day once they are onsite for the conference or meeting, meaning that they are highly distracted
4. A single data breach of attendee data can put the organization responsible for the event out of business due to excessive costs and tight compliance regulations
5. Conferences are generally collections of highly professional, highly valuable attendees who travel with laptops, sensitive intellectual property, smartphones, unsecured WiFi connections, etc.

Meeting professionals have enormous responsibilities throughout every stage of the planning process. Identity thieves target conferences because of the sheer quantity and value of data circulating around these events. Protecting sensitive attendee data before, during and after the event has become not only a nicety, but a necessity. Data stolen during the planning, execution or clean-up phases of your event can hamstring your organization with financial liabilities and a public relations nightmare. Start by taking these steps:

Meeting Security Before the Event

• Secure Your Online Reservation System. If you are going to use online registration, invest in a system that delivers not only efficiency, but security. It is your legal, financial and ethical responsibility to protect your attendees’ personal information. Don’t try to do it all yourself. Hire a reputable technology provider to ensure that your data is protected behind firewalls, encryption, passwords, updated operating systems, security software and safe wireless.
• Educate Attendees. Before they ever begin their travels, attendees should read through a quick 2-minute tip sheet on how to protect themselves while going to a conference. Simply making them aware of some of the risks that exist traveling (laptop theft, unprotected WiFi, smartphone hijacking, etc.) will cause them to pay greater attention on-site.
• Minimize Data Collection. Collect only the data that you absolutely need and destroy it as soon as you are finished. Once you have processed credit cards, purge that information from your system. The quicker that you properly dispose of sensitive data, the lower your risk and liability.
• Minimize Physical Files. Take as few physical files with you to the event (attendee lists, etc.) as these are easily misplaced when traveling and distracted. The more that you can keep behind a password protected, encrypted computer, the better.

Meeting Security Traveling to the Event

• Protect Your Laptop. Almost 50% of serious corporate data theft occurs because a laptop computer is stolen. In addition to the standard forms of protection (passwords, encryption, anti-virus, etc.), carry as little data on your laptop as possible. And never leave the laptop unattended unless it is locked in your hotel room safe. Identity thieves target business travelers because they are generally rushed, distracted and carrying valuable data.
• Think Twice about Free Wi-Fi. It is very convenient (and dangerous) to use a free wireless connection to the Internet provided by an airport, café or hotel. Unfortunately, it is nearly impossible to distinguish if you are on a safe network or one that allows thieves to pirate your information. Unless you are absolutely sure about the security in place, refrain from sending any sensitive material over a wireless connection that your IT department hasn’t configured or approved.

Meeting Security Onsite

• Educate Attendees. Make frequent announcements at the start of each segment of your programming to remind attendees that they should not leave purses, laptops or files unattended. In addition, warn them to take care of their belongings in pre-conference material and encourage them to leave as much sensitive data at home or in the office as possible.
• Room Monitors. Have room monitors that check badges as attendees are entering the room and that monitor purses and laptops that are left in the room during breaks (even if you warn people, some will still leave items). Make sure that you announce that room monitors are watching so that you let any would-be opportunists know that someone is watching. Just this one piece of information should discourage theft.
• Control Digital Access. Make sure that only authorized users can access your onsite registration system. Don’t leave laptops or registration lists unattended, as they are a goldmine of sensitive data. Make sure you are using a VPN and secure wireless connection to connect back to your office or database server. Deactivate your USB drives so that data cannot be easily copied onto a USB thumb drive when you aren’t looking.
• Provide Secure WiFi for Attendees. Setup secure WiFi (requiring a password) for your staff and attendees so that they are not broadcasting their private information over an unprotected network (which they are doing anytime they use a free hotspot without a password). Make sure that your contact onsite understands your security needs and concerns. That is part of the service they are providing.
• Control Physical Access. Use a system of photo ID badges and room monitors to make sure that only authorized attendees have access to highly sensitive areas. You don’t want your biggest competitor to gain access to the meeting where you reveal next year’s strategy.
• Shred Unneeded Documents. If you no longer need registration information on an attendee, shred it immediately. Every hotel or conference center should have shredders onsite that you are able to utilize. If they don’t, you might ask yourself how well they are protecting your data.

Meeting Security After the Event

• Destroy the Evidence. When the conference or meeting is over, shred any remaining physical documents you no longer need. Purge digital files from your systems, especially those containing credit card or Social Security numbers. The less you keep on hand, the lower your changes of theft.

Above all, don’t forget to educate your staff and attendees on the risks of data theft while attending a conference. Higher levels of awareness drastically reduce the incidents of attendee identity theft and corporate espionage.

John Sileo is the award-winning author of Privacy Means Profit and America’s leading speaker on identity theft prevention, social media exposure, online reputation management and information leadership. Learn more about his keynote speeches on a variety of topics or call directly on 1.800.258.8076.

Related posts:

1. 7 Data Theft Hotspots for Meeting Professionals
2. 15 Data Security Tips to Protect Your Small Business
3. iPad Vampires: 7 Simple Security Settings to Stop Data Suckers

A TODAY Show/NBC investigation into child identity theft revealed that criminals routinely use a child’s untouched credit record to their advantage and get away with it for years or decades. This story shows how in more and more cases Social Security numbers are being stolen even before the child has been born.

Why is it so easy? Because Social Security numbers are not assigned randomly, meaning that they can predicted with a certain amount of accuracy. A SSN is simply a code that includes the location and date of where and when a baby was born. Thieves have figured out a system to predict these numbers and used them before they have been issued. The federal government maintains that in the next month or so, these numbers will be randomized and harder to predict and therefore, steal.

Once a thief gains access to a legitimate Social Security number, they are able to take out car loans, mortgages and credit cards combining their name with the stolen number. Many banks don’t verify that the name and Social Security number match up because it costs them a few extra pennies. That is exactly how a woman was able to buy a home in my name, because the bank didn’t verify that the SSN belonged to me, not to her.

The investigation included 9 year old Riley, whose identity was stolen 11 years before she was born and used to take out home and auto loans. A 2-year old had thousands in credit card debt. Most parents have no idea that this crime is happening to their child until many years after the crime, at which point it is too late.

Here’s what you should do:

• Immediately run a credit check on all of your children.
• If you find suspicious activity (for most children, this would be any activity), investigate it further and dispute it with both the credit-giving organization and the three credit reporting bureaus (Equifax, Experian and TransUnion).
• Once you have resolved the credit errors, consider freezing your child’s credit so that no one else has access to their profile without a password.

Police often act overwhelmed and don’t want to be bothered with financial crimes, so little is done even if law enforcement knows exactly where the imposters live. TODAY showed this in dramatic fashion, hunting down two alleged child imposters and capturing their comments on camera.

Click Here to watch the video.

Related posts:

1. Identity Theft Speaker on The Bill Handel Radio Show Today!
2. Cyber Security Expert Sileo in USA Today
3. Study Shows Identity Theft of Children 51X More Likely