Our goal is to be your resource for information security. This week, we encourage you to be wary of trusting the number that comes up on caller ID and also be aware someone may be using your number to get through caller id security checks. There are plenty of websites and tools that allow you to spoof them. But the bigger problem is phone systems that believe the caller ID. An example is voicemail — if it thinks the call is coming from you it can be set up to bypass your security code. Not worried about someone finding out that your friends are changing the time of their dinner party? Some banks and credit card companies use caller id as a security check. It makes it much easier for someone else to get your information after they have passed this basic check.

Regarding your cell phone, currently only Verizon absolutely requires password access for voicemail—so if you don’t have Verizon, make sure you take the steps to set up the password system on your own.

Regarding banking and credit cards, ask you bank what the policies are and let them know you’d rather sacrifice ease of access for the increased security.

The bottom line is no one cares more about your security than you, so you need to be your own best watchdog. Keep an eye on activity in all accounts and regularly check your credit reports. Remember you can request a free credit report once per year from each of the three credit reporting agencies.

When it comes to document security, the best defense is a good offense—use an on-site shredding service—it is the most secure (you witness the shredding in your parking lot), easiest (no worries about sorting through staples, paperclips etc), and most environmentally sound option around (all paper is recycled!). More information at www.hvshred.com

Hurricane or tropical storm, Irene wreaked havoc on the Hudson Valley. No matter what you call the weather phenomenon that swept through the Northeast last weekend, there are a lot of wet basements left in the wake throughout Dutchess, Orange, Ulster, Dutchess, Putnam, or Westchester Counties.

The answer to the most asked question this week is, “YES! We can shred water damaged paper”. In addition to being the most secure and environmentally friendly method of disposing of obsolete confidential paperwork, outsourcing to an on-site shredding service is all about making the disposal process as easy as possible. We can not only shred your wet paper, we will also do the labor of carrying the extra heavy paperwork up from your basement. As with all our service, there is never a need to sort out staples, paperclips, folders, envelopes, bank books, checkbooks, or message pads. Our 5/8 inch knives easily turn it all into bits!

Among the other highlights of using an on-site shredding service is that we provide a certificate of destruction which substantiates each client’s due diligence with the alphabet soup of Federal Regulations–all the more important as State Attorneys General are now empowered to levy fines for breaches.

Interestingly, your shredded paper could end up recycled into the very product used to rebuild–much of the recycled office paper is now going into sheetrocking products.
For more information about how we can help you securely dispose of confidential paperwork–water damaged or not–call (845) 705-7279 or email judith@hvshred.com

We hope you didn’t suffer any damage due to Irene–if you did, please let us help.

This week is the final part of our three part series on things to check when shopping for Identity Theft Services. 

Again, this checklist was developed by the CFA’s ID Theft Service Best Practice Working Group (which includes identity theft service providers and consumer advocates) to help Americans look for identity theft services that follow good practices.   The Consumer Federation of America (CFA) is an association of non-profit consumer organizations that was established in 1968 to advance the consumer interest through research, advocacy, and education.

Here are the final 3 tips about what to check when shopping for Identity Theft Services:

(1) Is the cost of the service provided before you are asked for your payment information? If the answer is no, steer clear! Identity theft service providers that follow good practices will make clear and complete information about the cost of their programs available before you are asked for your name, address, and payment information.

(2) Does the service have a clear, transparent privacy policy? If the answer is no, steer clear! Identity theft services collect personal information from or about individuals for many purposes, including verifying their identities, processing payments, providing lost wallet and monitoring services, helping to resolve fraud problems, and marketing. Identity theft service providers that follow good practices post clear, transparent privacy policies on their Web sites and make that information available from their customer service representatives so that you can easily learn what types of personal information they collect, how they use that information, what types of information, if any, they share with others, and what control you have over the collection and use of your personal information.

