Protect Your Taxes From Prying & Spying Eyes

By | March 2nd, 2012|Uncategorized|

The IRS admittedly has little control over protecting your tax returns against identity theft. The problem is too big, the data too widely available, prevention too rarely attended to until it’s already too late. Your tax returns are the Holy Grail of identity theft because they contain virtually every piece of information a fraudster needs to BECOME you. But you don’t have to be a victim; you simply need to take responsibility for what is rightfully yours – your tax return information and your identity. The changes aren’t difficult, they simply require you read through this document so that you recognize the risks. Once that’s done, you simply avoid the highest-risk behaviors.

Here is a comprehensive list of frauds, scams and high risk tax-time practices.

Top Tips for Tax Time Identity Theft Protection
Your greatest risk of identity theft during tax season comes from your tax preparer (if you use one) either because they are dishonest (less likely) or because they are careless with your sensitive documents (more likely). Just walk into a tax-preparers office on April 1 and ask yourself how easy it would be to walk off with a few client folders containing mounds of profitable identity. The devil is in the disorganization. Effective Solutions:

  • Choose your preparer wisely. How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Do they have an established record and are they recommended by the Better Business Bureau?
  • Interview your preparer before you turn over sensitive information. Ask them exactly how they protect your privacy (do they have a privacy policy?). Are they meeting with you in a room full of client files, or do they take you to a neutral, data-free, conference room or office? Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the next section?
  • Asking professional tax preparers these questions sends them a message that you are watching! Identity thieves tend to stay away from people they know are actively monitoring for fraud. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood.
  • Make sure you always (not just at tax time) pay with security checks like those provided by Deluxe.

Secure Computers. Last year, more than 80 million Americans filed their tax returns electronically. To prevent electronic identity theft, you must take the necessary steps to protect your computer, network and wireless connection. Additionally, your tax preparer should be working only on a secured computer, network and internet connection. Hire a professional to implement the following security measures:

  • Strong alpha-numeric passwords that keep strangers out of your system
  • Anti-virus and anti-spyware software configured with automatic updates
  • Encrypted hard drives or folders (especially for your tax preparer)
  • Automatic operating system updates and security patches
  • An encrypted wireless network protection
  • A firewall between your computer and the internet
  • Remove all file-sharing programs from your computer (Limewire, Napster, etc.)

Even though you use a strong password to protect your data file when e-filing, burn the file to a CD or flash drive once you’ve filed. Remove the personal information from the hard drive. Store the backup in a lock box or safe.
Private information should be transmitted by phone using your cell or land line (don’t use cordless phones). In addition, never email your private information to anyone unless you are totally confident that you are using encrypted email. This is a rarity, so don’t assume you have it. In a pinch, you can email password protected PDF documents, though these are relatively easy to hack.

Stop Falling for IRS Scams. We have a heightened response mechanism during tax season; we don’t want to raise any red flags with the IRS, so we tend to give our personal information without much thought. We are primed to be socially engineered. Here’s how to combat the problem:

  • Make your default answer, “No”. When someone asks for your Social Security Number or other identifying information, refuse until you are completely comfortable that they are legitimate. Verify their credentials by calling them back on a published number for the IRS.
  • If someone promises you (by phone, fax, mail, or in person) to drastically reduce your tax bill or speed up your tax return, don’t believe them until you have done your homework (call the IRS directly if you have to). These schemes flourish when the government issues economic stimulus checks and IRS refunds.
  • If anyone asks you for information in order to send you your check, they are scamming for your identity. The IRS already knows where you live (and where to send your rebate)! By the way, the IRS will NEVER email you for any reason (e.g., promising a refund, requesting information, threatening you).
  • To learn more about IRS scams, visit the only legitimate IRS website. If you are hit by an IRS scam, contact the IRS’s Taxpayer Advocate Service.
  • If your tax records are not currently affected by identity theft, but you believe you may be at risk due to a lost wallet, questionable credit card activity, or credit report, you need to provide the IRS with proof of your identity. You should submit a copy of your valid government-issued identification, such as a Social Security card, driver’s license or passport, along with a copy of a police report and/or a completed IRS Form 14039, Identity Theft Affidavit, which should be faxed to the IRS at 978-684-4542. Please be sure to write clearly.
  • As an option, you can also contact the IRS Identity Protection Specialized Unit, toll-free at 800-908-4490. IPSU hours of Operation: Monday – Friday, 7:00 a.m. – 7:00 p.m. your local time (Alaska & Hawaii follow Pacific Time).
  • If you have information about the identity thief that impacted your personal information negatively, file an online complaint with the Internet Crime Complaint Center.  The IC3 gives victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. IC3 sends every complaint to one or more law enforcement or regulatory agencies that have jurisdiction over the matter.
  • Subscribe to an identity theft detection, protection and resolution product like CSID.

