FTC Emphasizes Aim to Protect Consumers’ Privacy

Recently, the Federal Trade Commission emphasized to Congress that protecting consumers’ privacy on-line and off-line and every where in between – through law enforcement, education and policy initiatives – is a top priority at the agency.

The FTC’s law enforcement initiatives have included hundreds of privacy-related actions, including 34 cases challenging the practices of companies that failed to adequately protect consumers’ personal information; more than 100 spam and spyware cases; and 16 cases for violation of the Children’s Online Privacy Protection Act. It also has brought 64 cases against companies for improperly calling consumers on the Do Not Call registry; and 86 cases against companies violating the Fair Credit Reporting Act.

In addition to law enforcement, the agency has distributed millions of copies of educational materials to consumers and businesses about privacy and security issues. As recently as last month, the FTC issued a new consumer education guide, “Understanding Mobile Apps: Questions and Answers.”

The FTC is also determined to take an active role in shaping policy for consumer privacy, including the issuance of a staff preliminary privacy report late last year and a call for industry to develop tools to allow consumers to control how their activities are tracked when they surf the Internet.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call
1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook and follow us on Twitter.

HV Shred helps by providing on-site shredding service; more information www.hvshred.com

Protecting Personal Information: Five Steps for Business

In this blog, we often point readers to the wealth of information avaialable at the Federal Trade Commission’s website. This week is another round highlighting five steps for businesses to protect personal information adapted from an article written by Lesley Fair, an attorney in the FTC’s Bureau of Consumer Protection who specializes in business compliance.

In the hands of an identity thief, the information in your filing cabinets and computer systerm a tools for draining bank accounts, opening bogus lines of credit, and going on the shopping spree of a lifetime — at the expense of your company, your employees, and the customers who trust you.

Many security breaches could be prevented by commonsense measures that cost companies next to nothing. Whether you work for a multinational powerhouse with branches around the world or a start-up based in a home office, a sound information security plan is built on these five key practices:

Take stock. Know what personal information you have in your files and on your computer. Understand how personal information moves into, through, and out of your business and who has access — or could have access to it.

Scale down. Keep only what you need for your business. That old business practice of holding on to every scrap of paper is “so 20th century.” These days, if you don’t have a legitimate business reason to have sensitive information in your files or on your computer, don’t keep it.

Lock it. Protect the information you keep. Be cognizant of physical security, electronic security, employee training, and the practices of your contractors and affiliates.

Pitch it. Properly dispose of what you no longer need. Make sure papers containing personal information are shredded, burned, or pulverized so they can’t be reconstructed by an identity thief.

Plan ahead. Draft a plan to respond to security incidents. Designate a senior member of your team to create an action plan before a breach happens.

All this information is captured in the FTC’s brochure: Protecting Personal Information: A Guide for Business at business.ftc.gov. It’s a great resource and it’s free.

For more information on secured on-site shredding service, visit hvshred.com

ID Theft Safety on Facebook

When we find useful information, we like to share it. This week’s blog is excerpted from the Identity Theft Resource Center and written by the Social Media Coordinator Nikki Junker. The scam is based on that much loved “like” on Facebook. It’s the way users showed they supported anything from a bagel shop to the fact that their aunt just bought a new car. Then with the invention of the “like” came the burning desire of users to be able to dislike something. Thus the mythical “dislike” button was born. There were so many questions and rumors surrounding whether or not Facebook would allow users to express their discontent for their friends’ relationship status change from “in a relationship” to “single”.

Scammers caught on to this interest in a dislike button recently and have begun using the promise of the “dislike” button to spread malware via Javascript code. What does this mean? It means you see a post by “your friend” (your friend being an account of someone you know who has already been hacked) about how to get the “dislike” button. You click on this post and are asked to copy and paste a link into your URL address bar (the box at the top of the page where you type the web address). Just like that you have invited hackers right into your computer to do whatever they please. They may take personal information, install a keylogger to see everything you type or any number of other nasty things.
You should always be careful about any link you click on and Facebook’s security has done a good job of cutting down on scams. However, you can be extra sure that if you click on anything regarding the “dislike” button you are in for a nasty surprise.

For more information on how to protect yourself visit www.hvshred.com

Identity Protection Tips from the IRS

This list of tips is adapted from valuable guidance distributed by the IRS last summer. Identity thieves use many methods to steal personal information and then they use the information to file a tax return and get a refund. Here are a few things the IRS wants you to know about identity theft so you can avoid becoming the victim of an identity thief.

1. The IRS does not initiate contact with a taxpayer by e-mail.

2. If you receive a scam e-mail claiming to be from the IRS, forward it to the IRS at phishing@irs.gov

3. Identity thieves get your personal information by many different means, including:
Stealing your wallet or purse
Posing as someone who needs information about you through a phone call or e-mail
Looking through your trash for personal information
Accessing information you provide to an unsecured Internet site.

