Are you as protective of your kids as I am of mine?

My wife and two highly-spirited daughters are more than just the center of my universe – they are the compass by which I set my course in every aspect of life. If something is not good for the family, then it isn’t good for me. And that means that I want to do everything in my power to keep them safe.

You and I are called on to protect our children from many things, starting in the womb. Even before they are born, we practice good preventative care. We take specially designed pre-natal exercise classes, coax ourselves to eat right for their benefit, learn CPR and Love and Logic and screen regularly for signs of trouble. Once they are born, we provide the best nourishment, the finest medical care, ample playtime, rest and an infinite flow of unconditional love. You get the point… we do everything in our power to prevent complications and to give them the best chance to grow up healthy, happy and in harmony with the world around them. That is our responsibility, our purpose and our joy.

But how often do you check their credit report? Their WHAT?! I can feel the surprise in your blank stare. I can hear your questions:

“Check my kid’s …credit report? But she is only seven! She doesn’t even have her front teeth yet, let alone a credit card! There are so many years to go before we need to worry about that. Right?”

Unfortunately, no. Because children have untouched and unblemished credit records, they are highly attractive targets. Child identity theft is profitable, hard to detect and a nightmare to recover. Thieves steal a child’s identity early on, nurture it until they have a solid credit score, and then abuse and discard it.

How Does it Happen?

Identity Theft Expert John Sileo – Video Tips

Related posts:

1. Child Identity Theft Expert – Part IV Protection
2. Child Identity Theft Expert – Part II
3. Child Identity Theft Expert – Part III

Facebook, and social networking sites in general, are in an awkward stage between infancy and adulthood – mature in some ways, helpless in others. On the darker side of sites like Facebook, LinkedIn and Twitter, scammers and identity thieves are drooling at the sight of this unchecked data playground. In contrast, most social networkers are addicted to all of the friendships they are creating and renewing.

There is no denying that Facebook and other social networking sites have a very luring appeal.  You can sit in the comfort of your own home and suddenly have a thriving social life.  You can look up old friends, make new ones, build business relationships and create a profile for yourself that highlights only your talents and adventures while conveniently leaving out all your flaws and troubles.  It is easy to see why Facebook has acquired over 200 million users worldwide in just over five years. Which is why Facebook safety is still so immature: Facebook’s interface and functionality has grown faster than security can keep up.

Unfortunately, most people dive head first into this world of social connectedness without thinking through the ramifications of all the personal information that is now traveling at warp speed through cyberspace.  It’s like being served a delicious new drink at a party, one that you can’t possibly resist because it is so fun and tempting and EVERYONE is having one.  The downside? Nobody is thinking about the information hangover that comes from over-indulgence: what you put on the Internet STAYS on the internet, forever. And sometimes it shows up on the front page of the Wall Street Journal, in the hands of a prospective employer or your boss’s inbox. All of the personal information that is being posted on profiles — names, birth dates, kids’ names, photographs, pet’s names (and other password reminders), addresses, opinions on your company, your friends and your enemies — all of it serves as a one-stop shop for identity thieves.  It’s all right there in one neat little package and all a scammer has to do to access it is become your “friend”.

Follow these Five Facebook Safety Tips and save yourself the trouble…

5 Facebook Safety Tips

Facebook Safety Tip #1: If they’re not your friend, don’t pretend. Don’t accept friend requests unless you absolutely know who they are and that you would associate with them in person, just like real friends.

Facebook Safety Tip #2: Post only what you want made public. Be cautious about the personal information that you post on any social media site, as there is every chance in the world that it will spread beyond your original submission.  It may be fun to think that an old flame can contact you, but now scammers and thieves are clambering to access that personal information as well.

Facebook Safety Tip #3: Manage your privacy settings. Sixty percent of social network users are unaware of their default privacy settings. Facebook actually does a good job of explaining how to lock your privacy down (even if they don’t set up your account with good privacy settings by default). To make it easy for you, follow these steps:

1. Spend 10 minutes reading the Facebook Privacy Policy. This is an education in social networking privacy issues. Once you have read through a privacy policy, you will never view your private information in the same way. At the point the privacy policy is putting you to sleep, move on to Step 2.
2. Visit the Facebook Privacy Help Page. This explains how to minimize all of the possible personal information leakage that you just read about in the privacy policy. Once you understand this on one social networking site, it becomes second nature on most of the others. 
3. Now it is time to customize your Facebook Privacy Settings so that only information you want shared, IS shared. This simple step will reduce your risk of identity theft dramatically.

Facebook Safety Tip #4: Keep Google Out. Unless you want all of your personal information indexed by Google and other search engines, restrict your profile so that it is not visible to these data-mining experts.

Facebook Safety Tip #5: Don’t unthinkingly respond to Friends in Distress. If you receive a post requesting money to help a friend out, do the smart thing and call them in person. Friend in Distress schemes are when a thief takes over someone else’s account and then makes a plea for financial help to all of your friends (who think that the post is coming from you). As with all matters of identity, verify the source.

Following these 5 Facebook Safety tips are a great way to prevent an information-sharing hangover.

The best way to protect you and your children from Online threats is to educate yourself about Facebook, Twitter, MySpace and other online social networking utilities.  We recently published the Facebook Safety Survival Guide (with Parents’ Guide to Online Safety) with that exact goal in mind. Social networking is immensely powerful and is here for the long run, but we must learn to harness and control it.

John Sileo is the award-winning author of Stolen Lives, Privacy Means Profit and the Facebook Safety Survival Guide. His professional speaking clients include the Department of Defense, the FTC, FDIC, Pfizer, Prudential and hundreds of other organizations that care about their information privacy. Contact him directly on 800.258.8076.

Related posts:

1. Social Networking Safety – Travel
2. Online Safety: The Truth About Social Media Identity Theft
3. Cyber-Bullying and Social Networking Identity Theft

Identity Theft Speaker John Sileo on Traveling Safety.

Traveling Safety has become a study of its own ever since the advent of identity theft. Your biggest concern may no longer be physical in nature (pickpockets, hotel theft, muggings); the value of the personal identity you carry as you travel is worth far more than the cash in your wallet.

