About csid-root-admin

This author has not yet filled in any details.
So far csid-root-admin has created 9 blog entries.

Calculate Your Business’ Data Risk & Restoration Costs

By | August 29th, 2011|Uncategorized|

By John Sileo, [cc id=’csid’] consumer security expert

Businesses everywhere are under assault. Thieves want to access your customer databases, employee records, intellectual property and ultimately your bottom line. More than 80% of businesses surveyed have already experienced at least one breach.

Combine this with the average cost to repair data loss—a stunning $7.2 million per incident—and you have a profit-driven mandate to change the way you protect information inside of your organization.

Let’s do the math. Here is a quick ROI formula for your risk:

  1. Add up the total number of customer, employee and vendor database records you collect that contain a name, address, email, credit card number, SSN, Tax ID Number, phone number, address, or PIN.
  2. Multiply that number by $250, a conservative average of the per-record cost of lost data.
  3. The result? The projected cost to restore your business’ lost data.

So, if you have identifying information for 10,000 individuals, your out-of-pocket expenses, including breach recovery, notification, lawsuits, etc., are estimated at $2.5 million even if you don’t lose a SSN or TIN. And that cost doesn’t necessarily factor in the public relations and stock value damage done when you make headlines in the papers.

There are solutions, however, to minimize these costs. Invest in risk management solutions or take precautions with a high return. See my 7 Steps to Secure Profitable Business Data for ideas.

Statistics according to the Ponemon Institute

[cm id=’john-sileo-bio’]

7 Steps to Secure Profitable Business Data (Part III)

By | July 10th, 2011|Uncategorized|

By John Sileo, [cc id=’csid’] consumer security expert

In Part II of this series, we started getting on our way in the technological side of protecting our business’ data. Once you go through with the remaining three steps, you should feel confident in the measures you took to secure your business.

5. Don’t let your mobile data walk away. Mobility, consequently, is a double-edged sword (convenience and confidentiality); 36-50% of all major data breaches originate with the loss of a laptop or mobile computing device.

Strategy: Hire a security professional to implement strong passwords, whole disk encryption and remote data-wiping capabilities for your laptop. Set your screen saver to engage after 5 minutes of inactivity, and set a password for re-entry. Finally, lock your goldmine of data down when you aren’t using it—Store it in a hotel room safe when traveling, or lock it in a private office after work. Physical security is the most overlooked, most effective form of protection.

6. Spend a day in your dumpster. You have probably already purchased at least one shredder to destroy sensitive documents before they are thrown out—but you probably don’t use it regularly.

Strategy: Take a day to pretend that you are your fiercest competitor, and sort through all of the trash going out your door. Search for sensitive documents. Do you find old invoices, employee records, bank statements and other compromising papers? Parading these documents before your staff is a great way to drive your point home. Occasional “dumpster audits” will inspire your employees think twice about failing to shred the next document.

7. Anticipate the clouds. Cloud computing is quickly becoming a major threat to the security of organizational data. Whether an employee is posting sensitive corporate info on their Facebook page or you are storing customer data in a poorly protected, noncompliant server farm, you will ultimately be held responsible when that data is breached.

Strategy: Evaluate your business’ use of cloud computing by asking these questions:

  • Do you understand the cloud service provider’s privacy policy?
  • Do you agree to transfer ownership or control of rights in any way when you accept the provider’s terms of service (which you do every time you log into the service)?
  • What happens if the cloud provider goes out of business or is bought out?
  • Is your data stored locally, or in another country that would be interested in stealing your secrets?
  • Are you violating any compliance laws by hosting customer data on servers that you don’t own, and ultimately, don’t control? (If you are bound by HIPAA, SOX, GLB, Red Flags or other forms of legislation, you might be pushing the edges of compliance.)

This is a cost-effective, incremental process of making your business a less attractive target. Remember, the process doesn’t start working until you do; so take these simple steps, including those in Part I and Part II, to starve data thieves of the information they literally take to the bank, and secure your business.

[cm id=’john-sileo-bio’]

Medical Identity Theft in 2011 (Part III)

By | June 12th, 2011|Uncategorized|

Adam Kennedy – [cc id=’csid’] Restoration Supervisor; Certified Identity Theft Risk Management Specialist

 Medical Identity Theft is a hot topic in the ID theft industry due to the severity of the consequences involved in this type of fraud. For that reason, I have been writing this series to inform you of how medical identity theft occurs and how medical information can be used fraudulently. This final part of the series will walk you through some steps to prevent medical identity theft.


What Preventative measures can I take to avoid Medical Identity Theft?