Mail Safely. A good deal of identity theft takes place while tax documents or supporting material are being sent through the mail. If you are sending your tax return through the mail, follow these steps:

  • Walk the envelope inside of the post office and hand it to an employee. Too much mail is stolen out of the blue USPS mailboxes and driveway mailboxes that we use for everything else to make them safe.
  • Send your return by certified mail so that you know it has arrived safely. This sends a message to each mail carrier that they had better provide extra protection to the document they are carrying.
  • Consider filing electronically so that you take mail out of the equation. Make sure that you have a well-protected computer (discussed above).

Shred and Store Safely. Any copies of tax documents that you no longer need can be shredded using a confetti shredder. Store all tax records, documents and related materials in a secure fire safe. I recommend spending the extra money to have your safe bolted into your home so that a thief can’t walk away with your entire identity portfolio. Make sure that your tax provider appropriately destroys and locks up any lingering pieces of your identity as well. Tax returns provide more of your private information in a single place than almost any other document in our lives. Don’t waste your tax refund recovering from this crime.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach), or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

IRS Overwhelmed by Tax Related Identity Theft

By | February 7th, 2012|Uncategorized|

By John Sileo, CSID consumer security expert

It’s nerve racking to realize that the IRS increasingly struggles to control taxpayer identity theft. Since 2008, the IRS has identified 470,000 incidents of identity theft affecting more than 390,000 taxpayers. “Victims of tax-related identity theft are the casualties of a system ill-equipped to deal with the growing proficiency and sophistication of today’s tax scam artists” said  Sen. Bill Nelson, who chairs the newly formed Subcommittee on Fiscal Responsibility and Economic Growth.

Identity theft harms innocent taxpayers through (1) employment and (2) refund fraud, according to the GAO. In refund fraud, an identity thief uses a taxpayer’s name and Social Security number to file for a tax refund, which the IRS discovers after the legitimate taxpayer files. In the meantime, the victim is out the money due her, causing Sharon Hawa of the Bronx, N.Y. to take on a second job. Ms. Hawa testified before the Subcommittee, describing how she had become an ID theft victim for the second time in three years (the first in 2009) after thieves twice filed tax returns in her name and received her tax refunds. Painstakingly proving her identity to the IRS, time after time over a 14-month period, was only a small part of the stress and utter frustration in the first fraud.  And  then, as if that trauma hadn’t sufficiently wreaked havoc in Ms. Hawa’s life, it happened a second time.

In employment fraud, an identity thief uses a taxpayer’s name and SSN to obtain a job. When the thief’s employer reports income to the IRS, the taxpayer appears to have unreported income on his or her return, leading to enforcement action. Think of your stress level when you open that envelope from the IRS demanding taxes for money you didn’t earn and don’t have!

The GAO states that the IRS’s ability to address identity theft issues is constrained by several factors, one being that privacy laws limit the sharing of ID theft information with other agencies. Another problem is the timing of fraud detection efforts; more than a year may have passed since the original fraud occurred.  The resources necessary to pursue the large volume of potential criminal refund and employment fraud cases are another constraint.