We all love to plan the vacation of our dreams. I can almost taste the pasta Bolognese as I read about that out-of-the way trattoria half way down the ancient narrow vicolo (blind alley) in Tuscany. But there’s one area we often overlook that can turn that long-anticipated dinner into a nightmare – the theft of our most-valuable asset, our identity. Let’s fast forward – we’ve savored the last bite of pasta and drained our pitcher of the vino rosso locale before presenting our credit card.   Our friendly waiter looks concerned as he walks back to our table to tell us that our credit card has been declined. It doesn’t take us long to discover a thief has maxed out our credit and there is nothing left to pay for our dream. If we’re lucky, we’ll have a backup plan and pay by cash or another credit card. If we are less lucky, the thief has cashed out our bank account as well, has stolen our passport numbers to set up new accounts, or has gained access to a laptop computer full of sensitive personal and workplace data. What were we thinking (or not thinking) by neglecting traveling safety?

Traveling safely and preventing identity theft go hand in hand. Because we carry so much identity with us when we travel, because we are much less organized when on the road, and because thieves target travelers, the likelihood of identity theft while on vacation or business travel increases.

Traveling Safety 101

Traveling Safety – Before You Leave Home

1. Travel light! Simplify and minimize what to bring with you. Take as little identity with you as necessary. If possible, leave the following items at home when you travel:
   

   Checks and Checkbooks. Resist the temptation to carry checks or take only one or two for an emergency, carrying them with your cash in your money belt. Checking account takeover is one of the simplest crimes to commit and one of the most devastating types of financial fraud from which to recover. The easy alternative? Use a credit card or cash.
   Debit Cards. You can reduce your vulnerability to having your checking account emptied while on vacation by leaving all debit cards (check cards) at home. Don’t be lulled into thinking that Debit/ATM cards are safe just because they have a PIN or password. In fact, the only time a PIN is needed to use the card is when it is being used at an ATM. No PIN is required when it is used at a store as a debit or credit card. Be aware, too, that debit cards don’t have the same financial fraud protections as most credit cards. The Solution? Ask your bank for an ATM-Only debit card (it won’t work in stores, only at an ATM) and make sure your password isn’t overseen when you are at the ATM. Better yet, use a credit card or cash.  The exception to this is when you are traveling in a foreign country and your debit card is the most economical method of obtaining cash from an ATM.
   Extra Credit Cards. Every piece of identity you take with you creates more sources of potential fraud to which you are exposed. I recommend that if you are traveling with another adult, you each take one credit card (and if possible, take cards from two separate credit card companies. That way, you each carry only one card that can be lost or stolen, but you have a backup card if the other person’s card is lost, stolen or shut down because of fraud).  Make sure that your credit card company knows the dates and places you are traveling so that they don’t shut it down when charges are made out of town. Also, make sure you have a large enough credit line to cover your purchases while traveling.
   Social Security Cards. You do not need your Social Security Card while traveling (or at any time other than your first day of work with a new employer), so leave it locked up at home.
   Bills. Don’t try to take bills to pay while traveling.
   Identity Documents. Leave birth certificates, passports (unless travelling internationally), library cards, receipts, etc. at home while you travel. Anything you don’t absolutely need should be left at home locked in a fire safe. If you can travel with only a credit card, driver’s license and health insurance card (as long as it doesn’t have your SSN on it), you will be much safer.

2. Photocopy the contents of your wallet/documents.Or make a list of all the contents and all your travel documents to carry with you in a secure place as you travel. It’s also a good idea to leave a copy at home with a trusted person whom you can contact. It will save you hours of frustration if anything is lost or stolen.
3. Hold the Mail. Your mailbox is an identity bonanza. Before you leave, place a “postal hold” on your mail so that your mailbox isn’t vulnerable while you are gone. Arrange with your post office that you (or your spouse) are the only people allowed to pick up your mail. Don’t have it “mass-delivered” the day after you return, as this puts everything at risk all at once. Instead, pick it up at the post office once you return.
4. Social Networking Sites.Don’t put an “Away on Vacation” note on your social networking sites just as you wouldn’t tack one to your front door. Broadcasting this information opens the door to criminals using that information while you are away.Think twice about any information you share on social networking sites.

Traveling Safety – During Travel

1. Lock it Up. I can’t stress enough the importance of using the in-room safes that are now a part of almost every hotel room. They are simple to use and drastically increase traveling safety (decreasing theft by cleaning staff and other travelers). Lock up the following items:

   Laptop Computers. Only carry your laptop with you when absolutely necessary. The rest of the time, place your laptop (or just the hard drive if your laptop is too big) in the safe while you aren’t using it.  While using your laptop to access online banking or other password-protected services from Wi-Fi networks, be sure the Wi-Fi hotspots are secure.
   Public Access Internet Facilities. If you’re using a public computer in hotel business centers or cyber-cafes, never access any sensitive information.  Keyloggers (software that can track your keystrokes) may be tracking you.
   Cell Phones/PDAs. While you go down to the pool or off shopping and don’t need your cell phone or other electronic device, store it in the safe along with jewelry, extra cash, your iPod, thumb drive or other valuables.
   Passports. Unless you are traveling in a country where you are required to keep your passport with you at all times, lock it up in the safe the entire time you are staying at the hotel.
   Other Identity Documents. Store your plane tickets, receipts, and any other identity documents (birth certificates, extra credit cards, visa, etc.) in the safe when not in use.

2. Carry it Safely. I recommend carrying all of your identity documents (passport, credit card, driver’s license, tickets, etc.) in a travel pouch that fits around your neck or your waste (and inside of your clothing). It is a minor inconvenience, but it lowers instances of pick pocketing and unintentional misplacement. Thieves have unbelievably nimble fingers that can slip into your pocket or purse undetected so here’s an essential habit to cultivate: just before you leave your hotel room (especially in cities), verify that your money pouch is securely fastened around your waist or neck, under your clothes.

   Use a Backpack. When possible, carry laptops and other large identity-storing items in a backpack that stays zipped and on your back at all times. It is easy to set down a purse, book bag or piece of luggage while at a ticket counter or retail store. Backpacks, on the other hand, are easy to keep on our person at all times, and are harder to break into without alerting the wearer.
   Watch Your Cards. When paying with a credit card in a restaurant, try to keep your eye on the card. If the server removes it from sight, they may be able to create a “clone” by using a portable card skimmer that will copy the information from the card’s magnetic strip. Many restaurants are now able to process the card at your table or you can take it to the register and observe the transaction.