  1. Check your explanation of benefits: This is the number one way to catch the identity theft before it damages your credit and insurance.  You should request a copy every month from your insurer. Be sure they include the doctors you have actually seen and the treatments you have actually received. If you don’t recognize something on the bill, call your insurer immediately.
  2. Get an annual statement: You can request from your insurer an annual statement listing all benefits paid out under your policy for the past year. Some insurers give you access to this information online. Check it often for any irregularities. The sooner you catch a medical identity thief, the better it will be for you. You’ll also have less of a mess to clean up.
  3. Trust your instincts: If you think you might be a victim of medical ID fraud, get a copy of your records from your doctor, hospital, pharmacy and laboratory so you’ll have the proof you need about your actual medical identity and can use it to prove the fraud. You must clean up those fraudulent records to be sure you aren’t treated inappropriately, especially in an emergency situation where information about the medical thief may be used to treat you with the wrong blood or drugs.
  4. Check your credit reports: Always check your credit reports every 3 months to ensure the accuracy of your information with the three major credit reporting agencies — TransUnion, Equifax and Experian. You are entitled to one free copy a year from each of the three bureaus at annualcreditreport.com. I recommend you order from one bureau about every 4 months; for example: in January order Experian, in May order Trans-Union, and in September order Equifax. Look for billings from medical doctors, clinics or other medical facilities that you did not use. Report the fraud to the credit reporting agencies and ask that a fraud alert be put on your credit file.
  5. Correct your information: Any false medical reports should be corrected as soon as possible. Check with your physician, local hospitals, medical labs and any other medical facility you frequent to be sure they don’t have any inaccurate information.

The main concern for the future of medical insurance theft is the lack of security in place for victims of fraud. Unlike Credit bureaus and the IRS, the medical insurance companies do not have fraud alerts or security flags that can be placed on the account once Identity theft has occurred. Knowing there is no repercussions (as getting caught hardly ever occurs); identity thieves are able to collect claim after claim and can do so for several years without being acknowledged. With no protection in place it is up to each of us to safeguard our own identities. By checking your medical records regularly and joining the right credit monitoring protection you can avoid the hardships identity theft can have on your credit, career, and life.

Top 7 Tips to Prevent Identity Theft (Part I)

By | May 28th, 2011|Uncategorized|

By John Sileo, [cc id=’csid’] consumer security expert

Step one of my 7 Steps to Secure Profitable Business Data is to “Start with the humans.” It is crucial to the success of your business’ security efforts that you give your employees the tools to protect themselves personally from identity theft. This develops a privacy language and framework that can be easily adapted to business security.

Pass on the following tips to your employees—seven easy measures to help prevent personal identity theft:

1. Monitor Your Accounts Online

One of the quickest ways to detect identity theft is to monitor your credit card, bank and brokerage accounts online. By doing so, you speed up the detection time and shut down fraud before it becomes a major problem. You can do this either by logging on to the website for the financial provider in question (e.g., your bank), or by setting up automatic account alerts that warn you by email or text message anytime a transaction occurs on your account.

For example, if you have credit card account alerts set up to notify you by email, and you receive an alert that $1 has been spent at a gas station when you haven’t been to a gas station that day, you know that your card has been compromised. Thus, you can shut it down immediately before you become liable for the fraud. Alerts are a painless, immediate way to keep tabs on your financial health.

2. Use Surveillance to Monitor Your Identity

Only about 25% of identity theft can be caught by monitoring credit reports, but there are more sophisticated identity theft monitoring and protection services in the marketplace. I have used [cc id=’csid’] for the past five years because of the quality and volume of monitoring they provide, the convenience of their service and the safety of their data centers.

The product automatically monitors all of the potential sources of identity theft so I don’t have to do it myself. I receive a monthly email letting me know if there are any areas that I should be concerned about. That way, I only have to think about it when necessary. Again, convenience is crucial—If we make it easy to be safe, we will be safe!

You should expect to spend approximately $150 per year for a good service. Keep in mind this is likely less than you spend to insure your car and home, which are worth far less than your identity.

3. Opt Out of Financial Junk Mail

There are complete industries built around collecting, massaging and selling your identity data and habits. Companies buy bits of your privacy so that they can knowledgeably market products to you that you are likely to purchase.

“Pre-Approved” credit card offers, for example, are major sources of identity theft. They give thieves an easy way to set up credit card accounts in your name without your consent. The thieves then spend money on the card, leaving you with the mess purchases that you didn’t make.

The solution is to “opt out” of receiving financial junk mail such as pre-approved credit, home loan and insurance offers. Notify organizations that collect your personal information to stop sharing it with other organizations. This minimizes the amount of your personal information bought and sold on the data market.