It’s imperative that we taxpayers take responsibility and implement the steps necessary to protect ourselves. There is very little that is more damaging and dangerous to your identity than losing your tax records. After all, tax records generally contain the most sensitive personally identifying information that you own, including Social Security Numbers (for you, your spouse and maybe even your kids), names, addresses, employers, net worth, etc. Because of this high concentration of sensitive data, tax time is like an all-you-can-eat buffet for identity thieves. Here are some of the dishes on which they greedily feed:

  • Tax documents exposed on your desk (home and work)
  • Private information that sits unprotected in your tax-preparer’s office
  • Improperly mailed, emailed and digitally transmitted or filed records
  • Photocopiers with hard drives that store a digital copy of your tax forms
  • Copies of sensitive documents that get thrown out without being shredded
  • Improperly stored and locked documents once your return is filed
  • Tax-time scams that take advantage of our propensity to do whatever the IRS says (even if it’s not really the IRS asking)

Your tax returns are the Holy Grail of identity theft because they contain virtually every piece of information a tax fraudster needs to BECOME you. But you don’t have to be a victim; you simply need to take responsibility for what is rightfully yours – your identity. Sileo.com has compiled a comprehensive list of tax time frauds, scams and prevention techniques.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach), or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Avoiding Social Spam on Facebook and Twitter

By | January 30th, 2012|Uncategorized|

By John Sileo, CSID consumer security expert

The post appears like it’s coming from a known friend. It’s enticing (“check out what our old high school friend does for a living now!”), feeds on your curiosity and good nature, begs you to click. A quick peek at the video, a chance to win a FREE iPad or to download a coupon, and presto, you’ve just infected your computer with malware (all the bad stuff that sends your private information to criminals and marketers). Sound like the spam email of days gone by? You’re right – spam has officially moved into the world of social media, and it’s like winning the lottery for cyber thugs.

What is Social Spam? Nothing more than junk posts on your social media sites luring you to click on links that download malicious software onto your computer or mobile device.

Social media (especially Facebook and Twitter) are under assault by social spam. Even Facebook cautions that the social spam volume is growing more rapidly than their user base. The spam-fighting teams at both Facebook and Twitter are growing rapidly. The previous handful of special engineers has seen the inclusion of lawyers, user-operations managers, risk analysts, spam-science programmers and account-abuse specialists. Spammers are following the growing market share, exploiting our web of social relationships. Most of us are ill-prepared to defend against such spam attacks. Here’s how social spam tends to work:

1. Malware infects your friend’s computer, smartphone or tablet, allowing the spammer to access their Facebook or Twitter account exactly as if the spammer were your friend.

2. The spammer posts a message on your friend’s Facebook or Twitter page offering a free iPad, amazing coupons or a video you can’t ignore.

3. You click on the link, photo, Like button (see Like-jacking below) or video and are taken to a website that requires you to click a second time to receive the coupon, video, etc. It’s this second click that kills you, as this is when you authorize the rogue site to download malware onto your computer (not a coupon or video).

4. The malware infects your computer just like it has your friend’s and starts the process all over again using your contacts, your wall and your profile to continue the fraud.

5. Eventually, the spammer has collected a massive database of information including email addresses, login information and valuable social relationship data that they can exploit in many ways. In the process, the malware may have given them access to other data on your computer like bank logins, personal information or sensitive files. In a highly disturbing growth of criminal activity, social malware can actually impersonate users, initiating one-on-one Facebook chat sessions without your consent.

“Like-jacking” involves convincing Facebook users to click on an image or a link that looks as if a friend has clicked the “Like” button, thereby recommending that you follow suit. If our friends Like it, why shouldn’t we. So we click and download in an almost automated response. The key is to interrupt this automatic reflex before we get stung.

Fighting social spam requires immense investments of time, which can mean lost productivity (and money). Gratefully, various company site-integrity teams watch trends in user activity to spot spam. Every day, Facebook says it blocks 200 million malicious actions, such as messages linking to malware. The company can’t prevent spam, but it’s diligently working to make it harder to create and use fake profiles.

But never count on someone else to protect what is yours. You must own up to your responsibility. Follow these 6 Steps to Minimize the Risks of Social Spam:

1. If the offer in the post is too enticing, too good to be true or too bad to be real, don’t click.

2. If you do click and aren’t taken directly to what you expected, make sure you don’t click a second time. This gives the spammer the ability to download malware to your system.

3. Don’t let hackers gain access to your account in the first place – use strong alpha-numberic-upper-lower case passwords that are different for every site and that you change frequently.

4. Remember, in a world where your friend’s accounts are pretty easily taken over, not all friends are who they say they are. Be judicious. If something they post is out of character, it might not be them writing the post. Call them and verify.