3. ATM Machines. Use your “ATM Only” card (one that requires a PIN and does not contain a Visa or MasterCard logo) at ATM machines found at banks or credit unions that are in well-lit areas. Be sure to examine the ATM machine carefully for signs of tampering. Be on the lookout for anything that looks suspicious. Save all transaction receipts in a specific envelope to make it easy to reconcile your bank statement when you arrive home.

Traveling Safety – Upon Your Return Home

1. Monitor Your Accounts. Shortly after you return from your travels, pay special attention to your account statements to make sure that nothing out of the ordinary appears. If a credit card number or bank account number was stolen during your trip, this is how you will catch it early and keep it from becoming a major nightmare. Contact your provider and alert them to the breach immediately.
2. Rotate Your Account Numbers . If you feel like your identity might have been compromised (e.g., your credit card number stolen), call your financial institution and have them issue a new card. This makes the old number obsolete, should anyone try to use it in the future.
3. Pick Up the Mail! Don’t leave it in anyone else’s hands any longer than necessary. Make sure you shred any mail that you no longer need.

Think about Traveling Safety before you leave so that you can fully enjoy your trip instead of being preoccupied with identity theft. Safe travels!

Identity Theft Speaker John Sileo is America’s top identity theft expert. His clients include the Department of Defense, FDIC, Federal Reserve Bank, Pfizer and organizations around the world.

Related posts:

1. Nigerian Scam Takes a New Form
2. Online Safety: The Truth About Social Media Identity Theft
3. Social Networking Safety – Travel

If I’ve learned one thing as an identity theft expert these past few years, it’s this: As bloggers with something to gain (monetarily) from our daily posts, we do everything we can to veil our advertisements deep within the text. Nearly every blog post has some financial gain tied to it: Google AdWords down the right side of the column, gentle product sales, magazine subscriptions, you name it.

That’s the trade-off: bloggers give you content and in return, you agree to watch our commercials. With a few exceptions (truly altruistic and non-commercial blogs, which do exist), anytime someone tells you that they gain nothing financially from their blog, tell them HOGWASH! They are simply hiding behind their content. When you get something of value, you are paying with something of value. When you read the Wall Street Journal, you agree to at least browse their advertising (however passively). When you read my blog about identity theft prevention, you learn that I speak to corporations and organizations around the world about data breach and identity theft.

So I’m not going to even try and conceal the commercial nature of this post: the very hilarious and very famous Larry Winget endorsed me as a speaker. I tell you for one reason: to get you to hire me as an identity theft expert and identity theft speaker, and to hire Business Humorist Larry Winget. Period. Let us expose your audience to messages of financial responsibility and financial privacy before they bring their poor habits into your organization.

Larry and I have done about 20 speeches together over the past couple of months for the Department of Defense (e.g., Vandenberg AFB, Camp Pendelton, Andrews AFB) so I’ve gotten to see Larry time and again. And he knocks ‘em dead every time. Which is why he is the World’s best and busiest business humorist. And why I am so proud that he took the time to record this short endorsement video about my identity theft speech and me as an identity theft speaker. Thanks, Larry. You’re a pal.

Related posts:

1. Identity Theft Speaker Endorsed by Fort Bragg
2. Identity Theft Expert: Theft Runs Rampant as Economy Tumbles
3. Eglin AFB Stumps the Identity Theft Expert

My blog was down, non-existent. When you earn your keep by communicating ideas, like I do as a professional speaker, any threat to the distribution of those ideas raises the peach fuzz on the back of your neck. After days of being unable to reach my webmaster by office phone, cell phone, SMS text, instant message or email, I dialed up the pressure on him to respond. I turned to the powerful and influential world of social media…

I tweeted him. Publicly.

@johnswebguy Where in the name of Google Earth are you? Why won’t you contact me? [poetic license applied to save face]

140 characters that delivered the impact of a rabid canine. Yes, there was obvious anger in my words, but they were transformed into a venomous rant in the hands of others. Those reading it from the outside could feel the rage I felt at having been cornered without a backup plan. Unfortunately, in my anger, I didn’t make it a direct tweet (a private communication that only the recipient could see), so anyone following these hyper-succinct mini-blogs could view my dirty laundry and fill in the blanks with any back-story they liked. And fill in they did.

In the ensuing minutes, my tweet was re-tweeted (sent out to a mass number of recipients), screen shot (digitally captured to be preserved forever in all its glory) and used as an example as why others shouldn’t do business with my webmaster. I had never even considered ending my relationship with my webmaster, so driving his customers away was the last thing on my mind.

I just wanted to know where he was!

In that instant, dumbfounded with regret, I understood the power of social media to communicate, influence and destroy. Destroy personal reputations. Destroy brand identity. Destroy profit margins, relationships and open communication. As I hit the enter button, I thought I was tossing a snowball, but quickly discovered it had the potential to become an all-out avalanche. For all of its brevity, the words we publish on Twitter or Facebook can be misinterpreted, read as gospel or spread like the plague. It can be very difficult to separate emotion from fact in 140 characters.

My webmaster contacted me from the hospital; he had just gotten out of surgery. Fortunately, I deleted the tweet before it went totally global, explained my mistake to my followers, apologized to my webmaster and got down to resuscitating my blog (when he had recovered from surgery).

Explaining what I had done to someone the following day, I used a term that has stuck in subsequent conversations — tweet breach. Here is my current working definition of tweet breach:

tweet•breach n. 1. Accidentally or intentionally exposing data through social media or other Web 2.0 applications (e.g., Twitter, Facebook, LinkedIn, Wikipedia, Second Life, blog posts, webmail, text messaging, instant messaging, etc.) that would otherwise have remained acceptably private, confidential, anonymous or otherwise properly controlled by the owner or agent responsible for the information. 2. Self-inflicted tweet breech (common) is the act of accidentally or reactively releasing one’s own private information without thinking through the consequences.

