Huzzah! The holiday party season has officially begun! It is my favorite time of year because I try to take a few weeks off of the professional speaking circuit to slow down to a normal pace. Over the coming weeks, all of the Whos in Whoville gather to celebrate the communities to which we all belong. Whether it is a neighborhood party, a work celebration or an association shindig (okay, I’m starting to use words that my parents use), it is a great time to honor our friendships, colleagues and causes.

Unfortunately, the abundance of the season attracts malcontents who try to take advantage of our happiness and busy-ness. I call this the Grinch Effect: stealing from others while they are lost in a brief moment of joy. Like the Grinch pilfering the last stocking from the fireplace, identity thieves use our distraction to pluck pieces of private data from our festive homes. Enough already! If you are hosting a holiday party (either at your  home or in your office), here are some tips on protecting your identity to foster holiday serenity:

Protecting Your Home or Office from Holiday Identity Thieves

• Know how the Grinch cases your Whobitat (your home, office or other holiday abode). Identity thieves are looking for documents, check books, credit cards, disks, computers, thumb drives, filing cabinets, sensitive trash, mail, purses, wallets, offices, cluttered desks, safes, cell phones and all other receptacles of identity. Fortunately, we tend to keep most of these items in only a few places in our homes, and a majority of that tends to be in a home office.
• I find it easiest to centralize all potential sources of identity into one place, like my office, which has a lock on it. Before company arrives, I lock the office door and it remains locked during the entire party. That way, when a potential thief disappears upstairs (ostensibly to “see the house”), you don’t have to worry about it. Yes, the office (or other lockable room) will be cluttered and filled with piles of mail, documents, computers and other data, but it is worth it!
• At this point in the year, if you haven’t taken time to protect your identity in small steps like I recommend in Privacy Means Profit (fire safes, archival shredding, computer lock-downs, etc.), don’t try to start better privacy habits now. The holiday season is too busy to add this to the list, so improvise (lock it all up in one place) and make it your New Year’s resolution to start properly protecting your privacy. If your home or office is too cluttered to get rid of all of the sensitive information, you probably shouldn’t be hosting the party.
• Ignore the voice inside of your head saying that your friends, family, co-workers and colleagues wouldn’t possibly steal data from you. You are probably right, but a large percentage of all serious identity theft is committed by a Grinch we know. I hear hundreds of stories a year at my speaking engagements where friends and relatives end up being the thief (not to mention that it was one of my closest friends who stole from me). You don’t have to assume the worst about your guests, just simply don’t assume anything and don’t leave it to chance. This is not about them, it’s about your privacy.
• Store your guests identity safely while they are at the party. One of the greatest sources of holiday-party identity theft is the pile of purses and coats that gather in one remote part of the house (usually the upstairs master bedroom, for whatever reason). You don’t want to have to lock this room and allow access like a miserly Scrooge (and become an absent host), so I suggest another alternative. Store purses and coats in a high traffic, plain site location. People are less likely to pilfer when others are in sight. If a guest is uncomfortable with this solution (in all honesty, the average guest won’t even be considering the sensitive information in their purse or coat), have them lock their valuables in the trunk of their own car. This is the point at which the paranoia starts to kill the holiday buzz, but it is a viable option.
• If you are a guest in someone else’s home, do them the favor and leave your valuable data at home or in your own trunk.

None of these suggestions should take more than 15-30 minutes to implement. And every one of them could save you hundreds of hours and thousands of dollars recovering. Unlike the Grinch, most identity thieves don’t return your belongings at the end of the show. Happy Holidays!

John Sileo is the award-winning author of Stolen Lives and Privacy Means Profit (Wiley, August 2010), a professional Financial Speaker and America’s leading identity theft expert. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.

Related posts:

1. Identity Theft Prevention this Holiday Season
2. Identity Theives Don’t Take A Holiday
3. Scrooge’s Top 10 Holiday ID Theft Protection Tips

In the past two weeks, I have been contacted separately by two local business owners to share how their business identity has been stolen and used to set up accounts with various companies on which thousands of dollars are charged and they (the actual owners) are left to pay the bills. There are no identity theft statistics on this type of crime, but I am certain that it is just coming onto the trend radar. In further proof that this is becoming a major problem for corporations, the Denver Post ran an article this morning titled “Corporate ID Thieves Mining the Store“.