5. Don’t befriend strangers. Your ego wins, but you loose.

6. Make sure you have updated computer security: operating system patches, robust passwords, file encryption, security software, firewall and protected Wi-Fi connection.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach), or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Zappos Trust Gets Zapped – The Real Cost of Identity Theft

By | January 20th, 2012|Uncategorized|

By John Sileo, CSID consumer security expert

Let’s say you ordered winter boots for your spouse on Zappos.com (now part of Amazon), which has world-class customer service. You don’t really even shop the competition because someplace in your brain you already trust Zappos to deliver as they always have. Your unquestioned confidence in Zappos is worth a fortune.

And then hackers break in to a server in Kentucky this past weekend and steal private information on 24 million Zappos customers, including (if you are a customer) your name, email address, physical address, phone number, the last four digits of your credit card number and an encrypted version (thank goodness) of your password. Consequently, your junk email folder is overflowing (your email has been illicitly sold to marketing companies), you receive the doom-and-gloom breach notification from Zappos (just like I did), and suddenly, you don’t have quite the same confidence in this best-in-practice business any more. Your shaken confidence in Zappos costs them a fortune. For the foreseeable future, you will pause before using their website again.

“We’ve spent over 12 years building our reputation, brand, and trust with our customers,” Zappos CEO Tony Hsieh said in a note to employees Sunday. “It’s painful to see us take so many steps back due to a single incident.

In a smart move, Zappos reset the passwords for all affected accounts and notified victims on how to create a new password. But their efforts to recover customer trust are just beginning. Here are 5 Core Concepts of Trust that Zappos leadership should weave into their breach recovery process:

1. Ownership. Leadership at the company should take complete responsibility for the loss of data and not make excuses as to how it was someone else’s fault (remember the BP oil spill finger pointing?). The last thing victims need is to become more victimized by a corporate spin cycle that further erodes trust. Authentically respecting their customer base (which they do), even when it costs a few extra dollars to maintain, is a sound investment strategy.

2. Transparency. Zappos customers have the right to know exactly what was stolen and how it might be used. They deserve to know what the company knows and what law enforcement knows. Sharing their failure (as opposed to covering it up in any way, which they don’t seem to be doing) is a painful process with high short-term costs, but it is the first step in taking responsibility.

3. Expectation. Zappos needs to set customer and marketplace expectations early and often about how they will make it better. Forcing users to change passwords does little to ease fears that it will happen again. What tangible steps will they take to repay customers for the trouble they have caused and what measures will they implement to better protect users in the future?

4. Delivery. Zappos must deliver on the expectations they set with the victims, with the media and with the marketplace. False promises (pretending to implement better security but underfunding the budget) are cheap Band-Aids but only further infect the inflicted wounds when nothing actually changes. To regain trust, Zappos must set impressive expectations and deliver on them flawlessly

5. Competence. Zappos is not in the business of recovering from identity theft or data breach. They need to aid their legal department by bringing in breach mitigation and recovery experts. Saving a few dollars up front keeping the efforts in house will raise downstream recovery by multiples.

In the meantime, if you are a victim of the Zappos’ breach, begin with these steps:

• Immediately change your password according to Zappos emailed instructions

• Use an alpha-numeric-upper-lower-case password that has nothing to do with your personal life and can’t be found in a social networking profile or dictionary

• If you use the same password on other sites (webmail, financial), change those as well

• Implement identity theft monitoring services like those provided by CSID

• Monitor your credit profile for suspicious activity at AnnualCreditReport

• Don’t click the links in that email. Zappos is sending every one of its affected customers a warning e-mail. However, more often than not such “official” e-mails are from hackers (for example, “We’ve had a security problem. Please change your password.”). These fraudulent e-mails can be virtually indistinguishable from legitimate communications, including identical graphics, logos, and authentic looking return e-mail addresses. Instead of clicking, type the URL (in this case Zappos.com) directly into your address bar. If there’s an important notice on your account, you’ll find it there.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach), or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

iPad Vampires: 7 Simple Security Settings to Stop Data Suckers

By | January 18th, 2012|Uncategorized|

By John Sileo, CSID consumer security expert

Information is the currency and lifeblood of the modern economy and, unlike the industrial revolution, data doesn’t shut down at dinnertime. As a result, the trend is towards hyper-mobile computing – smartphones and tablets – that connect us to the Internet and a limitless transfusion of information 24-7. It is an addiction that employers encourage because it inevitably means that we are working after hours (scanning emails in bed rather than catching up with our spouse).