Examples: a) posting an individual’s personally identifying information (phone number, credit card account, social security number, etc.) without their consent, knowledge and understanding; b) posting someone’s physical whereabouts, personal history or confidential information without their agreement; c) improperly revealing proprietary corporate information such as intellectual capital, corporate financials, business processes, deal secrets, organizational structure or other sensitive commercial data; d) improperly using social media as a tool of leverage, extortion (if you don’t do this, I will…), or revenge (posting sordid details about your ex, dirty laundry about your former employer, etc.).

I learned so much as a product of my experience that it will provide materials for years to come. Let me share a few of the many fundamental takeaways that you should keep in mind both personally and professionally:

1. Posting is Public. This seems so obvious, but it is constantly overlooked. When you post (I use the term post to encompass tweeting, blogging, commenting, writing on a wall, publishing to a website, and certain types of texting, instant messaging, etc.), you are making the information available to everyone on the internet (unless you somehow restrict access).In-person relationships are often subtle. For example, you probably wouldn’t tell the same joke to your young child as you would your closest friend. You wouldn’t tell your boss about a successful job interview with another company in the same way that you would tell your sister. But when you post these items online, you are collapsing those layers of distinction, or access, into a one-dimensional view. Everyone has equal and identical access to your joke and your job news, whether you want them to or not. Denial and misunderstanding of this basic principle, that posting is public and will be seen by others, is what leads teenagers to populate MySpace with pictures and content that they would never want their future employers, college admissions officers or even parents, to see.
2. Posting is Permanent. When you post, you are creating a permanent piece of digital DNA that, for all practical purposes, never disappears. Your words and photos and videos are forwarded, replicated, backed up, quoted and made a permanent part of the internet firmament. In other words, if you post it, you’d better be willing to claim ownership of it for the rest of your life. It is very hard to think a week in advance, let alone 20 years. Would George W. Bush have ever been President had he tweeted his DUIs or possession of Cocaine arrest? The viral and permanent and traceable nature of the information would have doomed his chances.
3. Posts are Exploitable. Whether they are used against you in a court of law (yes, posts have been used as admissible evidence), used by identity thieves and social engineers (e.g., once a con knows your social network, they can easily use it against you to establish undeserved trust), or aggregated by companies that want to sell you something, posts can and will be used in ways that we average users are not currently considering.

Without question, social media and social networking are killer apps and are here for the long haul. They fulfill too deep a need and too profitable a role in our lives and businesses to write off as a fad. Fortunately, there are concrete solutions for preventing tweet breach and for minimizing damage when it does inevitably happen. I am already experiencing corporations (probably because of their increased risks and liability) beginning to pro-act on the ever evolving side effects of social media. For starters, they are gaining a competitive advantage by:

• Learning about Twitter, Facebook and other social media first hand. A fun place to start are the videos by Twitter Goddess Gina Schreck (@GinaSchreck).
• Educating their workforce on the benefits and drawbacks of social media, including tweet breach, productivity gains and losses, social media exhaustion, etc.
• Establishing guidelines for how to use Twitter, Facebook and Web 2.0 tools in responsible, productive ways
  that deliver the greatest ROI with the least risk
• Incorporating age-old ideas of etiquette, editorial policy and discretion into the fabric of their new media strategies

I would love to hear your ideas on tweet breach and examples that you have come across. Please feel free to comment with your own tweet breach or similar stories.

After losing his business to data breach and his reputation to identity theft, John Sileo became America’s leading identity theft and data breach speaker. He speaks on the topics of workplace identity theft, data breach and tweet breach. His recent clients include the Department of Defense, the FDIC, Blue Cross Blue Shield, and Pfizer. You can follow his tweets at @john_sileo.

Related posts:

1. Facebook Privacy Breach – Eventually, We’ll Lose our Trust
2. The 7 Deadly Sins of Privacy Leadership: How CEOs Enable Data Breach

We are.

Too often, technology is our scapegoat, providing a convenient excuse to sit apathetically in our corner offices, unwilling to put our money where our profits are. Unwilling, in this case, to even gaze over at the enormous profit-sucking sound that is mass data theft. The deeper cause of this crisis festers in the boardrooms of corporate America. Like an overflowing river, poor privacy leadership flows inexorably downhill from the CEO, until at last, it undermines the very banks that contain it.

The identity theft and data breach bottom line? Corporate boardrooms across America care about the loss of people’s personal data about as much as Ford cared about recalling the Pinto when they began exploding on rear impact. Hey, it was cheaper to fight the lawsuits from the surviving relatives than re-engineer the gas tank. And it’s cheaper to take a tax write-off on fraud-loss line items than to dig this weed up by the roots. We fail to see the connection between privacy breaches and larger profit hits — liability lawsuits, brand damage, customer flight, stock depreciation, loss of trust in the company, bad press, etc. Just ask TJX, who has spent well over $500 million recovering from their data breach – a breach that could have been prevented with only tens of thousands of dollars.

In clearer terms, poor leadership (not technology) is the primary factor leading to data breach. And we stand by, you and me both, mostly silent and submissive, as corporation after corporation loses our private data. We suffer the consequences. It is our credit that is destroyed; our time wasted dealing with law enforcement, credit bureaus, collection agencies, bankruptcy courts, criminal charges and the deep and personal violation of being the victim of a crime that no one really cares about. It makes a great news story, but only because we can deny that it will ever reach us.

Millions of years ago we evolved from the primordial slime with a backbone built for standing up to our challenges. Why, all of a sudden, has our backbone disappeared? We’ve built the Great Wall of China, landed on the moon, eradicated polio and elected the first African American, Barack Obama, to be President of the United States. But we can’t protect the customer data, employee records and intellectual capital that gives our corporations their value? That underlies our capitalist economy? Information is our most valuable asset, but god forbid we invest in a privacy strategy to protect that asset.