Here’s how this incredibly easy form of business identity theft works:

1. A thief scours the internet for your company information (Facebook is usually a good place to start, as is your local Secretary of State’s website). They are particularly interested in bids for government contracts, as they often contain a sample of your letterhead as well as your pertinent business information. If they can obtain the Federal ID# of your businesses, they have even more ammo to defraud you.
2. Business name in hand, the thief logs on to your local Secretary of State’s website (the agency generally responsible for registering corporations and maintaining databases on corporations) and pays a small fee ($10) to alter the name of a corporate officer or the address of a company’s registered agent on public records. I would imagine that they generally register an identity stolen from another individual in order to cover their tracks further. In most states, there is no password to protect your official business filings from unauthorized users and changes. In Colorado, according to the Denver Post article mentioned above, officials say that “putting password protection on corporate data — where only a business owner or representative can make changes — is prohibitively expensive.”
   

   “In other words, the State of Colorado provides less protection for your corporate data than the average online dating service.”

3. Now that the imposter is a “corporate officer” of your business with full authority to act on behalf of your corporation, the thief applies for a credit account in your business’s name, generally at a large national retailer (Home Depot, Lowes, AT&T, Sprint and Verizon see to be the top choices). If necessary, they use your poached letterhead to facilitate the process of setting up the account.
4. The retailer, before extending credit, verifies with Dun & Bradstreet that you are in fact an official officer of the corporation. And where does Dun & Bradstreet get its information about your business? From the Secretary of State’s office, the very source of your illegally modified information. In other words, all parties in the process are relying upon falsified source data that remains unprotected on government websites.
5. Using the newly established business account with terms (i.e., the thief doesn’t have to pay for what they buy, it is invoiced to the company for payment at a later date), the thief makes large purchase of equipment of services, often worth tens of thousands of dollars.
6. Equipment in hand, the thief leaves the store never to be seen again. Your business, of course, receives the bill, and begins the arduous, time consuming and expensive process of proving that you never made the purchase, a difficult task given that the account was established by what the retailer considers to be a legitimate officer of your corporation.

Far fetched? Not at all. The problem is compounded by the fact that sales associates at many national retailers receive incentive bonuses for every sale they make. Why wouldn’t they push the sale of 50 mobile phones through the system when they receive a large commission to do so. It’s much easier than selling one handset at a time.

Both actual cases I worked with involved phone companies, and each business owner has struggled desperately to prove that they did not make the purchase and do not owe on the account. In one of the cases, the business in question already had an account established with the phone company – same company name, address, phone number, etc. – and the phone company failed to ask any questions as to why they would want a second account. In many of the cases, the thieves use the same stolen business identity over and over again in different cities (rarely do they even shop in your actual city), causing the owner untold hours of time repairing their damaged Dun & Bradstreet ratings, fighting with collection agencies and sitting on hold trying to explain to large corporations that don’t have any incentive to believe what you are saying.

In a spiraling economy, taking your eye off the ball can mean you lose the game. In the meantime, you can take these steps to being affecting change and protecting your valuable business data:

1. Contact your local Secretary of State’s Office and encourage them to resolve the issue as quickly as possible. You just might be the first person to let them know that this problem exists. At minimum, ask them to begin protecting your corporate data with a password that only the verified and legitimate corporate officers of your corporation can access.
2. Review your corporate filing with the Secretary of State’s Office regularly to make sure that there is no altered or false information in their database. If there is, contact them immediately.
3. While in your corporations’ listing on the Secretary of State’s website, make sure that you set up any security measures they have provided. For example, if they have email alerts anytime your profile changes, make sure you take them up on it and have a current email address in the profile. This will send you an alert anytime someone changes your file.
4. Monitor your Dun & Bradstreet account regularly to make sure that no liens or encumbrances have been placed on your credit profile. If there is incorrect or unrecognizable data on your report, contact D&B’s fraud department immediately at 1.800.234.3867.
5. Set up a Google Alert for your corporation’s official name, TIN and any DBAs to monitor unexpected internet activity on behalf of your organization.
6. If you are a contract-based vendor, include a clause in your contract prohibiting the publication of your TIN/EIN/SSN in any electronic or internet form without your prior written consent.
7. Protect your TIN, letterhead and company information as if it were currency, because it is.

