The Grinch Effect: Identity Theft at Holiday Parties
Huzzah! The holiday party season has officially begun! It is my favorite time of year because I try to take a few weeks off of the professional speaking circuit to slow down to a normal pace. Over the coming weeks, all of the Whos in Whoville gather to celebrate the communities to which we all belong. Whether it is a neighborhood party, a work celebration or an association shindig (okay, I’m starting to use words that my parents use), it is a great time to honor our friendships, colleagues and causes.
Unfortunately, the abundance of the season attracts malcontents who try to take advantage of our happiness and busy-ness. I call this the Grinch Effect: stealing from others while they are lost in a brief moment of joy. Like the Grinch pilfering the last stocking from the fireplace, identity thieves use our distraction to pluck pieces of private data from our festive homes. Enough already! If you are hosting a holiday party (either at your home or in your office), here are some tips on protecting your identity to foster holiday serenity:
Identity Theft’s Latest Victim? Your Business.
Latest Identity Theft Trend is Stealing Your Business’s Identity to Falsify Accounts
In the past two weeks, I have been contacted separately by two local business owners to share how their business identity has been stolen and used to set up accounts with various companies on which thousands of dollars are charged and they (the actual owners) are left to pay the bills. There are no identity theft statistics on this type of crime, but I am certain that it is just coming onto the trend radar. In further proof that this is becoming a major problem for corporations, the Denver Post ran an article this morning titled “Corporate ID Thieves Mining the Store“.
Here’s how this incredibly easy form of business identity theft works:
- A thief scours the internet for your company information (Facebook is usually a good place to start, as is your local Secretary of State’s website). They are particularly interested in bids for government contracts, as they often contain a sample of your letterhead as well as your pertinent business information. If they can obtain the Federal ID# of your businesses, they have even more ammo to defraud you.
Identity Theft for Businesses: Mobile Data Breach
Mobile Data Theft
Technology is the focal point of data breach and workplace identity theft because corporations create, transmit, and store so many pieces of information digitally that it becomes a highly attractive target. This book is not intended to address the complex maze that larger organizations face in protecting their technological and digital assets. Rather, the purpose of this book is to begin to familiarize business employees, executives, and vendors with the various security issues facing them.
The task, then, is to develop a capable team (internal and external) to address these issues. In my experience, the following technology-related issues pose the greatest data-loss threats inside organizations:
- Laptop Theft: According to the Ponemon Institute, 36 percent of reported breaches are due to a lost or stolen laptop.
- Mobile Data Theft: Thumb drives, CDs, DVDs, tape backups, smart phones
- Malware: Software that infects corporate systems, allowing criminals inside these networks
- Hacking: Breaking into your computer system from the outside, using networks, wireless connections, remote access, and your Internet pipeline
- Wireless Theft: Wireless connections to the Internet in airports, hotels, cafes, and conferences
- Insider Theft: When someone in the IT department (or elsewhere) decides to make extra money by selling your data
Child Identity Theft Expert – Part II
Were you surprised the other day when I said that your children are highly attractive targets of identity thieves because they have untouched and unblemished credit records? Let me tell you just how easy it happens.
How Does It Happen?
All an identity thief needs to ruin your child’s bright financial future is her name and Social Security Number.
“Shouldn’t my child’s age show up on any credit background check, shouldn’t the merchant recognize that the person in front of them buying a car on credit isn’t seven years old?” you ask.
Yes, it should, but the people screening the credit report rarely give it the time and care necessary to detect fraud.
All too often, background checks involve simply matching the name and the Social Security Number provided. This leaves doors wide open for scandalous minds to wreak havoc on your child’s perfect credit. The most unsettling part is that the age of the applicant (in this case, the person posing as your child) becomes official with the credit bureaus upon the first credit application. This makes clearing a sabotaged credit record even more difficult because you have to prove to the credit bureau that your child is only seven and isn’t responsible for thousands of dollars of debt.
Workplace Identity Theft: Shredding
The following is an excerpt from John’s latest book Privacy Means Profit. To learn more and to purchase the book, visit our website www.ThinkLikeASpy.com.
For businesses, shredding is low-hanging fruit (one of the easiest sources of data breach to eliminate). But businesses are so often focused on electronic forms of data breach that they fail to heed the following statistics highlighted in a recent Ponemon Institute study conducted for the Alliance for Secure Business Information:
- More than 50 percent of sensitive business data is still stored on paper documents.
- Forty-nine percent of data breaches reported in the survey were the result of paper documents.
- Sixty percent of businesses admitted that they didn’t provide the proper tools (e.g., shredders) to safely discard documents that were no longer needed.
- The average data breach recovery cost according to this survey was $6.3 million.
If you own a business, make sure to destroy sensitive documents prior to discarding them, to decrease your legal liability. Businesses are required to destroy all consumer information before discarding it in the trash. The Fair & Accurate Credit Transaction Act (FACTA) Disposal Rule states that ‘‘any person who maintains or otherwise possesses consumer information for a business purpose’’ must properly destroy the information prior to disposal. FACTA further states that every person and/or business must take ‘‘reasonable measures’’ to protect against unauthorized access to the use of the information in connection with its disposal… Click Here to Continue.