To easily opt out of pre-approved credit offers with the three main credit reporting bureaus, call 1-888-567-8688 or visit www.OptOutPreScreen.com.

Have your employees begin to conquer these initial tasks—completing the tasks will help your them understand identity security and be ready to take on the remaining four tips, coming soon.

[cm id=’john-sileo-bio’]

Medical Identity Theft in 2011 (Part 2)

By | April 20th, 2011|Uncategorized|

Adam Kennedy – [cc id=’csid’] Restoration Supervisor; Certified Identity Theft Risk Management Specialist

I recently began a series covering the severity of medical identity theft. In Part II of this series, I am going to cover some of the ways Identity Thieves are using medical information to commit fraud and put both your health and financial identity at risk.

What are the ways an Identity Thief can use my Medical information?

  1. Reporting false claims: The most common use is reporting false treatment claims to your medical insurance provider.  Often the false reporting is from doctors or other medical personnel who are familiar with the billing system. The theft is usually hidden in large electronic payment systems in widely dispersed databases of medical files.
  2. Getting free treatment: Medical ID thieves who don’t have their own health coverage can use your identity to get free medical treatment based on your policy. They sign into a hospital or clinic using your identity and your policy receives the bills. At the same time, the thief is providing medical history information of their own, which may conflict with yours – such as allergies – altering your medical records in a potentially fatal manner.
  3. Cashing in on Fake Clinics: The profound amount of money being collected from medical identity theft has drawn in much attention from organized crime rings looking to cash in on what they consider the un-traceable crime. The National Insurance Crime Bureau reports that insurance fraud costs the insurance industry an estimated $30 billion each year. Organized theft rings will buy doctor’s stolen information on the black market and use them to set up fake clinics all over the nation. Once the fake clinic is set up with the doctor’s medical license number they can now claim several thousand dollars worth of x-ray machines, profile scanners, wheelchairs, prosthetics, lab-work, etc. and be reimbursed for medical equipment they never had to begin with.

What many do not know is that medical claims in collections are reported to your credit profile, dramatically reducing you credit FICO Scores. The severity of the drop can increase your interest rates and raise your mortgage and auto premiums to alarming heights. In a time of economic hardship, most employers are pulling credit checks before hiring a prospective employee. The damaging effect to your credit profile could potentially deny you a job in a time of need. This can also lead to your medical insurance being maxed out by fraudulent claims and the possibility of being denied treatment in the case of an emergency.

7 Steps to Secure Profitable Business Data (Part II)

By | April 1st, 2011|Uncategorized|

By John Sileo, [cc id=’csid’] consumer security expert

In the first part of this article series, we discussed the first two steps of securing your business data, which focus on resolving the underlying human issues behind data theft. The remaining five will help you begin protecting the technological weaknesses common to many businesses—take on the next two:

3. Stop broadcasting your digital data. There are two main sources of wireless data leakage: 1) the weakly encrypted wireless router in your office and 2) the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Both connections are constantly sniffed for unencrypted data being sent from your computer to the web.


1) Have a security professional configure the wireless router in your office to utilize WPA-2 encryption or better, implement MAC-specific addressing, mask your SSID, and do a thorough security audit of your network. You will never be sorry for investing the additional money in cyber security.

2) To protect your data while surfing on the road, set up wireless tethering with your mobile phone provider (Verizon, Sprint, AT&T, T-Mobile) and avoid using free or fee hot spots. Data criminals can easily “sniff” the data you send across these free connections.

4. Eliminate the inside spy. Most businesses don’t perform background checks when hiring new employees, yet much of the worst data theft ends up resulting from “inside jobs.” Not surprisingly, the number one predictor of future theft by an employee is past theft—most employees who are dishonest now were also dishonest in the past, which may be why they have moved on from former employers.

Strategy: Invest in a comprehensive background check before you hire, and follow up on the prospect’s references. Investigating someone’s background will give you the knowledge necessary to let your gut-level instinct go to work. In addition, letting your prospective hire know in advance that you will be performing a comprehensive background check will discourage dishonest applicants from pursuing the job.

Stay tuned for Part III of this series. Soon you’ll have a more secure system in place and can rest easier about the safety of your data.

[cm id=’john-sileo-bio’]

Medical Identity Theft in 2011 (Part 1)

By | March 26th, 2011|Uncategorized|

Adam Kennedy – [cc id=’csid’] Restoration Supervisor; Certified Identity Theft Risk Management Specialist

By now you’ve heard horror stories involving individuals’ credit scores being ruined by financial identity theft, ads on the television for credit monitoring protection, and you may have experienced identity theft in your own home.  While financial identity theft continues to receive ample coverage in the news today, a more dangerous, sometimes fatal, form of theft lurks in its shadows unnoticed: Medical Identity Theft (MIT).

