As 2009 races to a close, two terms have become permanent residents within the online safety and security lexicon, “identity theft” and “identity fraud.” The reality is both have existed long before the internet came into being and today as in the past like water, criminals always follow the path of least resistance in achieving their unsavory goal – a continuous stream of ill gotten gain.
To ignore our ability to take some basic steps which will serve to put boulders in the stream of criminal activity, targeted at the unsuspecting, for the purpose of building a wall of resistance and thus impeding the methodical flow of the criminal engagement is a recipe for continuous clean-up.
It is my opinion we all have a shared responsibility to protect our “crown jewels” which may include personal identifying data as well as our fiscal data. And it truly matters not whether we are engaged face-to-face, via the ancient form of communication “snail-mail” or online – in each instance we are sharing information and with the act of sharing we are entrusting our information to another. Our governments have enacted laws, rules and regulations to protect you, your privacy and your data in the world of personal identifying data (PII), credit card data (PCI) and health data (HIPAA). That’s all for the good, but you can help yourself. I offer up a few easy to implement “basic first steps” which may assist you in protecting you and your family and put some real resistance to the flow of criminal activity within the aforementioned path.
So what can you do?
In the physical world:
– Mail – receive your mail via a locked mailbox or PO Box; send your mail via the post office (not an unlocked mailbox) – every month I read of an arrest where an individual or individuals are caught emptying mailboxes in the wee-hours of the morning and during subsequent inspection of their possessions law enforcement find personal mail from literally hundreds of individuals, to include checks, account data and correspondence – all useful bits and pieces in the criminal world of identity theft and identity fraud.
– Document disposal – shred your paper; invest $75-$200 in a small cross-cut shredder. Run through the shredder any documents which contain your name; account numbers, etc. Include requests for subscriptions, new credit cards solicitation, memberships, etc. Why cross-cut? It makes it harder to piece together the shred. What if you can’t afford a shredder – contact your State Attorney General’s office – in Washington State where I reside, the Attorney General’s office hosts “shred days” where constituents can bring their paper to be destroyed – perhaps your Attorney General does likewise. If not, suggest they do so. Why give free unencumbered access to your documents when you toss them – in our house we compost the shredded papers with the horse manure (the worms and garden love it).
– Sharing your personal identifying data in hard copy – there are times when you may wish to share your personal identifying data to allow a merchant or governmental entity to identify you as you. If you use the mail or courier to transmit this data I recommend the use of “registered mail” within the US Postal Service and “signed” delivery when private services such as Fedex or UPS are used. In both instances you can confirm delivery of your sensitive personal information. It is always good to know when important data is lost, when it is lost, it allows you to take appropriate action.
In the online world: Guide your family’s process on electronic sharing of data.
– Children – For a child, I recommend parents drive home the point re sharing information (any family information) online requires Mom or Dad to be present and supervising. When the “pop-up” appears which contains an enticement and requires provision of data, your excited child can, in a matter of seconds, expose and push your family’s personal data out the door
– Online Data Input – Data input online, I strongly recommend never enter your data into a website which doesn’t envelope the transaction into a HTTPS (S=secure) environment. Know how you arrived at the website.
– Online Gaming – Online gaming is mainstream, some require peer-to-peer (P2P) software to be downloaded and implemented. Review the settings to make sure in your pursuit of entertainment you haven’t inadvertently opened up your computer’s drive and made accessible all the contents of your hard drive.
– E-Mail and Banks – understanding common practices is a quick route to understanding email phish and scams – your bank will not (let me repeat that, will not) request you to send to them any data via email. Nor will your bank ask you to “click” on a link contained in an email to provide them such data. The fact that banks send “confirming” email to you for various transactions such as password changes, etc., does require that you clearly understand when your bank or merchant will communicate with you. For example – I was informed by one bank which hosts a credit card which I have that hard-copy statements were going to be discontinued and all future statements would be available via their website online – I will receive an email advising a statement is available (glad I’ve online access and I am waiting to see just how much data is contained in that advisory email, but I am not expecting a link to click to review my account).
– Credit Reports – review these regularly. They are available to you free on an annual basis, and as Washington’s Attorney General Rob McKenna noted, “There’s only one government-authorized Web site where consumers can get their free annual credit report, and it’s not the one with the catchy jingles in television ads.“
– Digital Data – How many times do we need to read of a laptop or smartphone which was sold, recycled or trashed which contained PII or PCI data? As I recommended shredding your personal paper prior to disposal, I advocate the same for your electronic media. Reformat or degauss your electronic media prior to recycling or discarding. Remember, if your data isn’t available it can’t be used to perpetrate a crime against you or your family.
These are a few, easily applied practices which I and my family use to protect ourselves from ID theft and fraud, I know they will help you protect yours.
Thank you for your time.
All the best,
Christopher
——————
Links:
Attorney General of Washington Shred Days: Shredathon Events.
US Department of Health and Human Services: HIPAA Privacy
Payment Card Industry (PCI): PCI Security Standards Council
WA AG McKenna’s admonishment re: Consumers Could Be Deceived by Free Credit Report Offers
To obtain your free credit report: Free Credit Report but be safe and follow the advice of Free Credit Report dot com: “Please be aware of how you arrived at this site. To ensure you are visiting the legitimate site, type https://www.annualcreditreport.com directly into the address bar on your browser.”