Issue No. 2 Feb. 22, 2010

Identity theft is the fastest growing financial crime in America, affecting 10 million people a year and costing the economy $50 billion. Businesses need to take measures to protect themselves, their customers and their employees. It is much more difficult for a business to recover from this kind of theft, and they are a much more lucrative target with less risk but less protection than consumers.

The government advices us to “deter, detect and defend.” But what does that mean? Please reference the Lomasne rule — “Never write if you can speak; never speak if you can nod; never nod if you can wink”-which has been updated to include:”never put it in email.” Be careful what your employees say during office phone conversations. Avoid giving identifying or financial information over the computer or only on secure pages. Monitor all monthly statements. Check your credit reports regularly.

On a practical level, protect all passwords and personal identification numbers. Sensitive information should be kept behind locked doors and in locked file cabinets and on the Internet through passwords, or other mechanisms like bioidentity devices. Use shredders for all unneeded documents and trash that might include personal information or identities, even unopened solicitations.

Be on the lookout for “phishing.” How it works: recipients will get what appears to be a valid email from a legitimate company, asking for an account number and the related password. The explanation used is that the recipient’s records are being updated or that there is a new security measure in place that requires confirming the requested information. This “fishing” for information has been used to obtain stolen identities to commit identity crimes, with a single act of phishing generating hundreds of thousands of stolen identities.

Just because the email contains authentic trademarks, logos, language and even the urls does not mean it’s authentic. Often, the email contains links to pages that are programmed to look like those on the company’s actual site, and only a discerning eye can tell that the pages are not “real.” One of the clues is bad grammar and poor spelling. Most large institutions are paying someone to proof these materials-a spammer is not!

Next Issue: Protecting Mobile data

Uptodata is brought to you by New England Network Group.
Find helpful materials on CMR17 compliance at http://nengroup.com/