(3) If the identity theft service offers insurance or a guarantee, is it clear what is covered and who is eligible? If the answer is no, steer clear! Identity theft service providers that follow good practices should make it easy to find information on their Web sites and through their customer service representatives about exactly what the insurance or guarantee does for you and in what situations. For instance, if it reimburses you for expenses related to resolving identity theft problems, the identity theft service provider should explain what types of expenses are included, whether there are limits to how much you can get or other restrictions, and what’s required to make a claim. Identity theft service providers should also tell you if things aren’t included that you might expect the insurance or guarantee to cover. For example, if you won’t be reimbursed for money stolen by identity thieves, or you’re not covered for identity theft that is committed by a family member, that information should be easy to find and clearly explained.

Being proactive is the best way to deter, detect, and defend against Identity Theft.  HV Shred can help with on-site shredding service for your obsolete paperwork.  Visit www.hvshred.com for more information.

This week is part two of a three part series on things to check when shopping for Identity Theft Services.

Again, this checklist was developed by the CFA’s ID Theft Service Best Practice Working Group (which includes identity theft service providers and consumer advocates) to help Americans look for identity theft services that follow good practices. The Consumer Federation of America (CFA) is an association of non-profit consumer organizations that was established in 1968 to advance the consumer interest through research, advocacy, and education.

Here are the next 3 tips about what to check when shopping for Identity Theft Services:

(1) If the service offers to monitor your personal information and alert you if someone may be fraudulently using it, is it clear what it monitors? If the answer is no, steer clear! Identity theft service providers that follow good practices will make it easy to find information on their Web sites and through their customer service representatives about which of the three major credit bureaus (Experian, Equifax, and TransUnion), if any, they monitor. They will also tell you whether they monitor other places such as commercial databases, public records, and the Internet for clues that you might be a victim, and how frequently they monitor.

(2) Does the identity theft service make clear how monitoring or other features of its program actually help you? If the answer is no, steer clear! For instance, if credit monitoring is a feature, the identity theft service provider should explain the types of information that credit reports typically contain and that credit monitoring can help to detect new accounts fraudulently opened using your information. Since credit monitoring won’t alert you if someone is fraudulently using your existing accounts, you might want to consider monitoring those accounts yourself by checking them online once a week. Also look to see if it is clear how you will be alerted about suspicious situations. Identity theft service providers that follow good practices will clearly explain your choices for how to receive alerts.

(3) If the service offers to help identity theft victims, is it clear exactly what help it provides and who is eligible for it? If the answer is no, steer clear! Identity theft service providers that follow good practices will make it easy to find information on their Web sites and through their customer service representatives about exactly how they help victims and who can get help. For instance, some services provide customers who become identity theft victims with kits containing general advice about what they need to do to resolve their problems on their own, others may provide one-on-on counseling to actively guide customers through that process, and some actually contact customers’ creditors and others as needed to resolve their identity theft problems on their behalf. If you are already a victim of identity theft before you purchase the service, it’s also important to know if the service will assist you or if it does not provide help for “pre-existing” identity theft.

Being proactive is the best way to deter, detect, and defend against Identity Theft. HV Shred can help with on-site shredding service for your obsolete paperwork. Visit www.hvshred.com for more information.

This week is part one of a three part series on things to check when shopping for Identity Theft Services. Many companies and organizations sell services that promise to “protect your identity.” Identity theft services may be able to help you detect identity theft quicker than you could yourself so that you can take action to prevent further damage. Some services provide software or other technology to safeguard the personal information in your computer from ID thieves (though you can easily install antivirus and antispyware software yourself). And some services help victims resolve problems caused by identity theft. But, as Consumer Federation of America (CFA) has reported, the claims that some identity theft services make are exaggerated or misleading, and it’s not always easy to tell from their Web sites and advertising exactly how these services work, how much they cost, or what protection or assistance they really offer.

This checklist was developed by the CFA’s ID Theft Service Best Practice Working Group (which includes identity theft service providers and consumer advocates) to help Americans look for identity theft services that follow good practices. The Consumer Federation of America (CFA) is an association of non-profit consumer organizations that was established in 1968 to advance the consumer interest through research, advocacy, and education. Today, nearly 300 of these groups participate in the federation and govern it through their representatives on the organization’s Board of Directors.

Here are the first 3 tips about what to check when shopping for Identity Theft Services:

(1) Do the claims on the identity theft service’s Web site or in its advertisements make you think that the service will completely protect you against identity theft? If the answer is yes, steer clear! No one can absolutely protect your personal information from being stolen or fraudulently used, and identity theft service providers that follow good practices won’t imply that they can.

