Excerpted from ID Theft Alerts for October, 2008
Be Prepared for Mandatory Compliance of Federal Red FlagsLaw
Identity theft continues to accelerate, and protecting against it has become a multimillion dollar business. A survey conducted by the Federal Trade Commission (FTC) in 2006 estimated that 8.3 million American consumers, or 3.7 percent of the adult population, became victims of identity theft in 2005. Reported incidents collected by the agency in its annual fraud analysis showed 258,427 cases logged in their databases. Stepping into this foray is the U.S. federal government’s Fair and Accurate Credit Reporting Act and its “Identity Theft Red Flags and Address Discrepancies” provisions. This Act defines specific “Red Flags” that organizations must monitor, act upon, and have a documented program in place to address. Some of these items may be addressed by existing policies and procedures, others may be new. Regardless, responding to this is not an option. The joint final rules and guidelines were effective January 1, 2008 with a mandatory compliance date of November 1, 2008. Overall, regulators have raised the bar and it is not sufficient anymore to simply have policies and procedures. Organizations should be aware of where their data is, how to protect it and how to protect their employees.
Don’t allow you accounts to get hacked liked Sarah Palin
The easiest way to break into online accounts is to use the “forgot password” functions on many sites. You are then asked a series of questions only you should know. However, with blogs and social networking sites much of the this information is now public. For example, if you have your high school listed on your linkedin page then it is easy to find the mascot. Use a geneology site and it is easy to find your mothers maiden name. Think you are careful and don’t publish any of this information? Are your friends or family blogging about your birthday party? Your birthday is now easily found.
It is this little bit of detective work that allowed David Kernell to break into Sarah Palin’s email. All he had to do is find out that she met her husband in high school and then find out the name of the school.
The solution is to use fake information. Answers that are not true but you can remember.