Do You Have Safe Business Practices In the Workplace?

If you have a business, there are several questions that you need to ask yourself to know if you have taken steps to protect your information from being improperly accessed by identity thieves. Think through these questions to see where you may need to beef up your security at your work place. At the same time, check out the security at the offices you frequent and see if they have files lying around that could be compromising your identity.

• When you obtain personal information from your customers or clients, is there a good reason for each question? (Only ask for information that you need in your working relationship with that customer. Do not ask for information just because everyone always asks for that information. The less information you have on someone, the less information to lose!)
• Is the information that you do need obtained in a safe manner? (For example, do not ask for a Social Security number in a room full of people who could hear the answer. If you ask for information online, make sure you have a secure site for the protection of the person providing the information).
• When you have the information, who has access? (Do you have files laying around or stored in unlocked file cabinets?) Do only the people who need the information have access to it on your computer? (Is your computer password protected or the specific file password protected?) Dealing with accessibility to information by taking easy steps to protecting the data goes a long way to mitigating damages. Don’t forget your employees’ information needs the same protection as your customers.
• When you are done with the information how do you dispose of it? (Do you shred paper documents?) Is information on the computer properly disposed of? (If you recycle your computer, is all the personal information on the hard drive correctly removed?)

Getting the right answers to these questions will not guarantee that identity theft will not occur as, unfortunately, you can never be 100% safe. However, if you can take just a few protective steps more than what you may be doing now, then you have started the continuing process to protect yourself from an information breach that could result in monetary fines and jail time for you.

If you would like more information on how to protect yourself and your business, please contact us at info@identitytheftforum.net. Also check out The Little Book of Identity Theft at   http://www.ourlittlebooks.com/educational.html.

It’s Not Always What YOU Do or Don’t Do

To add insult to injury to Hurricane Katrina evacuees, an investigation revealed that there was an identity theft security breach in Texas. An agency which had provided services the evacuees who ended up in Texas had inadvertently allowed personal information on more than 16,000 evacuees to be posted on two web sites which displayed public information. This information included names, addresses and social security numbers!

Although FEMA was not directly responsible for this other agency’s breach, they have tried to close the barn door after the horse was out by providing credit monitoring for 18 months for the victims. Unfortunately, so much identity theft fraud happens years after the incident that those people will have to be very vigilant about always watching their credit reports for years to come.

So, as careful as you may be with your information, it is not always you who is the one to cause a breach. This is why you have to be so attentive to what is out there and to whom you are giving your information. Right now, your information is in schools, hospitals, job sites and hundreds of other sites you don’t even think of. I am sure the victims of Katrina were not thinking about identity theft when they were being helped by the Texas agency. They were only concerned with getting some clothes on the backs, food in their mouths, and shelter over their heads. It is sad that a mistake by a governmental agency makes it necessary to think about identity theft in addition to just living.

If you need help, or further information about how to protect yourself, please feel free to contact us at info@identitytheftforum.net. Also check out The Little Book of Identity Theft at  http://www.ourlittlebooks.com/educational.html.

Remember To Protect Your Kids Against Identity Theft

 Most people do what they are supposed to do about identity theft. They don’t carry their Social Security card in their wallet; they check their credit card receipts every month; and they check their credit reports at least once a year. But have you considered your children’s identity? While obviously, they do not have credit cards, they do have a social security number. Has that number been used to buy a house, get a credit card or even get a job?

Because kids have no active credit or no credit history, there is nothing to check. They don’t get bills in the mail to clue you in and there is no reason to check out their credit reports. Therefore, there is no reason why an identity thief would want your child’s identity. If you believe this, you would be wrong. Children’s numbers can get stolen from schools and hospitals who traditionally have little security measures in place to prevent identity theft of a child’s personal information. And, unfortunately, many identity thieves are a relative of a child so it makes it even harder to catch.

To identity thieves, a social security number is just a number. They do not care whether it belongs to an adult or a child (or even a deceased person!). If they can get that number and just a few other pieces of information (easily obtainable), they have enough information to obtain credit and ruin a child’s credit before that child is old enough to apply! When that child is 18 and applies for credit, they may find that they have already been working for 15 years, or that they have 6 credit cards and a mortgage. Unfortunately, if the identity theft misused the credit, this child’s credit could be ruined before they even start, and may take years to unravel.

What to do? You run your own credit report at least once a year (hopefully three times a year- once for each credit repository). Remember to run your children’s numbers through as well. Although nothing should come up, you will be glad if you find something that you can deal with it now and not 15 years from now.

If you need help, or further information about how to protect your child, please feel free to contact us at info(a)identitytheftforum.net. Also check out The Little Book of Identity Theft at   http://www.ourlittlebooks.com/educational.html.

2008 Breach Report Now Out

On Monday, 1/5/09, the Identity Theft Resource Center (ITRC) came out with their Breach Report for 2008:

(http://www.idtheftcenter.org/BreachPDF/ITRC_Breach_Report_2008_final.pdf).

Reports of data breaches increased dramatically over 2007. There were 656 major breaches with 35,691,255 people exposed as a result of these breaches (although the number of breaches do not reflect the actual number of companies affected). To qualify as a breach, identifying information that could lead to identity theft such as a person’s social security number, must have been exposed at the time of breach.

What is most scary is that only 2.4% of all the breaches had encryption or other strong protection methods in use. In fact, only 8.5% of the reported breaches even had password protection. Obviously, most of the breached data was unprotected. I wonder what the statistics would look like if companies took a wee bit of time to actually protect their information. Doing so would certainly mitigate their damages (not only monetary but possible jail time as well) for breaches of information. Check out the link to the right for ITRC’s website.

For further information about how to protect your business, be in compliance with the identity theft laws or need training, please feel free to contact us at info(a)identitytheftforum.net.

Even Twitter Gets Phished!

 Even Twitter, the current poster child of social networking (www.twitter.com), is involved with identity theft! With 4-5 million users by the end of 2008 (with 70% of them signing up just in 2008) it is actually surprising that it has not happened before. But this time phishing tweets caught such celebs as Fox news Bill O’Reilly (questioning his sexuality), Britney Spears (questioning her nautiness), and CNN anchor, Rick Sanchez (questioning his drug use) as hackers posted incorrect tweets allegedly from them.

Over the first weekend in January, Tweeters were hit with a classic phishing scam. They were sent a direct message urging them to take a look at a funny blog about themselves. When they clicked on the link, it took them to what appeared to be the real twitter page (very nice likeness) which required them to sign in to their twitter account (first clue!). Of course, had they looked at the real link, it was not going to the real twitter site, but to a bogus one. Once they entered their information, they were giving out their usernames and passwords to the hackers. The hackers then proceeded to use this information to send out direct messages to all those people’s followers and so on and so forth as the scam grew and grew and more and more passwords were stolen.

This is classic phising at it’s best! While people seemed to catch on fairly quickly, the damage was done as more and more people went to the bogus site and gave out their passwords. The easy fix was for everyone to change their password, and the scam slowed down. But because not everyone changed their passwords, the phishing scam raised it’s ugly head again! What’s the simple remedy? Before you give out your password, always check the url to make sure that you are aimed at a correct website. Very simple, but when you are tweeting and involved in social networking, it is not something that you would normally do. With the increase in social networking sites, maybe it is something that people should do!

My twitter: Candace_OLBooks. Also check out The Little Book of Identity Theft at   http://www.ourlittlebooks.com/educational.html.