1. It fails to reflect the reality of modern life. The amendment proposes to exempt businesses that identity theft has not affected. However, identity theft is our nation’s fastest-growing crime. 10 million Americans are victims each year. Medical identity theft is one of the fastest-growing areas of the crime. Should a driver be exempt from buying car insurance because he has never been in an accident?

2. It fails to recognize the interconnectedness of modern business. Why did our economy fall so far, so fast in late 2008? Because businesses in every industry were connected, and when the first began to fall, the rest followed like dominoes. The amendment as written implies that small-town doctors, lawyers, and accountants who “only serve their immediate residential area” are exempt from ID theft. However, each of those businesses is connected – to an insurer, a bank, a billing service, or other entity that works with their customer or patient files. The Red Flag Rules specifically call upon compliant businesses to make sure that their vendors and suppliers are also compliant. Should a large outsourced billing company face increased risk because they do business with a small-town physician?

3. It fails to explain why some businesses are different than others. Why does the amendment only allow exemptions for lawyers, accountants, and medical practices? Yes, those businesses have a professional code of confidentiality in many cases. However, aren’t banks, credit unions, mortgage companies, insurers, and auto dealers expected to maintain some degree of security over customer data? Isn’t it possible that a small company in one of these industries has the same level of recognition with its customers?

An idBUSINESS customer in the metro New York City area (name withheld) is a small mortgage brokerage in a neighborhood that is defined by its orthodox religion. Everyone who lives in this neighborhood knows everyone else – it is as isolated of a community as you may find. The customer called us and asked why the business needed to comply, as 100% of their loans were written when homes passed from one generation to the next, or as refinances to existing customers.  Then, the customer mentioned a note received in the mail, from a large lender. The note asked that this brokerage develop a standard Red Flag procedure to ensure that loans were processed quickly and smoothly. Even this business, with direct knowledge and recognition of every single borrower, realized that it was connected to other entities, and had a responsibility to comply in order to keep the larger system running efficiently to everyone’s benefit – including the borrower.

We at idBUSINESS are not profiteers. We are passionate about information security and driven to see small businesses secure before it’s too late. We are backed by national leaders in data breach services and forensics, with the team that helped victims of Hurricane Katrina and US Veterans who have been affected by identity theft. We will gladly demonstrate our product to Representative Adler of New Jersey, who introduced the amendment. And we thank every business who has proactively complied with this law because they saw that it was the right thing to do for their customers.

Powered by Twitter Tools.

Technorati Tags: ID protection, identity protection, identity theft, Red Flag Compliance

Powered by Twitter Tools.

Technorati Tags: ID protection, identity protection, identity theft, Red Flag Compliance

Powered by Twitter Tools.

Technorati Tags: ID protection, identity protection, identity theft, Red Flag Compliance

Technorati Tags: mortgage, red flag rules, testimonial

Powered by Twitter Tools.

Technorati Tags: ID protection, identity protection, identity theft, Red Flag Compliance

Powered by Twitter Tools.

Technorati Tags: ID protection, identity protection, identity theft, Red Flag Compliance

In this latest installment in our series explaining security policy needs and considerations in specific industries, we look at information security through the unique lens of the mortgage industry, to understand the increased risk – and greater opportunity – that a strong Red Flag Rules program has for your mortgage business. Also a great primer for anyone thinking about buying a home, to learn how the mortgage industry uses your PII, and how you can protect it, through the application process.

Technorati Tags: mortgage industry FTC compliance, Mortgage Industry Information Security Policy, Mortgage Industry Red Flag Compliance

As we pointed out in our last post, humans are the weakest link in any security system. One problem is that many people don’t think about their daily work or social activities with information security in mind. Without the proper awareness, education and mindset, carelessness leads to data breaches, leaks and other problems that while, not malicious, are incredibly damaging to a company’s reputation and the strength of a company’s information security policy.

A recent article in Network World highlighted this problem again, which is growing on a global scale:

“Humans are the weakest link in any security system, according to KL-based organisers of the Hackers Halted Asia Pacific 2009 conference, which is to be held in November.

Officiating at the announcement, the chief minister of Malacca, Datuk Seri Haji Mohd Ali Bin Mohd Rustam, said there is no perfect system in the world. “Even if you have the best security devices and software–your organisation still relies on humans–who are the weakest link in any security system. Public education and awareness is essential.”

This issue doesn’t only arise, however, from lack of education or awareness. It also comes from company protocols and information protection standards that are either too lax or that are not comprehensive enough to address all possible breaches. We have already addressed how quickly sensitive information can be linked via social media and daily online conversations, but consider other examples.

One of our clients, prior to completing a data breach risk assessment with us, had a set standard in place that all employees work from 8:00 – 5:00. His employees, as most do, would jump up at 5:00 and head for the door, leaving half completed work, opened files and other sensitive information on their desks for anyone to see, steal or sell. Once we made him aware of this issue, he immediately modified company procedures to ensure that all sensitive information was properly stored before each employee left for the day.

In our last post, we talked about how a certain mayor leaked sensitive employee information via Twitter. Do you have rules and protocols in place about your employees’ use of social media in the office? Are the standards clearly defined as to what information is confidential and what is not?

Another example. Many people do not make a habit of completely shutting down their work computers at night. Those with predictable password patterns or no passwords at all become easy targets for theft during the night. You would be surprised how many thefts are traced back to cleaning crews, maintenance workers, etc. As we pointed out, the involvement of organized crime is increasing in ID theft. These underground businesses target the people who have access and pay them much more an hour to do a little poking around.

The list goes on and on. How secure is the human element in your business? If you aren’t sure, you need to find out. Learn more about internal risk assessment at idBUSINESS.com.

Technorati Tags: humans the weakest link in security, information security system weaknesses, the human element in information security

Powered by Twitter Tools.

Technorati Tags: ID protection, identity protection, identity theft, Red Flag Compliance