In the work we do to change the culture of privacy inside of organizations, we have discovered a dilemma: iPads are not as secure as other forms of computing and are leaking significant amounts of organizational data to corporate spies, data thieves and even competing economies (China, for example, which would dearly love to pirate the recipe for your secret sauce). Do corporations, then, sacrifice security for the sake of efficiency, privacy for the powerful touch screens that offer a jugular of sensitive information?

Of course not! That’d be like driving a race car minus seat belts and air bags.

iPads provide a competitive advantage, and like generations of tools before it (the cotton gin, the PC), individuals and organizations alike will be forced to learn how to operate this equipment safely or risk the bite of intellectual property vampires. Here are 7 Simple Steps to help you lock down your iPad much like you would your laptop.

7 Simple Security Settings for Your iPad

1. Turn on passcode lock. Your iPad is just as powerful as your laptop or desktop, so stop treating it like a glorified book. Your iPad is only encrypted when you enable the passcode feature.

2. Turn simple passcode to off. Why use only an easy to crack 4-digit passcode when you can implement a full-fledged alphanumeric password? If you can tap out short emails, why not spend 5 seconds on a proper password.

3. Require passcode immediately. It is slightly inconvenient and considerably more secure to have your iPad automatically lock up into passcode mode anytime you leave it alone for a few minutes.

4. Set auto lock to 2 minutes. Why give the table thief at your favorite café more time to modify your settings to his advantage (to keep it from locking) as he walks out the door with your bank logins, emails and kid pictures.

5. Turn erase data after 10 tries to on. Even the most sophisticated passcode-cracking software can’t get it done in 10 tries or less. This setting wipes out your data after too many failed attempts. Just make sure your kids don’t accidentally wipe out your iPad (forcing you to restore from your latest iTunes backup).

6. Use a password manager. Your passwords are only as affective as your ability to use them wisely (they need to be long and different for every site). Keeping your passwords in an unencrypted keychain or document is a recipe for complete financial disaster. Download a reputable password-protection app like 1Password to manage and protect any sensitive passwords, credit card numbers, software licenses, etc. Not only is it safe, it’s incredibly convenient and efficient.

7. Avoid untrustworthy apps. Not all applications are friendly. Despite Apple’s well-designed vetting process, there are still malicious apps that slip through the cracks to siphon data out of your device. If the app hasn’t been around for a while and if you haven’t read about it in a reputable journal (Macworld, Wall Street Journal, New York Times, etc.), don’t load it onto your system. Don’t jail-break your iPad to download apps outside of iTunes. Short-term gain equals long-term risk.

Believe it or not, these simple steps begin to give you a level of security that will discourage casual data vampires.

John Sileo, the award-winning author of Privacy Means Profit, delivers keynote speeches on identity theft, data security, social media exposure and weapons of influence. His clients include the Department of Defense, Pfizer, Homeland Security, Blue Cross, the FDIC and hundreds of corporations, organizations and associations of all sizes. Learn more at www.ThinkLikeASpy.com.

Tips for the Business Traveler: Part II

By | January 12th, 2012|Uncategorized|

By John Sileo, CSID consumer security expert

Identity theft rates skyrocket for travelers. As USA Today noted in a recent article about the topic:

Experts say business travelers are especially vulnerable because they increasingly rely on electronic devices that easily can be lost or hacked. Credant Technologies, a data-protection company, found that travelers have lost 11,000 mobile devices at the busiest U.S. airports this year, 37.5% of them laptops and 37.2% tablets or smartphones.

I recently outlined a number of tips to follow before leaving the office for business travel, such as back up all data on your devices and enable strong passwords. During your travels, though, is where the loss will occur. Stay smart and savvy while on the road—follow these tips to protect your identity and data while traveling:

Only use secure wireless connections: Avoid using free WiFi hotspots in cafes, airports and hotels to eliminate signal sniffing and wireless data theft. Make sure your IT department has enabled WEP wireless encryption on your device.

