I asked Scott Mitic, CEO of TrustedID some questions about identify theft. TrustedID is a company specializing in helping companies not be a target of identify theft attacks, and helping them mitigate damages from a breach in security leading to identify theft.
It appears that identify theft (the awareness of it) goes and comes. Is it always a threat or is it a “seasonal” threat?
It does seem like we are hearing more about identity theft today than we have in the past and that’s because identity theft continues to grow and affect more people every day. Last year alone over 250 million identities were compromised. That’s almost every American adult in this country. While there seems like there are times when identity theft is more in the news than others, the threat exists everyday.
There are so many ways to have one’s identify stolen – ATM machines, web sites, email, postal mail and more. How can one keep up?
It’s becoming increasingly difficult for individuals to not only keep up but stay ahead. Identity thieves are becoming much more sophisticated in their methods and unfortunately without a service that provides advanced protection using technology and sophisticated monitoring solutions it is very difficult to keep your identity safe on your own.
What are the figures on identity theft? How many identities stolen a year? How many from businesses?
There are over nine million identities reported stolen every year, or one every two seconds. The Identity Theft Resource Center, the country’s leading non-profit organization dedicated to identity theft prevention, estimates the cost to businesses due to identity theft in 2007 at $49 billion. In a report by the Center for Identity Management & Information Protection, 50% of the cases identity theft they studied could be tracked back to information lost by a business.
With many businesses working from their home offices, does this affect how secure or insecure a business is?
In many cases, your identity is as secure as the places where you store it. If your home office is well-organized – important information locked up, limited access by people other than you, and passwords to protect your computer – you may be just as safe as you would be working in a more formal office environment. If, on the other hand, you share a computer at home with kids who download software (and possible malware), your financial information gets spread across tables in reach of babysitters or housecleaners, and you don’t own a home shredder, you could be putting yourself and your business at significant risk.
If one has their identity stolen what should one do?
As a first step, place fraud alerts on you personal credit reports, to give you and your business extra protection against a thief opening new credit accounts in your name. Immediately notify any institutions impacted by the theft you are a victim. Contact law enforcement if the crime results in losses greater than $500 in value, so they can provide you with a police report. This documentation may be important later as you try to restore your identity to good standing.
Is all identity theft equal? Meaning – are some thefts not as bad as others?
Like most crimes, identity theft comes in many different levels of intensity. On one side of spectrum is simple credit card fraud which can usually be resolved with a quick telephone call to your financial institution. At the other extreme, child identity theft can often go on for years undetected and involve the IRS, banks and employers. Resolving these complex forms of the crime can consume hundreds of hours and stretch over years.
How can I reduce the risk of my company suffering a data breach, in which information about my customers or employees is compromised?
1. Collect only information you need from your customers. The more information you store, the more information a thief can steal, the higher your costs of secure storage, and the greater potential liability if the information is compromised.
3. Create policies to limit access to sensitive information to trustworthy employees who have a valid business reason to access that data. And even if you consider them to be trustworthy, err on the side of caution and require background checks and drug tests every 12 months.
4. Secure your physical workplace by locking mailboxes, desks, file cabinets, computers, and anything that might contain valuable information. Many identity thieves steal information directly from offices and take advantage of any unsecured access point. Require all employees to lock office doors every night. Install video cameras in the office to monitor nighttime activity.
5. Properly dispose of information when you no longer need it. Use a shredder for all paper documents and make sure electronic files are completely destroyed. If your office disposes of large amounts of sensitive information, hire a trustworthy, outside company to do your shredding for you.