Friday, January 25, 2008

Are You Well Protected?


by Doug Pollack

As we look forward to what is in store for us in 2008, The Identity Theft Resource Center is projecting an increase in both the number of security breaches and incidents of identity theft.

With this as a backdrop, we've developed a set of recommendations for people to protect themselves. As part of our ID Self-Defense Academy, a component of our subscription services member website, this Self-Defense Checklist includes both common sense suggestions that you are likely to be familiar with, as well as others that are new this year given the evolution in the use of the internet and computers in identity theft.

Some of the items you may not have thought about include using a "wipe" utility on your computer hard drive to make sure all of your information is permanently erased before disposing of the computer, and checking the annual earnings statement that you receive each year from the social security administration for any discrepancies in earnings or work history.

The complete checklist follows.

Self-defense Checklist

Protect Yourself At Home

  • Switch to a mailbox with a lock.
  • When you're away from home, place a hold on your mail (online at www.usps.com or with a Hold Mail form at the post office).
  • Use a cross-cut shredder to shred documents containing financial or other personal information.
  • Secure important documents in a safety deposit box or a fire-proof safe hidden at home.
  • Stop newspaper delivery and garbage service if you're leaving town.
  • Set up lights on timers to make your home look occupied when you're away.
  • Have a neighbor you trust keep an eye on your home, and leave a number where you can be reached.
  • Immediately notify the post office and anyone you do business with if you change your address.
  • Place outgoing mail in a post office mail slot or hand it to a postal worker instead of leaving it at your home mailbox for pick-up.
  • Review your credit card, bank account, and cell phone statements regularly to make sure there are no unauthorized charges.


Protect Your Computer and Internet Access

  • Protect your computer with a password.
  • Never provide personal information in response to an unsolicited e-mail.
  • Avoid viruses and other scams by frequently updating your browser and e-mail software.
  • Use and regularly update your firewall and anti-virus/anti-spyware software.
  • Change your passwords often, and use letter and number combinations that are difficult to guess.
  • Never have your computer remember your password.
  • Don't respond to instant messaging from unfamiliar users, and avoid instant message offers.
  • To ensure the authenticity of e-mail requests for personal information, type the company's Web site URL directly into your browser instead of clicking on a link in the e-mail. (The real destination of the link may be different than the URL that you see.)
  • Don't ever send personal or financial information via e-mail.
  • Don't open e-mail attachments or download files from strangers.
  • Before doing business with any company, ask for and verify its name, street address, and phone number.
  • Choose an Internet Service Provider and browser that use filtering software to limit spam in your e-mail inbox.
  • Never respond to email asking for your help in getting money out of a foreign country.
    Encrypt your wireless network as soon as you set it up.
  • When using Ebay, Craigslist, or other sites linking buyers and sellers, use PayPal for transactions. Don't ever wire money via wire service, and don't accept cashier checks or money orders, as these can be forged.
  • Review your credit card, bank account, and cell phone statements regularly to make sure there are no unauthorized charges.


Protect Yourself On the Road

  • Carry only the credit cards and checks you absolutely need when traveling.
    Keep identification and credit cards in a secure wallet or purse on your person (and out of pickpockets' reach) where you can keep an eye on them.
  • Make photocopies of the fronts and backs of your credit cards, driver's license, and passport and store the copies someplace other than your wallet in case of theft.
  • Program the toll-free numbers for your credit card companies into your mobile phone in case of theft.
  • Never leave valuables, phones, receipts, or other papers containing financial or personal information in your car, even if it is locked (and always lock it).
  • Keep receipts in a safe place until you can cross-shred or safely store them at home.
  • Always keep your mobile phone in a secure place on your person to avoid losing it. Activate the lock feature when it's not in use so that it can't be used and any stored information can't be accessed if it is stolen.
  • If you must discuss personal or financial information over the phone, do so in your hotel room or another private place where you won't be overheard.
  • Avoid downloading attachments from your e-mail account onto a computer other than your own. Erase your browsing history and discard any personal files in the computer's trash or recycling bin, then empty it before logging off.
  • Never enter or access personal information from a public-access computer or one in a hotel business center, as these can be fitted with hard-to-see key loggers that record your information.
    Be sure to eject any personal CDs, DVDs, or jump drives at the end of a session on a computer that isn't your own.
  • Especially after you travel, dealing with merchants you don't know, remember to review your credit card, bank account, and cell phone statements regularly to make sure there are no unauthorized charges.

Tuesday, January 8, 2008

Data Breaches Reach Record Levels in 2007

by Doug Pollack

According to a December 30, 2007 AP article written by Mark Jewell, the trend in data breaches continues on the upswing. He reported that:

"The loss or theft of personal data such as credit card and Social Security numbers soared to unprecedented levels in 2007, and the trend isn't expected to turn around anytime soon as hackers stay a step ahead of security and laptops disappear with sensitive information."

This of course is bad news for consumers who have also experienced meteoric rates of identity theft in 2007. It has been estimated that over 9MM US citizens fell victim to identity theft in 2007. If you're counting, this averages out to one every three seconds. And the growing adoption of new technologies such as wireless internet and devices by businesses and consumers, provides new ways for technically-savvy criminals to circumvent data security measures.

"With wireless data transmission more common, hackers increasingly are expected to target what many experts see as a major vulnerability. Eavesdroppers appear to be learning how to bypass security safeguards faster than ever, said Jay Tumas, the head of Harvard University's network operations, at a recent conference for information security professionals."

Research Groups estimate that between 50MM and 80MM records of personal information were breached during 2007. These breaches were caused both by hackers whose intent is to steal and exploit this personal data, as well as by unintentional human error such as in the loss or misplacement of a laptop computer with sensitive personal data residing on its hard drive.

Predictions by industry groups suggest that breach numbers reported will continue to rise given a growing trend requiring disclosure of breaches and notification of affected individuals by organizations that experience a data breach.