Imagine being rushed to the hospital for a critical treatment and receiving the wrong blood type. Even going in for a common cold and being prescribed a drug you are fatally allergic to. When an identity thief uses your Identity, incorrect information such as treatments, dosages, allergies, and even blood type are being documented in your medical profile for future visits.   As many as 500,000 Americans have been victims of medical identify theft, according to the World Privacy Forum. With the amount of medical identity theft in 2010, it is important to understand how it happens, in which ways it’s used, and what precautionary measures you can take to avoid it. In Part I of this blog series, I will cover the methods identity thieves use to steal medical information. In Part II, you will find information on the ways identity thieves use your medical information. Part III will then discuss the preventive measures you can take to avoid MIT.

How do identity thieves steal my medical information?

Although there are several ways an ID thief can steal from you, the most common method is by hacking into the medical records held by the mainframe computer of hospitals. A medical clinic in Weston, Florida was breached when a front desk clerk downloaded medical records of more than one thousand patients and made $2.8 million in false medical claims.  There have also been many cases of employees and burglars stealing computers from the hospital that contain medical records. In California, the San Jose Medical Group experienced one of the largest breaches in history in which 185,000 records were stolen from two Dell computers overnight.

7 Steps to Secure Profitable Business Data (Part I)

By | February 15th, 2011|Uncategorized|

By John Sileo, [cc id=’csid’] consumer security expert

Everybody wants your data. Why? Because it’s profitable, it’s relatively easy to access and the resulting crime is almost impossible to trace.

Take, for example, the 100+ million customer records have been breached in the past months. Sony PlayStation Network, Citigroup, Epsilon, RSA, Lockheed have faced billions in recovery and reputation damage costs.

To minimize recovery costs, you must minimize risk and secure your business data. Take the following steps in this three-part series and you’ll be well on your way.

1.  Start with the humans.
Companies often only approach data privacy from the perspective of the company. This is a costly data security mistake, as it ignores a crucial reality: All privacy is personal. You employees will only care about data security or property protection when they understand their direct involvement.

Start with the personal and expand into the professional. Give your employees the tools to protect themselves personally from identity theft. In addition to showing them that you care, you are developing a privacy language and framework that can be easily adapted to business. Once your employees understand the security framework from a personal standpoint, it’s a short leap to apply that to your business security.

2.  Immunize against social engineering.
The root cause of most data loss is not based on technology; it is based on human beings who make costly miscalculations out of fear, confusion, bribery and a sense of urgency. Data thieves can manipulate information out of your employees by pushing these buttons.

Immunize your workforce against such social engineering. Train them to do the following when asked for information:

  • Utilize professional skepticism. Automatically assume that the requestor is a spy of some sort.
  • Take control of the situation. If you didn’t initiate the transfer of information, stop and think before you share.
  • Expose fraud. During this moment of hesitation, ask a series of aggressive questions aimed at exposing fraud.

When doing this type of training, whether it is for the Department of Defense, a Fortune 50 or a small business, try making a game out of it—make it interesting, interactive and fun, as that is how people learn best.

While these first two steps are not what you might traditionally associate with data security, they have everything to do with human behavior. You must begin with the human factor, with core motivations and risky habits, to increase the success of your privacy initiatives. You need to build a coalition; you need to instill a culture of privacy, one security brick at a time.

Look out for Part II and Part III of the 7 Steps to Secure Profitable Business Data to round out your business security efforts.

[cm id=’john-sileo-bio’]

John Sileo – Privacy and Identity Theft Expert

By | September 12th, 2010|Uncategorized|

John Sileo’s identity was stolen out of his corporation and used to commit a series of crimes, including $300,000 worth of digital embezzlement. While the data thief (an “internal spy”) operated behind the safety of John’s identity, John and his business were held legally and financially responsible for the felonies committed. Ultimately, the data breach destroyed John’s corporation and consumed two years of his life as he fought to stay out of jail. But John chose to fight back and speak out.

Emerging from this crisis, John became a professional speaker on identity theft protection and corporate data privacy, teaching audiences to bulletproof their bottom line against data breach. John is a contributing writer for CSIdentity’s blog, among many others, and his book, “Stolen Lives: Identity Theft Prevention Made Simple“, has won several awards.

For more information on John Sileo and identity theft protection, please visit www.thinklikeaspy.com.

Load More Posts