It’s no secret, your employees use their work computers to scour the internet on company time. However annoying that is to business owners, they generally look the other way. As you’ll read, that annoying reality could very well lead to a security breach, so it’s time you educated yourself and your team on the cold, hard facts.

Fact #1: Employees are the #1 cause of all company security breaches.

Your small business amasses a wealth of incredibly sensitive information about everyone who walks through your doors or hits your website.  Having that valuable information put in jeopardy can turn into a long and costly process to fix, not to mention potentially embarrassing to you and the business.

We’ll explore the seemingly harmless part of your employees’ daily lives that could put your business and, more importantly, your customers’ information at risk for a breach.  We’ll also provide tips to protect yourself so your business isn’t added to the ever-growing list of organizations that have had their security breached in 2017.

We’ve all heard the saying, “work smarter, not harder.”

Owning your own business is tough.  There are countless hours spent towards hundreds of different tasks across every part of the business.  If data security isn’t near the top of your priority list it should be, because the dangers are real and your employees’ mistakes can be very costly.

Fact #2: Identity theft and fraud attacks against small and mid-sized businesses skyrocketed from 18 percent in 2013 to 31 percent in 2015 and the numbers are on the rise.

Unfortunately, however much interest we put into security and discovery innovations to create an in-depth defense strategy, the reality is one wrong click from an employee innocently surfing the internet can instantly hand over your sensitive information to an identity thief.  The small mistake of opening a seemingly harmless email can upload a virus to your hardware and go unnoticed for weeks, if not months, causing irreparable damage.

Fact #3: Only 29 percent of companies with fewer than 10 employees are acting to protect against security risks.

Less than one third!

Are you part of that 71% that don’t?

There’s as much as $1 billion a year stolen from small and mid-sized businesses in North America and Europe and the numbers are only going to increase, says Mike Gross, global risk strategy director with 41st Parameter, a business fraud prevention firm owned by the credit reporting giant Experian.

Here are five must-take steps to make it tougher for offenders to steal your valuable information:

• Use an EIN: As a business owner you may operate as a sole proprietorship under your Social Security number, even if your business has employees.  Just because you have the freedom to do so doesn’t mean you should.  It’s generally safer for sole proprietors to use an EIN.  Keeping your business and personal finances separate is a must for several reasons, including identity theft prevention.
• Protect sensitive files: From bank statements to tax returns, your business likely has paper and electronic files that hold sensitive information.  Use a secure mailbox, shred documents you don’t need, and keep sensitive files in a locked area or other secure location to avoid theft.
• Be proactive: It’s crucial to use passwords or restrict employee access to certain documents.  Establish a clear protocol to follow in the event of a data breach, including assigning an employee to manage the breach and devise what actions need to be taken.
• Try to avoid the “bring your own laptop” trend: Countless companies now allow employees to use their personal computers, cell phones and other devices for work. This presents risks to a small business where, for example, an employee brings a compromised device into work and accesses secure files.  Unfortunately, you’ve just allowed a trusted employee to unknowingly compromise your sensitive information.
• Check statements regularly:  This is one of the best ways to halt fraud before it gets out of hand.  Experian and other credit reporting agencies offer monitoring services that can help.  It’s also a good idea to assess your banking agreements to determine whether your business accounts have protection against fraud.  In addition, review your insurance policies to see what coverage you have in case of a data breach.
• Despite the best efforts of many businesses, data security trends are headed in the wrong direction.  We looked back at hundreds of events throughout 2016 into 2017 to identify the top causes, in hopes we can try to limit the numbers for 2018.

 

We pulled data from the IRS and found business identity theft cases rose 250 percent through the summer of 2017.  For example, the U.S. recorded 4,000 business identity theft cases in 2016, and through August this year it’s 10,000 cases and climbing.  When you put that into numbers, business identity theft caused $15.3 billion in damage in 2016, up from the $13 billion in 2015.

When we took a closer look at the underlying issues that allowed the identity theft incidents to occur, we found one common thread: Attackers are increasingly relying on phishing emails to sidestep IT security systems.  It’s an inexpensive, but highly effective attack route to gain access to an otherwise well-secured network. Social media outlets, such as LinkedIn and Facebook, provide a treasure trove of information for attackers to identify and target employees with carefully crafted phishing emails.

Here’s another example: Criminals and IT thieves are constantly producing fake social media pages and disguising themselves as someone who seems like another person in your industry.  They reach out to connect and look as reputable as anyone.  Remember to take a minute before you accept their request.  Always be proactive in screening people, because you never know if they’re a legitimate contact just trying to expand their network or a potential security threat trying to access information about your business and how to infiltrate your company.

So…What should all this mean to you?  What should your business do?

