‘Workplace ID Theft’ Articles

While the majority of identity theft schemes prey upon individuals, small-businesses and organizations are increasingly becoming targets. Business identity theft is a serious threat, but it mostly flies under the radar simply because companies are embarrassed to discuss.

Although most companies are protected by copyright, patent and trademark laws, smaller companies lack the higher IT security measures that large companies have. According to recent studies by Javelin Strategy & Research this makes them 25% more likely to be victims of business identity theft over larger businesses.  Not only do small businesses and business owners typically have larger lines of credit open than an individual, but they are unlikely to detect the fraud for six to eight months making them a prime target.

Business Identity has not been completely defined yet, but it definitely has been stolen. California has become the leader in offering identity rights to organizations and in 2006 they expanded the definition of ‘person’ in identity theft laws to include associations, organizations, partnerships, businesses, trusts, companies, and corporations. These types of amended laws have proved to deter business identity theft and provide greater assistance to those companies that have been hit.

Laptop theft and mobile data theft (tape backups, iPhones, BlackBerries, USB drives) account for nearly half of the cases of serious corporate data breach and workplace identity theft. Your corporation’s data breach protection will be significantly improved by educating your staff on the following mobile data best practices:

Before you save sensitive data to any mobile device, it is your responsibility to:

• Determine if your organization allows you to remove the data in question from the office in the first place. Are you allowed to save that database, Excel file, Word document, customer list, employee record, intellectual capital, etc. on your laptop, thumb drive or other mobile device?
• Decide if it is absolutely necessary to remove it from the more highly-controlled and secure environment of the office. In many of the major cases of reported data breach, the data stored on the mobile device did not actually need to be there in the first place.
• Verify that you have been authorized by your supervisor to place a copy on your device. When in doubt, check with your manager, supervisor or privacy officer to determine the correct course of action.
• Exhaust all other lower-risk alternatives for accessing the data. In many cases, it is possible to utilize a secure remote access connection to access the data so that it never leaves the company premises. You lower your personal liability when you access the data through centralized, highly secure methods.

Workplace identity theft isn’t caused by paper documents because we have gone paperless, right? Rubbish. Paper rubbish, in fact.

You and I both know that we use as much paper as ever. We sign up for electronic statements and then print and file them, along with important emails, financial documents, etc. Paper documents are more plentiful than ever, and they pose a significant risk of workplace identity theft and data breach.

According to a recent study* conducted by the Alliance for Secure Business Information (ASBI):

• 80% of large organizations surveyed indicated that they had experienced one or more data breaches over the previous 12 months
• 49% of those breaches involved the loss or theft of paper documents.
• The average breach recovery cost $6.3 Million!

In other words, most businesses have already been breached and half of the time it was because of paper documents!

Fact: Every day, businesses manage highly confidential information (customer data, employee records, intellectual property), leaving themselves, their employees and customers vulnerable to an extremely costly data breach.

But what many fail to realize is that paper documents pose just as much of a risk to an organization as electronic documents.

Shredding is the most concrete form of identity theft prevention and the only way to help ensure that all confidential information included on paper documents remains just that…confidential.

Were you surprised the other day when I said that your children are highly attractive targets of identity thievesbecause they have untouched and unblemished credit records?  Let me tell you just how easy it happens.

How Does It Happen?

All an identity thief needs to ruin your child’s bright financial future is her name and Social Security Number.

“Shouldn’t my child’s age show up on any credit background check, shouldn’t the merchant recognize that the person in front of them buying a car on credit isn’t seven years old?” you ask.

Yes, it should, but the people screening the credit report rarely give it the time and care necessary to detect fraud.

All too often, background checks involve simply matching the name and the Social Security Number provided. This leaves doors wide open for scandalous minds to wreak havoc on your child’s perfect credit. The most unsettling part is that the age of the applicant (in this case, the person posing as your child) becomes official with the credit bureaus upon the first credit application. This makes clearing a sabotaged credit record even more difficult because you have to prove to the credit bureau that your child is only seven and isn’t responsible for thousands of dollars of debt.

Identity theft speaker John Sileo shares his tax-time identity theft prevention tips.

