The unfortunate truth of increased technology use in the workplace is that there is a corresponding increase in the potential for cybercrime, more specifically identity theft, to strike the workplace. The question is, what can you do to help prevent it, and how should you react to it should it strike?
How You Can Help an Identity Thief
There are plenty of ways that an identity thief can gain the information they need to successfully take control of one of your accounts or some of your critical data. First of all, many businesses have a tendency to collect more data than they actually need from their contacts and employees. This only gives the identity thief more ammunition. Furthermore, many businesses underestimate the lengths that an identity thief will go to in order to collect the information that they need. Frankly, just throwing out documentation won’t stop someone who isn’t above dumpster-diving. Any paper records should be cross-shredded before they are disposed of.
Of course, paper records are a relatively easy way for an identity thief to get what they want in almost any circumstance. Therefore, it makes much more sense to keep your documentation stored digitally, protected by passwords and encryption that stands up to best practices.
What to Tell Your Clients if Their Identities Are Stolen on Your Watch
Unfortunately, even the smallest error can lead to a security breach, which means that you may have to inform your clients that their information has been stolen. To help them further, you will want to advise them to take the following steps immediately.
Notify Affected Banks or Creditors
One of the first orders of business that needs to happen if financial information could have been leaked is to contact the bank or credit card provider that manages the account. Your contact will want to deactivate these accounts before whomever it was that stole their identity accesses them again.
Time is of the essence, as they will need to report the theft and any unauthorized charges within two days of the unauthorized transactions to limit their liability to $50. If they report the theft before any transactions are made, they will not be liable for any activity on that account until the matter is settled.
Managing Credit Reports
Any client whose data was potentially stolen should work on managing their credit reports. First, have a fraud alert put on your account by one of the major credit reporting agencies. This will automatically provide you with a credit report from all three of these agencies, which you should check for warning signs of fraud. If your reports show credit inquiries that you didn’t make and other unexplainable activity, report the identity theft to remove the transactions and activities you are not responsible for. You may also want to consider requesting a credit freeze to prevent the credit agencies from releasing your credit information to new creditors.
Fill Out and Distribute ID Theft Report
While the FTC (Federal Trade Commission) may only follow up on larger fraud cases, they also monitor identity theft cases to try and identify suspicious patterns that suggest the involvement of organized crime. The FTC’s website also has a link to a form that will produce an identity theft complaint. Once you have that complaint, secure a police report to complete your ID theft report.
This report needs to be distributed to your creditors and credit reporting agencies, and these accounts need to be monitored to ensure that false information doesn’t persist.
Locking Down Accounts
Of course, as with any account breach, you need to update your account passwords to keep your accounts secure. Furthermore, not only should you report any false use of your Social Security Number, you should also ensure that no additional accounts have been opened in your name for any utilities, as the bill for these services can be used as proof of residence to open a new account.
Identity theft is no laughing matter, and you certainly don’t want your business to be responsible for it. For assistance with your data security solutions, call Machado Consulting at (508) 453-4700.
Information Technology’s Role in HIPAA Compliance
With HIPAA, sensitive patient information cannot be disclosed without the patient’s knowledge or consent. As many healthcare businesses move to electronic health records,...