The 7 Deadly Sins of Prviacy Leadership: How CEOs (and other Executives) Enable Data Breach

As an identity theft speaker who travels the country speaking on this topic, I’ve noticed that a majority of corporations experiencing data breach and workplace identity theft share similar weaknesses in their overall privacy fabric. You have an opportunity to learn from their mistakes before they become yours. Begin by asking yourself whether you (as a leader) or your organization suffers from any of the 7 Deadly Sins:

1. Apathy – a disturbing lack of care for and attention to a crime you incorrectly believe will never seriously impact your bottom line. If you have never had a corporate-wide privacy education initiative, you are a prime candidate for this weakness.
2. Ignorance – many leaders refuse to admit that they don’t know what they don’t know. For example, do you know the value, location and confidentiality of your sensitive data?  Do you know how it is protected, how long it is maintained and why you keep it in the first place?
3. Arrogance – some executives see themselves as champions of data privacy because they have a strong IT department, but fail to see that privacy doesn’t exist in a silo. Does your organization tend to believe that data privacy is the realm of the I.T. Department? If so, you are overlooking other critical functions (human resources, sales, intellectual property, legal compliance) that are touched by privacy concerns on a daily basis.
4. Greed – many CEOs are the first to violate the very privacy policies that they champion. Have you ever surfed unprotected at the airport? Do you shred every piece of sensitive data that goes in your trash? What passwords are stored in your BlackBerry?
5. Hypocrisy – many CEOs are the first to violate the very privacy policies that they champion. Have you ever surfed unprotected at the airport? Do you shred every piece of sensitive data that goes in your trash? What passwords are stored in your BlackBerry?
6. Paralysis - some companies and executives have difficulty breaking old habits and, by default, choose to perpetuate high-risk data practices. Do you collect certain private information simply because you always have? Have you ever re-evaluated your hiring policies to take corporate espionage, workplace identity theft and insider fraud into account?
7. Procrastination – Even executives who care about, educate themselves on, admit to, have the budget to invest in and personally practice data safety… never get around to doing something about it at the corporate level. When you are finished with this article, how will your behavior change? Will you get to it later?

This is not an easy topic, but running an organization isn’t an easy task. Leaders that guide their corporations to develop a privacy strategy that avoids these security sins will achieve a long-term competitive advantage in the marketplace. And in the marketplace of ideas, in the oft-proclaimed information economy, what better asset to protect than our private information?

John Sileo is a victim of The 7 Deadly Sins of Data Privacy. After losing his business to data breach and his reputation to identity theft, John became America’s leading identity theft speaker. He uses his gripping story, first-hand experiences and humorous interaction to inspire audiences around the world to protect corporate data as if it were their own. His clients include the Department of Defense, FDIC, AARP and Pfizer. Learn more at www.ThinkLikeASpy.com.

Related posts:

1. Facebook Safety: 7 Deadly Data Mistakes
2. Data Breach Increases 33% in 2010 and You’re Next
3. Citigroup Data Breach – How it Affects Your Wallet

• Historically, the armed forces have used pieces of identity (including Social Security Numbers) to openly identify personal items, including: dog tags, military IDs, commission papers, pay checks and duffel bags. While this practice is being fazed out, it still increases the risk of identity theft among military personnel.
• If a member of the military has their identity stolen while deployed (especially overseas), it is exceptionally difficult to recover from the crime in a timely and effective manner. Can you imagine trying to repair your credit rating from the streets of Iraq or prove your innocence to a collection agency while crouched in the bunkers of Afghanistan? To add insult to injury, returning from a tour to find that your credit has been destroyed and that you are wanted for crimes you didn’t commit can be overwhelming.
• Our airmen, soldiers, sailors and marines can be called to duty in an instant. If financially unprepared, this leaves their families vulnerable to attack. It is imperative that we proactively protect not only ourselves, but our loved ones as well.
• Protecting the privacy of our military is a national security concern. In the age of cyber-attacks and digital warfare, we cannot leave our fighting and peace-keeping personnel open to attack.

Because of these additional risks, it is imperative for our military personnel to implement the steps below. For those who have heard enough and are ready to act, I have summarized the steps in a simple list. Beneath the list, I give more complete explanations of each recommendation (not necessarily in the same order as in the list).

Summary

1. Opt out of financial junk mail by registering at www.OptOutPreScreen.com.
2. Shred any paper documents that would go in the trash with a durable and safe confetti shredder.
3. Track your credit report 3 times per year for FREE at www.AnnualCreditReport.com.
4. Monitor your identity with the right online identity surveillance service (discount code below).
5. Lock your identity documents in a bolted-down, fire-resistant document safe.
6. Freeze your credit with Experian, Equifax, and TransUnion.
7. Protect your computer with security software, a firewall, encryption and strong passwords.
8. Visit Army Knowledge Online (AKO) for military-specific identity theft prevention tools.
9. For further tools, purchase a copy of Stolen Lives:Identity Theft Prevention Made Simple.

Detailed Explanations

1. Opt Out of Financial Junk Mail

Problem: Your private data is bought and sold by junk-mailers without your knowledge.
Solution: Opt out by calling 1-888-567-8688 or visiting www.OptOutPreScreen.com.

There are complete industries built around collecting, massaging and selling your data – your name, phone number, address, spending patterns, net worth, the age of your children, the magazines you buy, etc. Companies buy bits of your privacy so that they can knowledgeably market products to you that you are likely to purchase.

To minimize the amount of your personal information bought and sold on the data market, begin “opting out”. Opting out is the process of notifying organizations that collect your personal information to stop sharing it with other organizations. “Pre-Approved” credit card offers (i.e., financial junk mail) are a major source of identity theft. Those mailers give thieves an easy way to set up credit card accounts in your name without your consent. They spend money on the card and default on the balance, leaving you with the mess of proving that you didn’t make the purchases. The solution is to opt out of receiving pre-approved credit, home loan and insurance offers.

Pre-approved credit offers (also called pre-screened or pre-qualified credit offers) are possible because credit reporting bureaus (Experian, Equifax and Trans Union – companies that collect and sell financial data on nearly every American) make a great deal of money selling your identity (i.e., name, address, phone number, age, credit score) to credit card, loan and insurance companies. But it is your right to stop the sale of your information. To opt out of pre-approved credit offers with the three main credit reporting bureaus, call 1-888-567-8688 or visit www.OptOutPreScreen.com. There is no cost to you for opting out.

Once you’ve completed this step, begin opting out of ALL information sharing on every account you have (bank, brokerage, mortgage, utilities, phone, etc.) as well as with the Direct Marketing Association.