4. If you discover a website that claims to be the IRS but does not begin with ‘www.irs.gov’, forward that link to the IRS at phishing@irs.gov

5. To learn how to identify a secure website, visit the Federal Trade Commission at www.onguardonline.gov/tools/recognize-secure-site-using-ssl.aspx

6. If your Social Security number is stolen, another individual may use it to get a job. That person’s employer may report income earned by them to the IRS using your Social Security number, thus making it appear that you did not report all of your income on your tax return.

7. Your identity may have been stolen if a letter from the IRS indicates more than one tax return was filed for you or the letter states you received wages from an employer you don’t know. If you receive such a letter from the IRS, leading you to believe your identity has been stolen, respond immediately to the name, address or phone number on the IRS notice.

8. If your tax records are not currently affected by identity theft, but you believe you may be at risk due to a lost wallet, questionable credit card activity, or credit report, you need to provide the IRS with proof of your identity. You should submit a copy of your valid government-issued identification – such as a Social Security card, driver’s license, or passport – along with a copy of a police report and/or a completed Form 14039, Identity Theft Affidavit. As an option, you can also contact the IRS Identity Protection Specialized Unit, toll-free at 800-908-4490. You should also follow FTC guidance for reporting identity theft at www.ftc.gov/idtheft

9. Show your Social Security card to your employer when you start a job or to your financial institution for tax reporting purposes. Do not routinely carry your card or other documents that display your Social Security number.

For more information about identity theft – including information about how to report identity theft, phishing and related fraudulent activity – visit the IRS Identity Theft and Your Tax Records Page, which you can find by searching “Identity Theft” on the IRS.gov home page.

On-site shredding service can take all the hassle out of shredding your hard copy paperwork–visiti www.hvshred.com for more information.

Vacation Time Tips To Keep Away ID Thieves

Most schools in the area are finishing up by this Friday and the summer vacation season will soon be in full swing! Still, we need to stay vigilant for identity thieves. Only take what you absolutely need in your wallet/purse. If you are traveling overseas make sure to leave your passport in the hotel safe. Before using an ATM, make sure there is no sign of tampering. Let your credit card company know if you are going overseas and the dates. When you get back check your statements for any activity that wasn’t yours.

Keep it simple and safe–and have a great time!

If you find some obsolete paperwork as you break throught the cobwebs in the attic or down in the basement to get to your suitcase, consider contacting HV Shred to help find the best solution to securely destroy your confidential paperwork. More information at www.hvshred.com

Cautionary Tale: Keep your business off the Local News

A recent newstory out of El Paso, Texas is a reminder that businesses need to put a high priority on training employees in best practices for confidential informaition. After learning personal and business documents containing social security numbers and bank account information were thrown away in a public dumpster, two businessmen in the borderland were left feeling shocked, disappointed, and even disgusted.
News crews from KTSM found the paperwork in a dumpster located in close proximity to the business. The local business said a new employee dumped the documents instead of properly shredding them.

Remember, the professionals we hire to do billing and tax work have a fiduciary responsibility to us. The newsgroup found confidential documents including tax returns, social security cards, bank account numbers, cancelled checks, and W2’s. Many of the documents had the Tax Matters logo on them.

The business owners claimed they had told a new employee to prepare some files for a third-party shredding service. They said that employee took those directions to mean, ‘dump it.’ The employee has since been fired but the damage could easily have already been done.

With more power now in the hands of State Attorney Generals, this will likely not just cost this business a couple of clients—it will likely also be levelled with a hefty fine. Outsourcing to an on-site shredding service takes a lot of stress and hassle out of the process. Monthly clients have locked containers to store confidential files—keeping them safe from low level employees and any outsiders that may have occasion to walk through the office (deliveries, cleaners). For more information, please visit www.hvshred.com

Creative Scammers Want Access to your Bank Account

It’s nothing new, but as expected, the scammers are getting more creative. Those phony checks are looking more and more authentic. It has your name on it and you could really use the extra cash.

All kinds of red flags should be flying. If it seems to good to be true, it probably is it. If it requires a deposit and then a wire—that’s an even bigger red flag.

Hundreds of check scams — and plenty of other cons such as telemarketing fraud, investment fraud and Internet auction fraud — take place nationwide each year.
But some fake check scams can be particularly worrisome because they come complete with bank logos by high quality printers.