Lock it up: Most hotels have relatively secure safes in the rooms, so take advantage and lock up your devices when you do not have them by your side. If your laptop doesn’t fit in the safe, remove your hard drive from the device and lock it up. For an added level of protection, put the privacy sign on your hotel door handle at all times and opt out of hotel cleaning services.

Be smart: Use your common sense. Be careful with sensitive data and know where your devices are at all times (but do not leave your devices on a table or under the watch of a stranger at a conference or coffee shop.)

John Sileo, the award-winning author of Privacy Means Profit, delivers keynote speeches on identity theft, data security, social media exposure and weapons of influence. His clients include the Department of Defense, Pfizer, Homeland Security, Blue Cross, the FDIC and hundreds of corporations, organizations and associations of all sizes. Learn more at www.ThinkLikeASpy.com.

College Students Can Destroy Financial Future with Poor Choices

By | December 15th, 2011|Uncategorized|

By John Sileo, [cc id=’csid’] consumer security expert

College is the perfect period of life to begin sound financial practices including protecting privacy. Not only are college students vulnerable, but they are impressionable and well positioned to learn strong habits that will last them a lifetime. As students launch into independence, we, as parents, hope to give them the best tools possible to insure a bright future. One of the most vital tools is to establish healthy habits that will guard their financial and personal identities for the rest of their lives. People ages 18 -24 are the least able to spot identity theft according to the BBB. That age group needed more than four months to realize someone had damaged their credit history or used their identity. By taking a few precautions, a young adult can avoid the crushing job of trying to recover from having given away the keys to their financial future, which is especially overwhelming while navigating life away from home for the first time.

Identity thieves don’t care a whit if the student has a dime – they just want a clean financial record in order to commit crimes using their credit and future buying power. Unfortunately, thieves are often someone the student trusts: a friend, dorm mate, co-worker, or someone who poses as a sanctioned person on campus.  Identity thieves may use personal information to open credit card accounts, access financial accounts, rent an apartment or even commit larger cases of fraud, implicating the student. Here are some tips to get you and your student started down the road to protecting their financial future:

  • Have all sensitive mail sent to parents’ homes only. School mailboxes are not secure and are easily accessed in a dorm or apartment.
  • Store Social Security cards, passports, bank statements, credit card statements and other important documents in a small fire safe in their dorm.
  • As soon as you are done with any documents that have financial information (financial account statements, medical bills, insurance forms, charge receipts, university tuition payments), shred the documents rather than putting them in the trash in order to foil dumpster divers.
  • Set up account alerts with your credit card companies and banks to notify you via email whenever a transaction occurs. Because it is fresh in your mind, it takes only a few seconds to verify the transaction unlike weeks later when you try to recall each transaction while paying your bill or reconciling your bank statement.
  • Always check credit card bills and bank statements and question unknown purchases. The sooner you catch a breach, the less likely you’ll have complicated financial ramifications.
  • Limit the applications you load on your smartphone or tablet. Many of these apps siphon data off of your device back to unwanted companies and individuals.
  • Never loan a credit or debit card to anyone, even your best friend. Don’t co-sign a loan for a friend as you will be responsible for missed payments.
  • Date of birth is one of the key pieces of information that many companies use to confirm identity. Refrain from sharing your correct date of birth on Facebook or any place online. Friends who you want to know your birthday should learn that from you personally. Even putting only the month and day is risky as it’s pretty easy to ascertain the year based on your profile.
  • Use long passwords with a mix of letters, numbers and characters (e.g., &63DB4x%gX); According to Gibson Research, a password that is 10 characters is vastly harder to crack than one containing nine characters. If you need help remembering them, use a password protection program.
  • Update antivirus and spyware software on personal computers. Identity thieves rely on special programs, transferred to personal laptops and computers from numerous websites, to duplicate people’s passwords, user ID’s and bank account information.
  • Check credit reports for free three times a year at www.AnnualCreditReport.com. Request a report from a different credit union every four months and you’ve got the year covered.
  • Get off mailing lists for pre-approved credit offers, which are a goldmine for identity thieves. To opt out of financial junk mail, call 888-5-OPTOUT or visit www.OptOutPreScreeen.com to remove your name from national lists. Be prepared to provide your Social Security number (in this case, that is a risk worth taking).
  • Never click on links sent in unsolicited emails or postings on social media. In addition to installing malware on your computer, many of them are phishing schemes that trick you into entering your Social Security number, user name or account passwords.
  • Never give out financial or account information to unsolicited callers, even if they say they are from your bank (you are not in control of the call when it’s incoming).
  • Do not share phone numbers or list your residence hall names and/or floor number designations online – or anyplace. Identity thieves frequently show up on campus pretending to represent a legitimate company, possibly using the school’s logo or colors on the credit card. Once the scammers get students’ personal information, they can then use it themselves or sell it for a profit.