2. Shred Your Paper Trash

Problem: We throw away private information every day. This is where dumpster divers begin.
Solution: Buy a heavy-duty or a lighter-duty confetti shredder and shred everything that contains private information.

Assume that any document you throw out will end up in the hands of an identity thief. Get in the habit of either chopping or locking documents and disks that contain identity (name, phone number, address, social security number, account numbers, passwords, PIN numbers, phone numbers, client information, childrens’ information, etc.).
When buying a paper shredder, I recommend the following features:

• Cross-cut confetti shredding
• 10+ pages of simultaneous feeding capacity
• Allows shredding of stapled documents, credit cards and CDs

The shredders I like best are made by Fellowes. I use a lighter-duty confetti shredder in my home and a heavier-duty shredder at work. I like Fellowes because of their SafeSense technology, which turns the shredder off if your fingers (or your kids’ fingers) get too close to the shredding device. This adds a great deal of peace-of-mind to an already effective product. They also have anti-jamming technology that makes them less frustrating than other brands and they don’t seem to break down as frequently.
Convenience is key! Make sure you place a confetti shredder next to ALL of the places that you handle identity (where you open your mail, your home office, your desk at work) and shred everything possible. Don’t skimp here – if you don’t make it convenient for yourself and your employees, it won’t get done. If a document has identity of any sort on it, shred it, even if it isn’t your information. Don’t forget to destroy digital files as well, like those that live on a hard disk when you donate your computer. If you can’t shred it, lock it up in a fire-safe (see below).

3. Freeze Your Credit File

Problem: If a thief gains access to your credit file, they can spend everything you’re worth.
Solution: Freeze your credit with Experian, Equifax, and TransUnion.

Every time you establish new credit (e.g., open up a new credit card, store account or bank account, finance a car or home loan, etc.), an entry is created in your credit file which is maintained by companies like Experian, Equifax and TransUnion. The trouble is, with your name, address and social security number, an identity thief can pretend to be you and can establish credit (i.e., spend your net worth) in your name.

A credit freeze is simply an agreement you make with the three main credit reporting bureaus (Experian, Equifax and TransUnion) that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time. Yes, freezing your credit takes a bit of time (maybe an hour of work), can be a little inconvenient when you want to set up a new account) and it can cost a few dollars (generally about $10 to unfreeze, a small price compared to the recovery costs of identity theft). And it is worth it! It’s like putting locks on your doors.
Don’t let anyone talk you out of freezing your credit. It is the number one thing you can do to prevent credit fraud. To learn more about freezing your credit, visit the three credit bureau credit-freeze sites here: Experian, Equifax, and TransUnion.

4. Use Surveillance to Monitor Your Online Identity

Problem: Your private information is floating around on the internet and exposing you to risk.
Solution: Monitor your online identity conveniently with sophisticated identity surveillance.

When my audiences learn that only about 25% of identity theft can be caught by monitoring their credit report, they often ask me to evaluate the more sophisticated identity theft monitoring and protection services in the market place. Not all identity monitoring services are created equal. I recommend an identity surveillance service that monitors the following aspects of your identity:

• 24/7 monitoring of your credit file (most services provide only this – nothing more)
• Non-credit loans (pay-day loans, etc)
• Government records
• Public records disclosure (court cases, real estate transactions, etc.)
• Nation-wide criminal databases
• Cyber-trafficking of your private information over the internet
• The better services will also offer recovery services and identity theft insurance

The service I recommend is called CSIdentity.com because of the quality and volume of monitoring they provide, the convenience of their service, and the safety of their data centers. Here’s how it works. Rather than waste hours monitoring all of the potential sources of identity theft myself, the product does it for me, automatically. Every month, a report shows up in my email inbox letting me know if there are any areas that I should be concerned about. That way, I only have to think about it when necessary. Again, convenience is crucial – if we make it easy to be safe, we will be safe! You should expect to spend approximately $120 per year for a good service (far less than you probably spend to insure your car and home, which are worth far less than your identity). If you decide to try it out, use their promotion code CSIDfriend as you are paying (cap-sensitive – this gives you a 20% discount) and purchase it for an entire year (which gives an additional discount). By the way, I do not make money if you sign up using this discount code – it is for your benefit only.

5. Lock Up Identity Documents

Problem: Identity documents that are left unlocked in our homes and offices open up profitable opportunities for identity thieves.
Solution: Purchase a fire-resistant document safe to securely store all of your identity documents.

A majority of our most valuable identity documents (passports, birth and death certificates, wills, trusts, deeds, brokerage information, passwords, health records, customer data, employee records, etc.) are exposed to identity theft (and natural disasters, such as fire and floods) as they sit in unlocked filing cabinets, bankers boxes, office drawers or out in the open, on our desks. To complicate matters, the problem of data theft goes beyond paper documents to digital media. More than ever we need to be concerned with the physical protection of hard drives, cell phones, thumb drives, CDs and DVDs with sensitive personal or business data on them.

To store them securely, purchase a fire-resistant safe. Think of it this way. Your identity is probably worth something close to $300,000 (even if your credit is poor), not to mention the value of any business data for which you are responsible (customer records, employee information, intellectual capital). Spending a few hundred dollars to lock up the keys to your identity is simple.
Look for a fire safe that meets these requirements:

• Able to withstand 1500° F for 30 minutes
• Lockable by key or combination
• Able to be secured to the foundation of your home (to prevent safe theft)
• Preferably waterproof (where there’s fire, there’s water)

I recommend SentrySafe fire-resistant stackable filing cabinets because they are nearly indestructible, inexpensive and protect your data from both fires and theft. They also allow you to expand your storage capacity as you protect more and more of your identity.
One important note: increasingly, thieves are breaking into homes and businesses in order to steal identity documents. By placing them all in a central location (such as a fire safe), you are making it easier for them to steal everything at once. I suggest that you have your fire safe bolted into the foundation of your home or business. This small expense could save you hundreds of thousands of dollars. It’s no more expensive than putting dead-bolt locks on your doors.

6. Protect Your PC

Problem: The information stored on your computer can be compromised if left unprotected.
Solution: Follow the 7 Steps to a System Lock-down listed below.

