Identity theft has reached an all time high. According to a 2011 Breach Report from the Identity Theft Resource Center, 22,918,441 data records were stolen in the U.S. last year. Roughly 16% of those fallen victim were subcontractors. It’s worth noting that Verizon’s 2011 data breach investigation report states that 96% of the breaches were avoidable thorough simple or intermediate controls. Why not make 2012 your most secure year? You can take some fairly simple precautions to protect yourself and your business from dumpster divers, hacksters and almighty cons.
Although the old rules for your personal security still apply, new technology dictates additional precautions you can easily implement. Be sure all of your devices are protected, your computer as well as your smart phone and tablet.
Your social security number is the single most important piece of data to protect; much harm can be done when it is stolen. Keep your social security number very private, don’t use debit cards (they make your money immediately accessible and therefore more difficult to recover), use strong passwords, and load antivirus and anti-spyware programs on your computers. I found out my identity had been stolen because the perpetrator only had my birth month and year and had guessed the day wrong, which flagged the credit card company that called me to verify. This points to the importance of not giving out your full birth date.
Whereas identity theft and business fraud used to be separate crimes, the proliferation of smart phones has changed the landscape and morphed the two security issues together. Smart phones contain sensitive personal information. Business information also is often accessible through a smart phone. Some phones can even connect directly to corporate servers, banking and employee records. Tablets aren't immune. An iPad has as much or maybe more information than a laptop, but is it as secure? Be sure all of your devices are protected with a screen lock and a strong password.
It’s unfortunate that so many people still think of mobile devices simply as phones. A thief with access to your mobile device might as well take your work computer and network server and plug it in at his home to violate at his leisure. Contractors have even more problems than the average user. Is your proprietary bid data at risk from a smart phone or tablet? Can someone get in and change, steal or delete your electronic drawings?
The first step to securing your mobile device is to use a lock code. Go to your settings/security to set up a screen lock. On a Droid you can choose to use a pin, a password or draw a pattern. Whatever code you use, take the time to create one that is not obvious. Everyone should be doing this. The inconvenience of dealing with your lock code doesn't amount to a hill of beans when compared to what you'll have to go through to reverse identity theft or fraud. It took me two years to regain my identity.
Many phones that connect to corporate servers can be wiped clean by the server if missing. Is this enabled on your device? The Apple devices and some others give you the option of more than a four number password. You can even set it to wipe your device if you have 10 wrong password tries.
Passwords have become a major problem. With so many different accounts, many people use the same password for various things—a big mistake.
For business accounts, using a separate, unique password for each major service — and making sure that none of these passwords are the same as those associated with personal accounts — is essential.
One solution is to use a password encryption program. These applications help you manage your accounts with user names, passwords, and notes directly on your mobile phone in a secure way. You won’t have to remember which password you use for which account. You can put all your accounts in one database, which is locked with one master password. This master password needs to be a very strong one because it unlocks the entire database.
The accounts in database are encrypted using an encryption algorithm. There are a multitude of programs for password encryption and management.
I personally don’t like the idea of storing all my passwords in the cloud — encrypted or not. One encryption company was recently hacked — making millions of passwords available to the perpetrator. I still prefer to list all my passwords in a document offline, then encrypt that document and keep a backup in a locked and secret location. Your computer may have its own encryption program, so you don’t have to buy one. Mac has its keychain, which encrypts your passwords. However, if you don’t go into your browser preferences and turn off the “autofill” option, those passwords aren’t really secure. There are tutorials on You Tube that show you how to encrypt files safely on a Mac. On my PC, Word has its own encryption facility.
Nothing is going to be foolproof. You need to take the action that makes the most sense for you and your business, and then stop worrying. Take an hour or two to research these applications and make your choice carefully. Some are online, some are offline software, and some offer a combination of the two. Here are two articles that will help you choose:
- To read “Best Free Web Form Filler and Password Manager” go to: http://www.techsupportalert.com/best-free-web-form-filler-password-manager.htm.
- To read “How to Protect Your Company’s Passwords” go to: http://mashable.com/2011/07/01/protect-company-passwords/. In this article you will read about why it is a good idea to use HTTPS website logins.
What to do now
So you may be wondering what you should do right now to protect your business. Here are 20 actions you can take this week:
- Set up a screen lock for every device.
- Use password encryption and use a unique password for every account.
- Use https:// login when available on websites.
- Install and run antivirus and antispyware programs regularly.
- Don’t give out your full social security number, birthdate or mother’s maiden name. In rare instances when your social security number is necessary, ask how they will protect it.
- Contact all accounts which have your mother’s maiden name (bank, credit cards) and give them a different one that you remember.
- Use a shredder that crosscuts your sensitive documents.
- Don’t leave sensitive information-containing mail in your mailbox. Don’t leave outgoing bills in the box for pickup.
- Use a credit card rather than a debit card.
- Don't tell your computer to remember passwords when prompted.
- Do not put account numbers on checks when paying bills. Use last four digits if anything.
- Keep all banking files, credit cards and other sensitive information locked up. Include a list of the 800-numbers of all your credit cards. If you are backing up your business data on an external hard drive, keep that locked up too.
- If you receive packages you didn’t order call the company that sent the packages.
- If you receive phone calls from creditors you don’t know, don’t give out personal information and make your own calls to follow up.
- Get State ID cards for non-drivers. This protects your kids from false IDs being made in their names.
- Don’t carry your social security number on you. Be aware that some other forms of ID contain this number (insurance cards, Medicare cards, veterans IDs, driver’s licenses).
- Be careful of people looking over your shoulder or taking pictures with a camera phone.
- Cover the keypad when entering ATM or other codes.
- Never give sensitive information to someone that calls you. You should initiate the call.
- Don’t enter online contests.
Schedule a meeting with your employees to share this information. Not only will your business be more secure, you will be helping your employees to protect themselves and their families. It’s pointless to spend your time worrying about the possibility of being defrauded — but if you take appropriate actions to protect your business, you can move forward to more productive enterprises.
To learn more about fraud and identity theft visit the following websites:
- U.S. Dept. of Justice Fraud Site http://www.justice.gov/criminal/fraud/
- Federal Trade Commission’s Identity Theft http://www.ftc.gov/bcp/menus/consumer/data/idt.shtm
- USPS Postal Inspectors Fraud Site https://postalinspectors.uspis.gov/investigations/MailFraud/fraudschemes/mailtheft/IdentityTheft.aspx.
Since his identity was stolen in 2003, Daniel Bulley has volunteered as an advocate with the Identity Theft Resource Center. As vice president of the MCA Chicago, Bulley is passionate about helping contractors take the steps necessary to protect themselves and their businesses from fraud. For more information on fraud and identity theft visit: http://www.idtheftcenter.org/index.html.