Heartily impress upon your students (and yourself!) to guard identity with a vengeance and save untold time and money attempting recovery. Doing so might be the most profitable education they receive.

[cm id=’john-sileo-bio’]

Tips for the Business Traveler: Part I

By | December 15th, 2011|Uncategorized|

By John Sileo, CSID consumer security expert

Data theft has serious implications for business travelers, including a high risk for identity theft. I have a personal experience with identity theft while traveling – it occurred during a trip to Orlando to, ironically, give a speech about avoiding identity theft. Read more about that experience in a recent USA Today article.

To protect your identity and data when traveling for business, consider following these tips before you leave the office:

Know the hot devices for theft: Laptops, smart phones and tablets.

Know where device theft occurs: Airports, hotel rooms, cars and cabs, commuter trains, conferences, off-site meetings, coffee shops, etc.

Leave it at home: Narrow down the amount of devices you bring on your trip. Leave any at home that you do not absolutely need. If you absolutely cannot leave your laptop, then…

Get a netbook for travel: Consider purchasing an inexpensive netbook (very small laptop) for travel, and only carry the files you need.

Encrypt your laptop hard drive: The data on your drive is no good if the thief can’t make any sense of it. For a very small investment you can install software on your laptop that makes it exceptionally difficult for a thief to access your private information. Encryption turns your data into a puzzle that only your password unlocks. If you are using a company laptop, check with your IT department to see if they can or have already done it for you.

Use strong passwords: Turn on password protection and lock your devices with strong alpha-numeric-symbol-upper-lower-case passwords. The longer the password, the better. Consider using a password protection program like 1Password, and avoid storing your passwords in an unsafe way (like in a spreadsheet or note on your device).

Back it up: Before you travel, back up all of your devices onto external hard drives, and secure the drives where you know they will go untouched (locked in a safe or filing cabinet in your office, locked in your home, etc.). This way, if anything happens to your data while traveling, you don’t have to worry about important files being lost. Also consider backing the files you need for your trip onto a thumb drive that you can keep with you at all times.

Carry less data: Take valuable files off your devices, and if your company uses an encrypted VPN connection, pull files off your corporate network once you are at your destination.

Enable remote tracking and wiping capabilities: There are various software applications for mobile devices that allow you to track and wipe your device in case it is ever lost or stolen. Some of these applications tell your device to take a picture of the user and send it to you via email, providing you with additional evidence of the finder or perpetrator. 

Enroll in ID & Data Breach Protection Plans: Enroll yourself in an identity protection program to ensure that you’re covered in the case that your identity is stolen while traveling. Also encourage your company to invest in data breach and fraud detection solutions to provide an extra layer of protection for important data, traveling or not. 

Stay tuned for a follow up post to this series—how to protect against identity theft once you’re on the road.

John Sileo, the award-winning author of Privacy Means Profit, delivers keynote speeches on identity theft, data security, social media exposure and weapons of influence. His clients include the Department of Defense, Pfizer, Homeland Security, Blue Cross, the FDIC and hundreds of corporations, organizations and associations of all sizes. Learn more at www.ThinkLikeASpy.com.

Top 7 Tips to Prevent Identity Theft (Part II)

By | September 22nd, 2011|Uncategorized|

By John Sileo, [cc id=’csid’] consumer security expert

I recently posted the first three  of my seven easy measures to help prevent personal identity theft, including monitoring accounts, using surveillance and opting out of financial junk mail.

Below are the remaining four tips, which I encourage you to pass onto your employees after they have begun to consider or take on the initial three. Again, teaching your employees to protect their personal identities will help establish a framework that is crucial to the success of your business’ security efforts.    