Check back over the next few days for information on how to recover from this crime if you are a victim.

John Sileo speaks professionally to organizations that wish to avoid the costs associated with identity theft, data breach, social media exposure and insider theft. His satisfied clients include the Department of Defense, Blue Cross Blue Shield, the FDIC, Pfizer and hundreds of corporations of all sizes. Learn more about his entertaining and effective presentations on identity theft, data breach and fraud training or contact him directly on 800.258.8076.

Related posts:

1. Detection-Fraud: 15 Signs You’re a Victim of Identity Theft!
2. Uncovering Business Identity Theft
3. Business Identity Theft Radio Interview, Part I

Mobile Data Theft

Technology is the focal point of data breach and workplace identity theft because corporations create, transmit, and store so many pieces of information digitally that it becomes a highly attractive target. This book is not intended to address the complex maze that larger organizations face in protecting their technological and digital assets. Rather, the purpose of this book is to begin to familiarize business employees, executives, and vendors with the various security issues facing them.
The task, then, is to develop a capable team (internal and external) to address these issues. In my experience, the following technology-related issues pose the greatest data-loss threats inside organizations:

• Laptop Theft: According to the Ponemon Institute, 36 percent of reported breaches are due to a lost or stolen laptop.
• Mobile Data Theft: Thumb drives, CDs, DVDs, tape backups, smart phones
• Malware: Software that infects corporate systems, allowing criminals inside these networks
• Hacking: Breaking into your computer system from the outside, using networks, wireless connections, remote access, and your Internet pipeline
• Wireless Theft: Wireless connections to the Internet in airports, hotels, cafes, and conferences
• Insider Theft: When someone in the IT department (or elsewhere) decides to make extra money by selling your data

According to the Ponemon Institute, ‘‘Thirty-six percent of all cases in this year’s study involved lost or stolen laptop computers or other mobile data-bearing devices. Data breaches concerning lost, missing, or stolen laptop computers are more expensive than other incidents. Specifically, in this year’s study, the per-victim cost for a data breach involving a lost or stolen laptop was just under $225, over $30 more than if a laptop or mobile device was not involved.’’ Continue Reading….

The post above is an excerpt from John’s latest book Privacy Means Profit. To learn more and to purchase the book, visit our website www.ThinkLikeASpy.com.

Privacy Means Profit

Prevent Identity Theft and Secure You and Your Bottom Line

This book builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

In Privacy Means Profit, John Sileo demonstrates how to keep data theft from destroying your bottom line, both personally and professionally. In addition to sharing his gripping tale of losing $300,000 and his business to data breach, John writes about the risks posed by social media, travel theft, workplace identity theft, and how to keep it from happening to you and your business.

Related posts:

1. Business Killers: Identity Theft and Data Breach Protection FREE WEBINAR
2. Data Breach Protection: Laptop Theft Best Practices
3. Data Breach Increases 33% in 2010 and You’re Next

Were you surprised the other day when I said that your children are highly attractive targets of identity thieves because they have untouched and unblemished credit records?  Let me tell you just how easy it happens.

How Does It Happen?

All an identity thief needs to ruin your child’s bright financial future is her name and Social Security Number.

“Shouldn’t my child’s age show up on any credit background check, shouldn’t the merchant recognize that the person in front of them buying a car on credit isn’t seven years old?” you ask.

Yes, it should, but the people screening the credit report rarely give it the time and care necessary to detect fraud.

All too often, background checks involve simply matching the name and the Social Security Number provided. This leaves doors wide open for scandalous minds to wreak havoc on your child’s perfect credit. The most unsettling part is that the age of the applicant (in this case, the person posing as your child) becomes official with the credit bureaus upon the first credit application. This makes clearing a sabotaged credit record even more difficult because you have to prove to the credit bureau that your child is only seven and isn’t responsible for thousands of dollars of debt.

In no time at all, your child could have a maxed out credit card, unpaid bills and a huge mortgage for beachfront property across the country. You might not discover the illegal purchases until your child opens a bank account, applies for a job, tries to get a driver’s license or enters college. At that point, you are left with the time-consuming dilemma of cleaning up someone else’s fraudulent mess. If only clearing up a credit report was as easy as cleaning up after your kids.