Truth be told, there is no one-size-fits-all approach.  How you address the human component of data protection requires execution of several technical, managerial, and procedural precautions, unique to your business.  Below are some guidelines and tips to keep in mind:

• Data security awareness and training: Dispose of old devices, but first wipe the data. Train your employees and take part in programs with companies who handle sensitive information, like Secure Document Destruction of St. Louis.  Your organization’s information security policies and procedures should be part of the onboarding process and included in periodic training. These programs should be continuously updated to address the constantly evolving threat as well as staffing changes that could impact data privacy and security.  For more information on these topics please visit the FCC website @ https://www.fcc.gov/general/cybersecurity-small-business
• Simulate phishing tests: Try testing “data breaches” by sending phishing attacks on employees.  You are a step ahead by training users on how to identify and avoid phishing messages.  It could help your organization measure the vulnerability of your employees and identify the ones that need additional training.  There are many resources available, such as NTP Security Enterprises, a premier St. Louis company that specializes in these types of programs.  Visit them @ https://ntpcybersecurity.com for more information.
• Fully encrypt your devices and storage: The regularity of stolen devices containing sensitive information will continue to rise as more users store sensitive data on their laptops, mobile devices, and portable storage devices. Always implement complete encryption on all devices that contain sensitive data.  Visit the link below for a list of 2016’s top software systems for your business. https://www.pcmag.com/business/directory/encryption
• Use data loss prevention software: Your sensitive data can be breached by mistake or malicious intent.  Data loss prevention software is intended to prevent users from sending sensitive data outside your network without authorization.
• Clearly define employee access rights and privileges:  Employees should have access to only the data they need to do their job.  If you must allow them access to sensitive information, it should only be approved for the minimum time necessary.  Never forget to enforce strong standards for user identities and passwords.

When security breaches make headlines, they are often about corrupt groups in other countries. These kinds of stories are exciting to read, but they mask the reality that most breaches are caused by an action or failure by someone inside the company.

To this point, when we’ve mentioned employee mistakes causing security issues, we’ve been referring to honest people making honest mistakes.  There is another side: those employees who want to damage you.  It’s the threat you’d never expect.  They normally will fly below the radar of many detection technologies and can erase evidence of their activities to further deter investigations.

It’s a perfect crime.

Fortunately, the rise of Artificial Intelligence makes spotting insider threats easier and less invasive.  These technologies help businesses detect and prevent potential hacks and security threats to their systems.  Their cognitive processes are able to continually learn and make reliable decisions based on the data that your business is taking in.  However, even with advances in technology, you and your managers need to be aware of what to look for and how to focus security efforts to get the greatest returns on protection:

• We are creatures of habit: Your employees come to work at the same time and do familiar tasks.  The same can be said for how they use and interact with technology.  Uncover abnormalities in behavior at the level of individual employees, making it much easier to spot when your security has been compromised.
• Security is constantly evolving.  Educate yourself on your security risks, and screen at-risk employees.

By covering your basics, you can and will make the biggest impact on theft.  Every extra precaution you take, makes you that much less susceptible to theft from a person or an organization stealing your precious information.

Don’t forget the fundamentals:

• Use an EIN
• Protect your sensitive files
• Be proactive.
• Always make sure you’re the first to know.
• Try to avoid the “bring your own laptop” trend
• Check your statements regularly

These basic guidelines can have a significant impact on reducing your vulnerability to a data breach.

So, after reading this, we at Secure Document Destruction of St. Louis (SDDSTL.com) hope when you see the next scandalous headline about some Equifax’ian breach by an external hacker that you remember that these major attacks account for less than half of the breaches out there.  As you now know, the thief probably used the identity of an unsuspecting employee to pull it off.

Act now to make sure your organization isn’t the next one in the headlines.

If you have any questions, concerns, or tips, we’d love to hear from you.

Please visit our website at www.sddstl.com or if you’d like to learn more, give me—John Steinhauser—a call at (314)795-0004 or email me at john@sddstl.com

And, stay safe out there!

 

John Steinhauser, co-owner, Secure Document Destruction of St. Louis (SDD).

Don’t Let Your Children Fall Victim To Identity Theft When Heading Back To College

Summer is almost over.  The days are getting shorter.  Another school year is ready to kick off, if it hasn’t already for your family.  You know what that means… forms, forms and more forms:

• Enrollment
• Scholarships
• Sports teams
• Greek life

The list goes on and on.  As eager as they may be to start another year with friends and classmates, someone else is just as eager for a new school year to start.

• Hackers
• Scammers
• Online predators
• Identity thieves

A new school year means a wealth of new online and paper data left subject to theft.

Many universities claim to have gone “paperless,” which may save time and prevent human error mix ups, but the sad truth is, there’s still countless amounts of documents sent that can and will leave opportunities for someone to invade your child’s privacy.