In order to protect all of the identity documents stored on our home and work computers, it is important to close all of the potential data leaks. The following suggestions will get you started, but please hire a computer security professionally to help you protect this very valuable asset in the fight against identity theft.

1. Create strong, alphanumeric passwords. Read Chapter 7 of your copy of Stolen Lives for further details.
2. Employ a highly-rated security software suite on every computer you own. It should include: anti-virus and anti-spyware scanners; password protection, phishing and pharming filters and a firewall. I personally use Norton Internet Security 2009 by Symantec. Other reviewers seem to prefer Trend Micro Internet Security.
3. Configure your Windows systems for automatic security updates.
4. Utilize encryption software (for professional-level protection). Encryption is more complicated than I can explain in a bullet-point, so please check back for a more detailed article on encryption.
5. Physically lock-down your computers (especially if you use a laptop or hand-held). Desktop computers and workstations should be locked in your office, both at work and at home. More private data disappears because of stolen laptops than any other source.
6. Secure your wireless network. Make sure that the connection is not open to anyone with a wireless device and that you use WPA encryption, NOT WEP.
7. Secure your Mobile Data Devices (iPhones, BlackBerrys, Treos, Palms, Thumb Drives, Laptop Computers) using all of the tools above. Just because they are small doesn’t mean that the data on them isn’t worth a mint.

Naturally, these steps will get you started down the road to protecting your privacy. But there are many more suggestions than the ones above to continue protecting your identity. Please visit the other blog posts at www.Sileo.com as well as www.ThinkLikeASpy.com. Also, please feel free to post your suggestions and thoughts at the end of this post.

John Sileo
Professional Identity Theft Speaker and Military Supporter

Related posts:

1. Thank You Ft. Lewis and McChord Military Bases
2. Child Identity Theft Expert: A Growing Concern – Part I of 4
3. Traveling Safety: Identity Theft Takes a Trip

One source at a time, we must reverse our bad habits and guard information rather than give it out. Understandably, we cannot entirely give up sharing our information. But we must determine what to share and with whom. We must begin to accumulate our privacy over time. This incremental approach keeps prevention from being an overwhelming task and reminds you to consider the risk anytime identity is involved.

Here are Eight Steps to Start the Process:

Summary

1. Opt out of financial junk mail by registering at www.OptOutPreScreen.com.
2. Shred any paper documents that would go in the trash with a durable and safe confetti shredder.
3. Track your credit report 3 times per year for FREE at www.AnnualCreditReport.com.
4. Monitor your identity with the right online identity surveillance service (discount code below).
5. Lock your identity documents in a bolted-down, fire-resistant document safe.
6. Freeze your credit with Experian, Equifax, and TransUnion.
7. Protect your computer with security software, a firewall, encryption and strong passwords.
8. For further details, consult your copy of Stolen Lives:Identity Theft Prevention Made Simple.

1. Opt Out of Financial Junk Mail

Problem: Your private data is bought and sold by junk-mailers without your knowledge.
Solution: Opt out by calling 1-888-567-8688 or visiting www.OptOutPreScreen.com.

There are complete industries built around collecting, massaging and selling your data – your name, phone number, address, spending patterns, net worth, the age of your children, the magazines you buy, etc. Companies buy bits of your privacy so that they can knowledgeably market products to you that you are likely to purchase.

To minimize the amount of your personal information bought and sold on the data market, begin “opting out”.  Opting out is the process of notifying organizations that collect your personal information to stop sharing it with other organizations. “Pre-Approved” credit card offers (i.e., financial junk mail) are a major source of identity theft. Those mailers give thieves an easy way to set up credit card accounts in your name without your consent. They spend money on the card and default on the balance, leaving you with the mess of proving that you didn’t make the purchases. The solution is to opt out of receiving pre-approved credit, home loan and insurance offers.

Pre-approved credit offers (also called pre-screened or pre-qualified credit offers) are possible because credit reporting bureaus (Experian, Equifax and Trans Union – companies that collect and sell financial data on nearly every American) make a great deal of money selling your identity (i.e., name, address, phone number, age, credit score) to credit card, loan and insurance companies.  But it is your right to stop the sale of your information. To opt out of pre-approved credit offers with the three main credit reporting bureaus, call 1-888-567-8688 or visit www.OptOutPreScreen.com. There is no cost to you for opting out.

Once you’ve completed this step, begin opting out of ALL information sharing on every account you have (bank, brokerage, mortgage, utilities, phone, etc.) as well as with the Direct Marketing Association.

2. Shred Your Paper Trash

Problem: We throw away private information every day. This is where dumpster divers begin.
Solution: Buy a heavy-duty or a lighter-duty confetti shredder and shred everything that contains private information.

Assume that any document you throw out will end up in the hands of an identity thief. Get in the habit of either chopping or locking documents and disks that contain identity (name, phone number, address, social security number, account numbers, passwords, PIN numbers, phone numbers, client information, childrens’ information, etc.).
When buying a paper shredder, I recommend the following features:

• Cross-cut confetti shredding
• 10+ pages of simultaneous feeding capacity
• Allows shredding of stapled documents, credit cards and CDs

The shredders I like best are made by Fellowes. I use a lighter-duty confetti shredder in my home and a heavier-duty shredder at work. I like Fellowes because of their SafeSense technology, which turns the shredder off if your fingers (or your kids’ fingers) get too close to the shredding device. This adds a great deal of peace-of-mind to an already effective product. They also have anti-jamming technology that makes them less frustrating than other brands and they don’t seem to break down as frequently.
Convenience is key! Make sure you place a confetti shredder next to ALL of the places that you handle identity (where you open your mail, your home office, your desk at work) and shred everything possible. Don’t skimp here – if you don’t make it convenient for yourself and your employees, it won’t get done. If a document has identity of any sort on it, shred it, even if it isn’t your information. Don’t forget to destroy digital files as well, like those that live on a hard disk when you donate your computer. If you can’t shred it, lock it up in a fire-safe (see below).

3. Freeze Your Credit File

Problem: If a thief gains access to your credit file, they can spend everything you’re worth.
Solution: Freeze your credit with Experian, Equifax, and TransUnion.