(2) Does the identity theft service use scare tactics to try to get you to enroll? If the answer is yes, steer clear! While identity theft is a serious problem, not everyone is or will become a victim, and the impact of identity theft varies. For instance, if someone steals your credit card number and uses it, you’re not liable for more than $50, and most credit card issuers won’t make you pay anything if you report the problem as soon as you discover it. Other identity theft problems can be harder to fix. Identity theft service providers that follow good practices won’t exaggerate the likelihood of becoming a victim or the harm that identity theft causes.

(3) Does the identity theft service make basic information about the company easy to find on its Web site? If the answer is no, steer clear! Identity theft service providers that follow good practices will provide basic information such as the company name, the physical location of its headquarters, and how to contact it or its product distributor directly for answers to questions.

One of the best things you can do to protect your identity is shred your personally identifying information. HV Shred is an on-site service that makes that process simple and cost effective more at hvshred.com

Addressing a long-standing identity theft risk, U.S. Senator Dick Durbin (D-IL) recently introduced legislation to require the federal government to remove Social Security numbers from Medicare identification cards and communications to Medicare beneficiaries. Admittedly, the Centers for Medicare and Medicaid Services (CMS), which administers the Medicare program, has fallen behind most other public and private organizations in recognizing the danger of displaying Social Security numbers. The Social Security Number Protection Act ensures that the Social Security numbers of Medicare beneficiaries will be properly protected.

According to Durbin, “This bill would ensure that a premium is placed on security and that personal information is protected.”

33 States have already passed laws prohibiting health insurers from using a Social Security Number on a beneficiary’s card or otherwise displaying it. In addition, the federal government has stopped using Social Security Numbers on Veteran Identification Cards, Department of Defense identification cards, and health insurance cards issued to federal employees participating in the Federal Employees Health Benefit Program.

The new legislation sets a timeframe for CMS to remove Social Security numbers from Medicare cards and communications to beneficiaries. The bill will:
Require the Health and Human Services Secretary to implement procedures to eliminate the unnecessary collection, use, and display of Social Security numbers of Medicare beneficiaries within three years;

Prohibit the display or the unencrypted electronic storage of Social Security numbers on newly issued Medicare cards;

Prohibit the display or the unencrypted electronic storage of Social Security numbers on all Medicare cards within five years of enactment; and

Prohibit the display of Social Security numbers on written and electronic communications to Medicare beneficiaries, unless essential for the operation of the Medicare program.

For more information on identity theft protection please visit www.hvshred.com

In the wake of high profile data breaches at companies such as Sony and Citibank, there is new urgency to get legislation in place to increase the protection and penalties related to business’ fiduciary duty to protect client information. Rep. Mary Bono Mack, R-Calif., has released a new version of legislation aimed at addressing some of the concerns with a draft measure setting national rules for when companies and organizations must notify federal authorities and consumers after a data breach.

The House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade is set to mark up the bill Wednesday. Mack, the subcommittee’s chairwoman, made several changes to a draft measure she released last month in response to concerns raised at a June 15th hearing by committee Democrats, privacy advocates and the Federal Trade Commission.

Bono’s guiding principle is that consumers should be promptly informed when their personal information has been jeopardized. In a recent statement, she emphasized we need a uniform national standard for data security and data breach notification.

Bono Mack’s bill requires companies that possess personal data about consumers to take adequate steps to safeguard that information and notify federal authorities and consumers following a breach.

Under the draft bill, the committee required companies to notify consumers and the FTC within 48 hours of a breach after doing a risk assessment.

The latest version still requires that consumers and the FTC be notified within 48 hours but only if they are at risk for identify theft or fraud as a result of the breach. At any rate, notification must come within 45 days of the discovery of a breach.

According to Bono’s spokesman, Ken Johnson, other changes made to the draft bill include providing more precise language for identifying individuals who are affected by a breach and in defining what constitutes a data breach.

On-site shredding is a key component for comprehensive data security. Outsourcing is often the most cost effective and reassuring method. More information at www.hvshred.com