Do the gaping holes in our current credit system and the audacity of criminals leave you enraged? Me too. And it is imperative that you use your anger as fuel to protect and prepare your children’s future before it is too late.

Child Identity theft is the fastest growing sector of the identity theft “industry,” and the numbers are staggering. Although it’s difficult to estimate exactly how many children lose their identities since the crime can go undetected for years, the FTC states that 5% of identity theft cases target children, which translates into 500,000 kidnapped child identities per year, and growing. The Identity Theft Resource Center discovered that in 54% of the cases, the child was under the age of six.

In my next blog, I’ll talk about Who Does This.

Identity Theft Speaker, John Sileo

Related posts:

1. Child Identity Theft Expert – Part III
2. Child Identity Theft Expert – Part IV Protection
3. Child Identity Theft Expert: A Growing Concern – Part I of 4

For businesses, shredding is low-hanging fruit (one of the easiest sources of data breach to eliminate). But businesses are so often focused on electronic forms of data breach that they fail to heed the following statistics highlighted in a recent Ponemon Institute study conducted for the Alliance for Secure Business Information:

• More than 50 percent of sensitive business data is still stored on paper documents.
• Forty-nine percent of data breaches reported in the survey were the result of paper documents.
• Sixty percent of businesses admitted that they didn’t provide the proper tools (e.g., shredders) to safely discard documents that were no longer needed.
• The average data breach recovery cost according to this survey was $6.3 million.

If you own a business, make sure to destroy sensitive documents prior to discarding them, to decrease your legal liability. Businesses are required to destroy all consumer information before discarding it in the trash. The Fair & Accurate Credit Transaction Act (FACTA) Disposal Rule states that ‘‘any person who maintains or otherwise possesses consumer information for a business purpose’’ must properly destroy the information prior to disposal. FACTA further states that every person and/or business must take ‘‘reasonable measures’’ to protect against unauthorized access to the use of the information in connection with its disposal… Click Here to Continue.

Privacy Means Profit

Prevent Identity Theft and Secure You and Your Bottom Line

This book builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

In Privacy Means Profit, John Sileo demonstrates how to keep data theft from destroying your bottom line, both personally and professionally. In addition to sharing his gripping tale of losing $300,000 and his business to data breach, John writes about the risks posed by social media, travel theft, workplace identity theft, and how to keep it from happening to you and your business.

Related posts:

1. Workplace Identity Theft Economies of Scale
2. Document Shredding
3. Identity Theft for Businesses: Mobile Data Breach

Workplace identity theft isn’t caused by paper documents because we have gone paperless, right? Rubbish. Paper rubbish, in fact.

You and I both know that we use as much paper as ever. We sign up for electronic statements and then print and file them, along with important emails, financial documents, etc. Paper documents are more plentiful than ever, and they pose a significant risk of workplace identity theft and data breach.

According to a recent study* conducted by the Alliance for Secure Business Information (ASBI):

80% of large organizations surveyed indicated that they had experienced one or more data breaches over the previous 12 months. 49% of those breaches involved the loss or theft of paper documents. The average breach recovery cost $6.75 Million!

In other words, most businesses have already been breached and half of the time it was because of paper documents!

Fact: Every day, businesses manage highly confidential information (customer data, employee records, intellectual property), leaving themselves, their employees and customers vulnerable to an extremely costly data breach.

But what many fail to realize is that paper documents pose just as much of a risk to an organization as electronic documents.

Shredding is the most concrete form of identity theft prevention and the only way to help ensure that all confidential information included on paper documents remains just that…confidential.

As a two-time victim of identity theft (one of which resulted from un-shredded documents that went out in my trash), I know how important it is to shred confidential paperwork after use.  I also know how important it is to find a quality shredder and one with cross-cut capabilities that fits your offices’ individual needs. Watch the video above for more tips on proper shredding.

Fellowes Shredders Stop Workplace Identity Theft

I only use Fellowes Shredders. Here’s why:

• Fellowes, Inc. is the leading shredder manufacturer, which means that it has a shredder for every situation, home or office. It is an established, reputable company that stands behind their products with research, warranties and education.
• Fellowes shredders come with 100 percent Jam Proof technology, which means that they work when you need them most.
• I love the SafeSense feature, which disables the shredding device if human fingers get too close. That makes it safe for my young kids.
• They provide confetti shreds that are less than 2”, making it nearly impossible to re-construct the document.
• They last!