Every time you establish new credit (e.g., open up a new credit card, store account or bank account, finance a car or home loan, etc.), an entry is created in your credit file which is maintained by companies like Experian, Equifax and TransUnion. The trouble is, with your name, address and social security number, an identity thief can pretend to be you and can establish credit (i.e., spend your net worth) in your name.

A credit freeze is simply an agreement you make with the three main credit reporting bureaus (Experian, Equifax and TransUnion) that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time. Yes, freezing your credit takes a bit of time (maybe an hour of work), can be a little inconvenient when you want to set up a new account) and it can cost a few dollars (generally about $10 to unfreeze, a small price compared to the recovery costs of identity theft). And it is worth it! It’s like putting locks on your doors.
Don’t let anyone talk you out of freezing your credit. It is the number one thing you can do to prevent credit fraud. To learn more about freezing your credit, visit the three credit bureau credit-freeze sites here: Experian, Equifax, and TransUnion.

4. Use Surveillance to Monitor Your Online Identity

Problem: Your private information is floating around on the internet and exposing you to risk.
Solution: Monitor your online identity conveniently with sophisticated identity surveillance.

When my audiences learn that only about 25% of identity theft can be caught by monitoring their credit report, they often ask me to evaluate the more sophisticated identity theft monitoring and protection services in the market place. Not all identity monitoring services are created equal. I recommend an identity surveillance service that monitors the following aspects of your identity:

• 24/7 monitoring of your credit file (most services provide only this – nothing more)
• Non-credit loans (pay-day loans, etc)
• Government records
• Public records disclosure (court cases, real estate transactions, etc.)
• Nation-wide criminal databases
• Cyber-trafficking of your private information over the internet
• The better services will also offer recovery services and identity theft insurance

The service I recommend is called CSIdentity.com because of the quality and volume of monitoring they provide, the convenience of their service, and the safety of their data centers. Here’s how it works. Rather than waste hours monitoring all of the potential sources of identity theft myself, the product does it for me, automatically. Every month, a report shows up in my email inbox letting me know if there are any areas that I should be concerned about. That way, I only have to think about it when necessary. Again, convenience is crucial – if we make it easy to be safe, we will be safe! You should expect to spend approximately $120 per year for a good service (far less than you probably spend to insure your car and home, which are worth far less than your identity). If you decide to try it out, use their promotion code CSIDfriend as you are paying (cap-sensitive – this gives you a 20% discount) and purchase it for an entire year (which gives an additional discount). By the way, I do not make money if you sign up using this discount code – it is for your benefit only.

5. Lock Up Identity Documents

Problem: Identity documents that are left unlocked in our homes and offices open up profitable opportunities for identity thieves.
Solution: Purchase a fire-resistant document safe to securely store all of your identity documents.

A majority of our most valuable identity documents (passports, birth and death certificates, wills, trusts, deeds, brokerage information, passwords, health records, customer data, employee records, etc.) are exposed to identity theft (and natural disasters, such as fire and floods) as they sit in unlocked filing cabinets, bankers boxes, office drawers or out in the open, on our desks. To complicate matters, the problem of data theft goes beyond paper documents to digital media. More than ever we need to be concerned with the physical protection of hard drives, cell phones, thumb drives, CDs and DVDs with sensitive personal or business data on them.

To store them securely, purchase a fire-resistant safe. Think of it this way. Your identity is probably worth something close to $300,000 (even if your credit is poor), not to mention the value of any business data for which you are responsible (customer records, employee information, intellectual capital). Spending a few hundred dollars to lock up the keys to your identity is simple.
Look for a fire safe that meets these requirements:

• Able to withstand 1500° F for 30 minutes
• Lockable by key or combination
• Able to be secured to the foundation of your home (to prevent safe theft)
• Preferably waterproof (where there’s fire, there’s water)

I recommend SentrySafe fire-resistant stackable filing cabinets because they are nearly indestructible, inexpensive and protect your data from both fires and theft. They also allow you to expand your storage capacity as you protect more and more of your identity.
One important note: increasingly, thieves are breaking into homes and businesses in order to steal identity documents. By placing them all in a central location (such as a fire safe), you are making it easier for them to steal everything at once. I suggest that you have your fire safe bolted into the foundation of your home or business. This small expense could save you hundreds of thousands of dollars. It’s no more expensive than putting dead-bolt locks on your doors.

6. Protect Your PC

Problem: The information stored on your computer can be compromised if left unprotected.
Solution: Follow the 7 Steps to a System Lock-down listed below.

In order to protect all of the identity documents stored on our home and work computers, it is important to close all of the potential data leaks. The following suggestions will get you started, but please hire a computer security professionally to help you protect this very valuable asset in the fight against identity theft.

1. Create strong, alphanumeric passwords. Read Chapter 7 of your copy of Stolen Lives for further details.
2. Employ a highly-rated security software suite on every computer you own. It should include: anti-virus and anti-spyware scanners; password protection, phishing and pharming filters and a firewall. I personally use Norton Internet Security 2009 by Symantec. Other reviewers seem to prefer Trend Micro Internet Security.
3. Configure your Windows systems for automatic security updates.
4. Utilize encryption software (for professional-level protection). Encryption is more complicated than I can explain in a bullet-point, so please check back for a more detailed article on encryption.
5. Physically lock-down your computers (especially if you use a laptop or hand-held). Desktop computers and workstations should be locked in your office, both at work and at home. More private data disappears because of stolen laptops than any other source.
6. Secure your wireless network. Make sure that the connection is not open to anyone with a wireless device and that you use WPA encryption, NOT WEP.
7. Secure your Mobile Data Devices (iPhones, BlackBerrys, Treos, Palms, Thumb Drives, Laptop Computers) using all of the tools above. Just because they are small doesn’t mean that the data on them isn’t worth a mint.

Naturally, these steps will get you started down the road to protecting your privacy. But there are many more suggestions than the ones above to continue protecting your identity. Please visit the other blog posts at www.Sileo.com as well as www.ThinkLikeASpy.com.

John Sileo
Professional Identity Theft Speaker

Related posts:

1. Child Identity Theft Expert: A Growing Concern – Part I of 4
2. Traveling Safety: Identity Theft Takes a Trip
3. Military Identity Theft Protection & Prevention Kit