We’ve scoured countless government surveys and calculated that a staggering 16 million Americans were victims of identity theft in 2016. The Javelin report highlighted that $16 billion was stolen from consumers.  That’s an average of $1,000 per person!  As parents ourselves, the most painful aspect of the Javelin report was that student identity theft numbers are skyrocketing.

When the Secure Document Destruction St. Louis team dug deeper, we realized the vast majority of this theft was related to instances in which family, friends, roommates, and acquaintances are a risk factor for your child’s secure information to be stolen.

“Often people who know you have access to your personal information,” said Al Pascual, director of fraud and security at Javelin. “If they live in the same place, they may have access to information you leave lying around the house; they can intercept phone calls meant for you.”

Most college students apply for their first job, open a bank account, make online purchases and apply for financial aid, all of which require personal information such as a Social Security number, date of birth, home address and sometimes much more.

Anyone can be a victim of identity theft and the numbers coming from the college sector are only rising.  As they get started, consider these tips for keeping your child’s personal information safe.  Don’t let your student join the nearly one million Americans affected by identity theft.

• Safeguard his/her SSN. Make sure they’re not carrying their Social Security card with them. Always have it locked away and put in a secure location.
• Have their personal documents destroyed.  Always have your child destroy any piece of paper with their personal information.
• Fill out the simple form below to download our top 10 tips for avoiding identity theft.

At SDD we want to make sure you and your child are taking the necessary precautions to avoiding identity theft.

SDD realizes that the act of trusting, oversharing, or not adequately protecting access to your student’s electronic devices are the most common mistakes they can make with regards to handing out their personal information.

FOR MORE INFORMATION OR A FREE QUOTE, CONTACT US.

 

Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.

Identity theft is serious.  It can cost you time and money.  It can destroy your credit and ruin your good name.

Skilled identity thieves use a variety of methods to steal your personal information, including:

• Dumpster Diving. They rummage through trash looking for bills or other paper with your personal information on it.
• Skimming. They steal credit/debit card numbers by using a special storage device when processing your card.
• Phishing. They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information.
• Changing Your Address. They divert your billing statements to another location by completing a “change of address” form.
• “Old-Fashioned” Stealing. They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records from their employers, or bribe employees who have access.

So, what can you do?

Deter identity thieves by safeguarding your information.

-Shred financial documents and paperwork with personal information before you discard them.

-Protect your Social Security number.  Don’t carry your Social Security card in your wallet or write your Social Security number on a check.  Give it out only if absolutely necessary or ask to use another identifier.

-Don’t give out personal information on the phone, through the mail, or over the Internet unless you know who you are dealing with.

-Never click on links sent in unsolicited emails; instead, type in a web address you know.  Use firewalls, anti-spyware, and anti-virus software to protect your home computer; keep them up-to-date.

-Don’t use an obvious password like your birth date, your mother’s maiden name, or the last four digits of your Social Security number.

-Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your home.

Detect suspicious activity by routinely monitoring your financial accounts and billing statements.

Be alert for:

-Bills that do not arrive as expected

-Unexpected credit cards or account statements

-Denials of credit for no apparent reason

-Calls or letters about purchases you did not make

Inspect:

-Your credit report.  Credit reports contain information about you, including what accounts you have an your bill paying history.  Under federal law, you are entitled to a free credit report each year from each of the three main credit bureaus:  Equifax, Experian, and TransUnion.  Visit www.AnnualCreditReport.com to ask for a copy.

-Your financial statements.  Review financial accounts and billing statements regularly, looking for charges you did not make.

If you suspect identity theft:

• Contact the fraud deportments of each of the three major credit bureaus. Tell them to flag your file with a fraud alert including a statement that creditors should get your permission before opening any new accounts in your name. In a few months, order new copies of your reports to verify your corrections and changes, and to make sure no new fraudulent activity has occurred.
• Contact the creditors and tell them if your account has been tampered with or opened fraudulently. Ask to speak with someone in the security or fraud department. After your conversation, follow up in writing. Its required by the Fair Credit Billing Act for resolving errors on credit billing statements, including charges that you have not made.
• File a report with your local police or the police in the community where the identity theft took place. Keep a copy in case your creditors need proof of the crime.
• Report the theft to the Federal Trade Commission. Your report helps law enforcement officials across he country in their investigations. Visit ftc.gov/idtheft.

Armed with the knowledge of how to protect yourself and take action, you can make identity thieves’ jobs much more difficult.  You can also help fight identity theft by educating your friends, family, and members of your community.

SDDStL shreds everything while you watch, before we leave; so this can never happen. More Companies (especially some larger ones) are pushing their customers to allow them to shred materials Off-site. The lower cost of providing the service allows them to improve their profit margins.

Document Shredding Company Employee Eyed in ID Theft Ring