viernes, 23 de diciembre de 2016

Identity Theft - Establishing a Culture of Security


What is Identity Theft? It is the No. 1 crime in   America  and effecting over 10 million people per year, occurring every 79 seconds, costing customers/consumers over $5 billion in out-of-pocket losses, and businesses over $48 billion as reported by the Federal Trade Commission (F.T.C.).

What is so misleading concerning Identity Theft that most consumers and businesses believe it is all about credit/financial. Not so! Identity Theft occurs in 5 areas of theft: financial/credit identity theft, medical identity theft, driver license identity theft, social security identity theft, and character/criminal identity theft. If a thief can get hold of just a piece of your identity information, it could lead to all the other areas of theft. That"s the Big Picture and the identity theft facts! Having just a credit report monitoring service is NOT enough to detect, deter, or defend against Identity Theft.

As of today, over 50% of Identity Theft is occurring in the workplace. As reported by, just from January 1, 2005 to February 25, 2008 (not including years prior) there has been reported to the Federal Trade Commission over 218,621,856+ total number of records containing sensitive personal information involved in security breaches in the United States. To name just a few in the State of North Carolina: most recent Mecklenburg County (stolen laptop in car), NC Dept of Transportation (computer server), Duke University (school website), Carolina Medical Center-Northeast (paramedic laptop), ABC Phones/ACC Communications (files in dumpster),  Bank  of  America  (laptop at home), and NC Dept of Revenue (laptop in car). Then there are others like T.J. Stores, the largest reported breach to date, with over 100 million accounts stolen; FoxNews and others, unintentionally or intentionally lost someone"s non-public information (NPI). This problem will NOT go away and security breaches will continue to happen!

That is why, effective January 1, 2008 with a deadline date of November 1, 2008, the 5 federal agencies, lead by the F.T.C. has finalize another part legislation of the Fair and Accurate Credit Transaction Act of 2003 (FACTA), called Identity Theft Red Flags Rule. This new Rule applies to mostly all businesses in  America . Whether the institution has 1 employee or thousands (for profit or non-profit or government), have covered accounts, utilizes credit cards for processing, or utilizes consumer reports for employment or business, they must have an "Identity Theft Prevention Program" in their institutions to help reduce identity theft in the workplace. This program must be approved by a Board of Directors or President (if no Board) and must be implemented, monitored, and updated on a regular base by an individual or committee at Senior Level Management. Why, because institutions are losing NPI and are fully liable of damages occurred from identity theft of its employees and customers. There are penalties for institutions that can not show proof of a "reasonable security system" as stated by the F.T.C. and other regulator bodies (State & Local), which could lead to civil, criminal, and imprisonment for Board Members, Senior Officers, and Employees. Today, institutions must stop thinking just about pouring money into IT security or paper shredding, but developing a "Culture of Security" from Top-Down. More intention needs to be placed on training ALL employees and offering a mitigating system that will help detect, deter, and defend against Identity Theft in the workplace. For legal advice, please consult your attorney.


Source by Anthony Herring

No hay comentarios:

Publicar un comentario