Document Shredding
Fellowes Powershred
Workplace identity theft isn’t caused by paper documents because we have gone paperless, right? Rubbish. Paper rubbish, in fact.
You and I both know that we use as much paper as ever. We sign up for electronic statements and then print and file them, along with important emails, financial documents, etc. Paper documents are more plentiful than ever, and they pose a significant risk of workplace identity theft and data breach.
According to a recent study* conducted by the Alliance for Secure Business Information (ASBI):
80% of large organizations surveyed indicated that they had experienced one or more data breaches over the previous 12 months. 49% of those breaches involved the loss or theft of paper documents. The average breach recovery cost $6.75 Million!
Tax Time Identity Theft Prevention Tips
Identity theft speaker John Sileo shares his tax-time identity theft prevention tips.
This past week, I have been helping a gentleman recover from the theft of all of his tax records. Before it is all over, this gentleman will have spend hundreds of hours and thousands of dollars simply preventing any further fraudulent use of his identity. That doesn’t account for any damages already done to his finances, criminal record, medical records or social security benefits. There is very little that is more damaging and dangerous to your identity than losing your tax records. After all, tax records generally contain the most sensitive personally identifying information that you own, including Social Security Numbers (for you, your spouse and maybe even your kids), names, addresses, employers, net worth, etc. Because of this high concentration of sensitive data, tax time is like an all-you-can-eat buffet for identity thieves. Here are some of the dishes on which they greedily feed:
- Tax documents exposed on your desk (home and work)
- Private information that sits unprotected in your tax-preparer’s office
- Improperly mailed, emailed and digitally transmitted or filed records
- Photocopiers with hard drives that store a digital copy of your tax forms
- Copies of sensitive documents that get thrown out without being shredded
- Improperly stored and locked documents once your return is filed
Uncovering Business Identity Theft
While the majority of identity theft schemes prey upon individuals, small-businesses and organizations are increasingly becoming targets. Business identity theft is a serious threat, but it mostly flies under the radar simply because companies are embarrassed to discuss.
Although most companies are protected by copyright, patent and trademark laws, smaller companies lack the higher IT security measures that large companies have. According to recent studies by Javelin Strategy & Research this makes them 25% more likely to be victims of business identity theft over larger businesses. Not only do small businesses and business owners typically have larger lines of credit open than an individual, but they are unlikely to detect the fraud for six to eight months making them a prime target.
Business Identity has not been completely defined yet, but it definitely has been stolen. California has become the leader in offering identity rights to organizations and in 2006 they expanded the definition of ‘person’ in identity theft laws to include associations, organizations, partnerships, businesses, trusts, companies, and corporations. These types of amended laws have proved to deter business identity theft and provide greater assistance to those companies that have been hit.
Data Breach Protection: Laptop Theft Best Practices
Laptop theft and mobile data theft (tape backups, iPhones, BlackBerries, USB drives) account for nearly half of the cases of serious corporate data breach and workplace identity theft. Your corporation’s data breach protection will be significantly improved by educating your staff on the following mobile data best practices:
Before you save sensitive data to any mobile device, it is your responsibility to:
- Determine if your organization allows you to remove the data in question from the office in the first place. Are you allowed to save that database, Excel file, Word document, customer list, employee record, intellectual capital, etc. on your laptop, thumb drive or other mobile device?
- Decide if it is absolutely necessary to remove it from the more highly-controlled and secure environment of the office. In many of the major cases of reported data breach, the data stored on the mobile device did not actually need to be there in the first place.
- Verify that you have been authorized by your supervisor to place a copy on your device. When in doubt, check with your manager, supervisor or privacy officer to determine the correct course of action.
- Exhaust all other lower-risk alternatives for accessing the data. In many cases, it is possible to utilize a secure remote access connection to access the data so that it never leaves the company premises. You lower your personal liability when you access the data through centralized, highly secure methods.
Workplace Identity Theft Economies of Scale
Identity theft speaker John Sileo on why identity theft is moving into the workplace.
It feels as if there has been a directional shift in the past year regarding the source of data theft. From the stories I hear after every identity theft speech I deliver, the crime of data theft, identity theft and intellectual property theft are becoming more organized and moving much more into the realm of workplace identity theft and corporate data theft (i.e., it’s happening at work even more than out of our homes). The information being stolen is still often times consumer-based, but it is being compromised more often at the business level.
I think one factor contributing to this shift into the working environment has been the decline in the value of identity information. The average social security number or bank account number is worth far less on the black data market than it was even a year ago. This means that in order to make large sums of money, the thieves need to increase volume.
Instead of stealing identities one at a time, they are going for mass-data thefts, like the one that hit Heartland Payment Systems a few weeks ago. Naturally, these large thefts tend to involve more technology breach (stolen laptops, sniffed networks, botnets, malware, hacked servers, etc.) because that is where high concentrations of data live. Just like the rest of business, it’s all about economies of scale!
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