This past week, I have been helping a gentleman recover from the theft of all of his tax records.  Before it is all over, this gentleman will have spend hundreds of hours and thousands of dollars simply preventing any further

fraudulent use of his identity. That doesn’t account for any damages already done to his finances, criminal record, medical records or social security benefits. There is very little that is more damaging and dangerous to your identity than losing your tax records. After all, tax records generally contain the most sensitive personally identifying information that you own, including Social Security Numbers (for you, your spouse and maybe even your kids), names, addresses, employers, net worth, etc. Because of this high concentration of sensitive data, tax time is like an all-you-can-eat buffet for identity thieves. Here are some of the dishes on which they greedily feed:

• Tax documents exposed on your desk (home and work)
• Private information that sits unprotected in your tax-preparer’s office
• Improperly mailed, emailed and digitally transmitted or filed records
• Photocopiers with hard drives that store a digital copy of your tax forms
• Copies of sensitive documents that get thrown out without being shredded
• Improperly stored and locked documents once your return is filed
• Tax-time scams that take advantage of our propensity to do whatever the IRS says (even if it’s not really the IRS asking)

Top Tips for Tax Time Identity Theft Protection

Identity theft speaker John Sileo on why identity theft is moving into the workplace.

It feels as if there has been a directional shift in the past year regarding the source of data theft. From the stories I hear after every identity theft speech I deliver, the crime of data theft, identity theft and intellectual property theft are becoming more organized and moving much more into the realm of workplace identity theft and corporate data theft (i.e., it’s happening at work even more than out of our homes). The information being stolen is still often times consumer-based, but it is being compromised more often at the business level.

I think one factor contributing to this shift into the working environment has been the decline in the value of identity information. The average social security number or bank account number is worth far less on the black data market than it was even a year ago. This means that in order to make large sums of money, the thieves need to increase volume.

Instead of stealing identities one at a time, they are going for mass-data thefts, like the one that hit Heartland Payment Systems a few weeks ago. Naturally, these large thefts tend to involve more technology breach (stolen laptops, sniffed networks, botnets, malware, hacked servers, etc.) because that is where high concentrations of data live. Just like the rest of business, it’s all about economies of scale!

Thanks to everyone who attended my identity theft seminar this morning hosted by the Department of Defense at Andrews Air Force Base. For the list of identity theft prevention tips I referred to during the speech, please proceed to the bottom of this post. But before you do that… During the workshop, an audience member asked me  a simple question:

Do Loyalty Cards (like the ones you sign up for in the supermarket to get store discounts) make me nervous?

They don’t, but that is because I take precautions to protect my privacy. Here’s how loyalty cards work:

Huzzah! Tonight officially starts the holiday party season. It is my favorite time of year because I actually take a few weeks off of the professional speaking circuit to slow down to a normal pace. Over the coming weeks, all of the Whos in Whoville gather to celebrate the communities to which we all belong. Whether it is a neighborhood party, a work celebration or an association shindig (okay, I’m starting to use words that my parents use), it is a great time to honor our friendships, colleagues and causes.

Unfortunately, the abundance of the season attracts malcontents who try to take advantage of our happiness and busy-ness. I call this the Grinch Effect: stealing from others while they are lost in a brief moment of joy. Like the Grinch pilfering the last stocking from the fireplace, identity thieves use our distraction to pluck pieces of private data from our festive homes. Enough already! If you are hosting a holiday party (either at your  home or in your office), here are some tips on protecting your identity to foster holiday serenity:

The Privacy Problem: Thanks to laptops, smart phones, DVDs and a deluge of other data-holding mobile devices, we carry as much sensitive data with us as we keep in our homes and offices. These devices are at a much higher risk of theft when they are in transit.

The Privacy Project: To help you better protect identity-bearing devices while they are being transported and stored in your car (RV, boat, etc.). The solution…

Since the publication of my identity theft prevention book, Stolen Lives – Identity Theft Prevention Made Simple, several resource links listed in the book have changed. Since the book is not a dynamic document, but this blog is, I’d like to provide updated links here. If you find other links in Stolen Lives that have become outdated since publication, please use the Contact form above to let me know. If you have good sources of identity theft prevention, please include them with a response below. Click through for the update links that I know about so far…