Want to find out which shredder is right for your unique office environment? Use this Fellowes Shredder Selector Tool.

John Sileo became America’s leading Workplace Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. Learn more about bringing John to speak at your next event by contacting him directly on 800.258.8076.

*The web-based survey was launched August 12, 2008 and was closed August 21, 2008. Debriefing of respondents and analysis was completed August 30, 2008. The margin of error on all adjective scale and Yes/No/Unsure responses is: ? 3.5 percent. The final sample consisted of 819 individuals who work in IT operations, IT security, data protection and compliance in large organizations in a variety of industries.

Related posts:

1. Secure Document Storage
2. Workplace Identity Theft: Shredding
3. Auto Document Storage

Identity theft speaker John Sileo shares his tax-time identity theft prevention tips.

This past week, I have been helping a gentleman recover from the theft of all of his tax records.  Before it is all over, this gentleman will have spend hundreds of hours and thousands of dollars simply preventing any further fraudulent use of his identity. That doesn’t account for any damages already done to his finances, criminal record, medical records or social security benefits. There is very little that is more damaging and dangerous to your identity than losing your tax records. After all, tax records generally contain the most sensitive personally identifying information that you own, including Social Security Numbers (for you, your spouse and maybe even your kids), names, addresses, employers, net worth, etc. Because of this high concentration of sensitive data, tax time is like an all-you-can-eat buffet for identity thieves. Here are some of the dishes on which they greedily feed:

• Tax documents exposed on your desk (home and work)
• Private information that sits unprotected in your tax-preparer’s office
• Improperly mailed, emailed and digitally transmitted or filed records
• Photocopiers with hard drives that store a digital copy of your tax forms
• Copies of sensitive documents that get thrown out without being shredded
• Improperly stored and locked documents once your return is filed
• Tax-time scams that take advantage of our propensity to do whatever the IRS says (even if it’s not really the IRS asking)

Top Tips for Tax Time Identity Theft Protection Safe Preparation. Your greatest risk of identity theft during tax season comes from your tax preparer (if you use one) either because they are dishonest (less likely) or because they are careless with your sensitive documents (more likely). Just walk into a tax-preparers office on April 1 and ask yourself how easy it would be to walk off with a few client folders containing mounds of profitable identity. The devil is in the disorganization. Effective Solutions:

• Choose your preparer wisely. How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Do they have an established record and are they recommended by the Better Business Bureau?
• Interview your preparer before you turn over sensitive information. Ask them exactly how they protect your privacy (do they have a privacy policy?). Are they meeting with you in a room full of client files, or do they take you to a neutral, data-free, conference room or office? Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the next section?
• Asking professional tax preparers these questions sends them a message that you are watching! Identity thieves tend to stay away from people they know are actively monitoring for fraud. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood.

Secure Computers. Last year, more than 80 million Americans filed their tax returns electronically. To prevent electronic identity theft, you must take the necessary steps to protect your computer, network and wireless connection. Additionally, your tax preparer should be working only on a secured computer, network and internet connection. Hire a professional to implement the following security measures:

• Strong alpha-numeric passwords that keep strangers out of your system
• Anti-virus and anti-spyware software configured with automatic updates
• Encrypted hard drives or folders (especially for your tax preparer)
• Automatic operating system updates and security patches
• An encrypted wireless network protection
• A firewall between your computer and the internet
• Remove all file-sharing programs from your computer (limewire, napster, etc.)

Private information should be transmitted by phone using your cell or land line (don’t use cordless phones). In addition, never email your private information to anyone unless you are totally confident that you are using encrypted email. This is a rarity, so don’t assume you have it. In a pinch, you can email password protected PDF documents, though these are relatively easy to hack. Stop Falling for IRS Scams. We have a heightened response mechanism during tax season; we don’t want to raise any red flags with the IRS, so we tend to give our personal information without much thought. We are primed to be socially engineered. Here’s how to combat the problem:

• Make your default answer, “No”. When someone asks for your Social Security Number or other identifying information, refuse until you are completely comfortable that they are legitimate. Verify their credentials by calling them back on a published number for the IRS.
• If someone promises you (by phone, fax, mail, or in person) to drastically reduce your tax bill or speed up your tax return, don’t believe them until you have done your homework (call the IRS directly if you have to). These schemes flourish when the government issues economic stimulus checks and IRS refunds.
• If anyone asks you for information in order to send you your check, they are scamming for your identity. The IRS already knows where you live (and where to send your rebate)! By the way, the IRS will NEVER email you for any reason (e.g., promising a refund, requesting information, threatening you).
• To learn more about IRS scams, visit the only legitimate IRS website, which is www.irs.gov. If you are hit by an IRS scam, contact the IRS’s Taxpayer Advocate Service at www.irs.gov/advocate.