4. Freeze Your Credit File

Every time you establish new credit (e.g., open up a new credit card, store account or bank account, finance a car or home loan, etc.), an entry is created in your credit file, which is maintained by the three primary credit-reporting bureaus: Experian, Equifax and TransUnion. The trouble is, with your name, address and social security number, an identity thief can pretend to be you and can establish credit in your name.

A credit freeze is an agreement you make with the three main credit reporting bureaus that they won’t allow new accounts (credit card, banking, brokerage, loans, rental agreements, etc.) to be attached to your name/social security number unless you contact the credit bureau, give them a password and allow them to unfreeze or thaw your account for a short period of time. While this can be a little inconvenient when you want to set up a new account and can cost a few dollars (generally about $10 to unfreeze), it is a small price compared to the risk and recovery costs of identity theft.

To learn more about freezing your credit, visit the three credit bureau credit-freeze sites here: Experian, Equifax, and TransUnion.

5. Protect Your Computing Devices

In order to close potential data leaks, it is important to protect all of the identity documents stored on our home and work computers. The following suggestions will get you started, but you may want to hire a computer security professional to help you protect this very valuable asset in the fight against identity theft.

  1. Create strong, alphanumeric passwords.
  2. Install a security software suite on every computer you own. It should include: anti-virus and anti-spyware scanners, password protection, phishing and pharming filters and a firewall.
  3. Configure your computer systems for automatic operating system and security patch updates.
  4. Utilize encryption software for professional-level protection.
  5. Physically lock-down your computers, especially if you use a laptop, tablet or smartphone.
  6. Secure your wireless network with WPA2 encryption, not WEP.
  7. Secure your Mobile Data Devices (iPhones, BlackBerrys, laptops, tablets) physically and digitally.

6. Lock Up Valuable Identity Documents

Our most valuable identity documents are exposed to identity theft (and natural disasters, such as fire and floods) as they sit in unlocked filing cabinets, office drawers or out in the open. To complicate matters, the problem of data theft goes beyond paper documents to digital media. More than ever we need to be concerned with the physical protection of hard drives, cell phones, thumb drives, CDs and DVDs with sensitive personal or business data on them.

To store them securely, purchase a fire-resistant, locking filing cabinet. Your identity is probably worth something close to $300,000, not to mention the value of any business data for which you are responsible. Investing in a cabinet to lock up the keys to your identity is simple and goes a long way.

7. Destroy Irrelevant Documents with Identity Information

Assume that any document you throw out will end up in the hands of an identity thief. Get in the habit of either destroying or locking documents and disks that contain identity information, even if the information isn’t yours. Remember to destroy digital files as well, like those that live on CDs and DVDs. If you can’t shred it, lock it up in a safe or locking filing cabinet.

Convenience is key! Place a shredder in each place you handle identity documents (where you open your mail, your home office, your desk at work) and shred everything possible. If you don’t make it convenient for yourself, it won’t get done.

[cm id=’john-sileo-bio’]

Calculate Your Business’ Data Risk & Restoration Costs

By | August 29th, 2011|Uncategorized|

By John Sileo, [cc id=’csid’] consumer security expert

Businesses everywhere are under assault. Thieves want to access your customer databases, employee records, intellectual property and ultimately your bottom line. More than 80% of businesses surveyed have already experienced at least one breach.

Combine this with the average cost to repair data loss—a stunning $7.2 million per incident—and you have a profit-driven mandate to change the way you protect information inside of your organization.

Let’s do the math. Here is a quick ROI formula for your risk:

  1. Add up the total number of customer, employee and vendor database records you collect that contain a name, address, email, credit card number, SSN, Tax ID Number, phone number, address, or PIN.
  2. Multiply that number by $250, a conservative average of the per-record cost of lost data.
  3. The result? The projected cost to restore your business’ lost data.

So, if you have identifying information for 10,000 individuals, your out-of-pocket expenses, including breach recovery, notification, lawsuits, etc., are estimated at $2.5 million even if you don’t lose a SSN or TIN. And that cost doesn’t necessarily factor in the public relations and stock value damage done when you make headlines in the papers.

There are solutions, however, to minimize these costs. Invest in risk management solutions or take precautions with a high return. See my 7 Steps to Secure Profitable Business Data for ideas.

Statistics according to the Ponemon Institute

[cm id=’john-sileo-bio’]

Load More Posts