Mail Safely. A good deal of identity theft takes place while tax documents or supporting material are being sent through the mail. If you are sending your tax return through the mail, follow these steps:

• Walk the envelope inside of the post office and hand it to an employee. Too much mail is stolen out of the blue USPS mailboxes and driveway mailboxes that we use for everything else to make them safe.
• Send your return by certified mail so that you know it has arrived safely. This sends a message to each mail carrier that they had better provide extra protection to the document they are carrying.
• Consider filing electronically so that you take mail out of the equation. Make sure that you have a well-protected computer (discussed above).

Shred and Store Safely. Any copies of tax documents that you no longer need can be shredded using a confetti shredder. Store all tax records, documents and related materials in a secure fire safe. I recommend spending the extra money to have your safe bolted into your home so that a thief can’t walk away with your entire identity portfolio. Make sure that your tax provider appropriately destroys and locks up any lingering pieces of your identity as well. Tax returns provide more of your private information in a single place than almost any other document in our lives. Don’t waste your tax refund recovering from this crime.

Related posts:

1. Top Tips to Stop Tax Time Identity Theft
2. Avoid Tax Time Identity Theft
3. Identity Theft Prevention in a Hotel

Although most companies are protected by copyright, patent and trademark laws, smaller companies lack the higher IT security measures that large companies have. According to recent studies by Javelin Strategy & Research this makes them 25% more likely to be victims of business identity theft over larger businesses.  Not only do small businesses and business owners typically have larger lines of credit open than an individual, but they are unlikely to detect the fraud for six to eight months making them a prime target.

Business Identity has not been completely defined yet, but it definitely has been stolen. California has become the leader in offering identity rights to organizations and in 2006 they expanded the definition of ‘person’ in identity theft laws to include associations, organizations, partnerships, businesses, trusts, companies, and corporations. These types of amended laws have proved to deter business identity theft and provide greater assistance to those companies that have been hit.

Most commonly criminals assume the name of a business, rent out office space in the same building and order everything from corporate credit cards to hundreds of computers and equipment. In one instance the culprit billed a law firm for $70,000 in purchased equipment, hired a moving truck and disappeared from the building before the fraud was ever detected.  This has been not only costly, but timely. If businesses had the same protection as individuals this would have been quickly resolved and the victims would have moved on. Credit card companies have also followed suit and began to remove the distinction between business identity theft and individual identity theft.

The lack of publicity on this type of Identity theft is solely due to a lack of reporting by companies. Businesses are required by federal law to notify consumers who’s personal information has been hijacked, but not if their businesses identity has been stolen. In order to save face, most business owners would rather not own up to such a breach to avoid looking like the pawn in a criminals scheme. Without incentives and assistance to a company who has experienced this type of transgression there is little reason for them to come forward.

Until businesses and their owners come forward to help uncover business identity theft there will be less laws in place to deter criminals and small businesses will remain vulnerable.

For more information on this issue check out BusinessWeek.

John Sileo provides identity theft training to human resource departments and organizations around the country. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Related posts:

1. Business Identity Theft Radio Interview, Part I
2. Business Identity Theft Radio Interview, Part II
3. Business Killers: Identity Theft and Data Breach Protection FREE WEBINAR

Before you save sensitive data to any mobile device, it is your responsibility to:

• Determine if your organization allows you to remove the data in question from the office in the first place. Are you allowed to save that database, Excel file, Word document, customer list, employee record, intellectual capital, etc. on your laptop, thumb drive or other mobile device?
• Decide if it is absolutely necessary to remove it from the more highly-controlled and secure environment of the office. In many of the major cases of reported data breach, the data stored on the mobile device did not actually need to be there in the first place.
• Verify that you have been authorized by your supervisor to place a copy on your device. When in doubt, check with your manager, supervisor or privacy officer to determine the correct course of action.
• Exhaust all other lower-risk alternatives for accessing the data. In many cases, it is possible to utilize a secure remote access connection to access the data so that it never leaves the company premises. You lower your personal liability when you access the data through centralized, highly secure methods.

As you save sensitive data to the device, it is your responsibility to:

• Minimize the number of records you transfer. If you don’t need the entire contact database, take only the records that you need. In case of a breach, this minimizes exposure.
• Minimize the corresponding fields for each record transferred. If you only need names and phone numbers, don’t transfer additional account information such as address, account numbers, etc.
• Consider de-identifying the data to render it anonymous. For example, if you track medical records using a Social Security Number but are transferring the data to do a high-level analysis of overall profitability, there is no need to include the SSNs in your transfer. Exclude that column from the data you take with you.

Before you leave the office, it is your responsibility to:

• Attempt to encrypt the individual data file. In addition to encrypting the data device itself, it is possible in many software programs to encrypt the individual data file, giving an added layer of protection.
• Make sure your data device has been encrypted. This will most often be the responsibility of your IT department, but it is your responsibility to verify that they have done their job.
• Protect your device with a strong password that utilizes letters, numbers, symbols and upper/lower case characters where possible?
• Protect the individual sensitive files with a separate, strong password. The programs that allow you to encrypt individual files will also allow you to assign individual passwords to the file.

Once you have left the office, it is your responsibility to:

• Utilize a secure wireless internet connection only (e.g., in airports, hotels, coffee shops, etc.). Make sure your IT department has enabled WEP wireless encryption on your wireless device.
• Run a secure firewall between your laptop and your connection to the internet.
• Email sensitive data only when absolutely necessary and even then, use an encrypted, password-protected format?
• Physically secure (lock down) the device when in transit (e.g., in your car, in the airport, in your hotel room).
• Utilize Laptop Anti-theft Best Practices

Click here to view the embedded video.

When you no longer need the sensitive data on your device, it is your responsibility to:

• Remove and electronically destroy all remnants of the sensitive files on your device (e.g., digital shredding, low-level formatting and occasionally, like in the case of DVDs, CDs and tape backups, complete physical destruction). If this task falls under the responsibility of your IT department, it is your responsibility to make sure, to the best of your ability, that they do their job.

If this seems like a great deal of responsibility, that’s because it is. In the information economy, our most valuable assets are the information that we collect, store and protect every day. As executives or employees of our respective organizations, it’s not just profitable to protect sensitive information; it’s also the right thing to do.

John Sileo speaks to corporations about data breach protection. His clients include the Department of Defense, Pfizer and the FDIC. Contact John directly on 1.800.258.8076 to learn more.

Related posts:

1. Identity Theft for Businesses: Mobile Data Breach
2. Data Breach Increases 33% in 2010 and You’re Next
3. Data Breach Expert Sileo Talks to Fox Business

It feels as if there has been a directional shift in the past year regarding the source of data theft. From the stories I hear after every identity theft speech I deliver, the crime of data theft, identity theft and intellectual property theft are becoming more organized and moving much more into the realm of workplace identity theft and corporate data theft (i.e., it’s happening at work even more than out of our homes). The information being stolen is still often times consumer-based, but it is being compromised more often at the business level.

I think one factor contributing to this shift into the working environment has been the decline in the value of identity information. The average social security number or bank account number is worth far less on the black data market than it was even a year ago. This means that in order to make large sums of money, the thieves need to increase volume.

Instead of stealing identities one at a time, they are going for mass-data thefts, like the one that hit Heartland Payment Systems a few weeks ago. Naturally, these large thefts tend to involve more technology breach (stolen laptops, sniffed networks, botnets, malware, hacked servers, etc.) because that is where high concentrations of data live. Just like the rest of business, it’s all about economies of scale!

The interesting part to me is the role that insiders play in these schemes. Almost every breach I come across has an “insider” component to it. So the answers aren’t just technological, they are rooted in leadership, teamwork, hiring and vetting processes and the like.

Related posts:

1. Workplace Identity Theft: Shredding
2. Identity Theft for Businesses: Mobile Data Breach
3. Uncovering Business Identity Theft