Here’s how it works:

A check comes in the mail with the U.S. Bank logo on it. It matches the exact logo of the real company. With it is a letter that tells receivers they were electronically selected from an Internet database and have won $80,000. It then gives instructions for proceeding with the first portion of the winnings — that $2,500 check.
Deposit the check in the bank. Then call the telephone number provided to activate the winnings. At that time, you will be asked to wire a processing fee of $800 and an administrative fee of $700. Those can only be made through Western Union or MoneyGram.

Once you send that money, the letter explains that the rest of your winning check will be sent to you in the amount of $77,500, delivered by FedEx or DHL.

If you think there is a chance it may be authentic, at least check the validity of a check, take it into the branch and have them check it out. Once you deposit that check, you are on the hook for what happens next.

That’s exactly what the scammers want — you liable for the money.

Their hope is that you will deposit the check for $2,500 into your bank account and then wire the $1,500 before the bank realizes the check is phony.
For more information on how to protect yourself from scams visit www.hvshred.com

National Data Breach Reporting for Cybersecurity

We always want to be doing as much as we can on an individual and business level to deter, detect, and defend again Identity Theft and the government is looking into ways to address the issues as well. According to a recent White House blog, members of both parties in Congress have introduced approximately 50 cyber-related bills in the last session of Congress. The blog states “it has become clear that our Nation cannot fully defend against these threats unless certain parts of cybersecurity law are updated.”

The proposed legislation is focused on improving cybersecurity for the American people, our Nation’s critical infrastructure, and the Federal Government’s own networks and computers.

When it comes to protecting the American people, the White House is calling for National Data Breach Reporting. State laws have helped consumers protect themselves against identity theft while also incentivizing businesses to have better cybersecurity, thus helping to stem the tide of identity theft. These laws require businesses that have suffered an intrusion to notify consumers if the intruder had access to the consumers’ personal information. The Administration proposal helps businesses by simplifying and standardizing the existing patchwork of 47 state laws that contain these requirements.
Penalties for Computer Criminals. The laws regarding penalties for computer crime are not fully synchronized with those for other types of crime. For example, a key tool for fighting organized crime is the Racketeering Influenced and Corrupt Organizations Act (RICO). Yet RICO does not apply to cyber crimes, despite the fact that cyber crime has become a big business for organized crime. The Administration proposal thus clarifies the penalties for computer crimes, synchronizes them with other crimes, and sets mandatory minimums for cyber intrusions into critical infrastructure.

For more information on measures to protect against identity theft, visit www.hvshred.com

FTC is serious about enforcing data security-Two More Companies Settle

According to a May 3rd press release by the FTC, two companies that maintain large amounts of sensitive information about the employees of their business customers, including Social Security numbers, have agreed to settle Federal Trade Commission charges that they failed to employ reasonable and appropriate security measures to protect the data, in violation of federal law. Among other things, the settlement orders require the companies to implement comprehensive information security programs and to obtain independent audits of the programs every other year.

The settlements with Ceridian Corporation and Lookout Services, Inc. are part of the FTC’s ongoing efforts to ensure that companies secure the sensitive consumer information they maintain. In complaints filed against the companies, the FTC charged that both Ceridian and Lookout claimed they would take reasonable measures to secure the consumer data they maintained, including Social Security numbers, but failed to do so. These flaws were exposed when security breaches at both companies put the personal information of thousands of consumers at risk. The FTC challenged the companies’ security practices as unfair and deceptive.

According to the FTC’s complaint against Ceridian, a provider to businesses of payroll and other human resource services, Ceridian’s security was inadequate. Among other things, the company did not adequately protect its network from reasonably foreseeable attacks and stored personal information in clear, readable text indefinitely on its network without a business need. These security lapses enabled an intruder to breach one of Ceridian’s web-based payroll processing applications in December 2009, and compromise the personal information – including Social Security numbers and direct deposit information – of approximately 28,000 employees of Ceridian’s small business customers.

The other company, Lookout Services, Inc., markets a product that allows employers to comply with federal immigration laws. It stores information such as names, addresses, dates of birth and Social Security Numbers. According to the FTC’s complaint against Lookout, it did not in fact provide adequate security. For example, unauthorized access to sensitive employee information allegedly could be gained without the need to enter a username or password, simply by typing a relatively simple URL into a web browser. As a result of this and other failures, an employee of one of Lookout’s customers was able to access sensitive information maintained in the company’s database, including the Social Security numbers of about 37,000 consumers.

The settlement orders bar misrepresentations, including misleading claims about the privacy, confidentiality, or integrity of any personal information collected from or about consumers. They require the companies to implement a comprehensive information security program and to obtain independent, third party security audits every other year for 20 years.

One of the best ways to ensure compliance with hard copy data security is to engage an on-site shredding service. It’s both cost effective and brings peace of mind. For more information check out www.hvshred.com

Don’t Forget About Security for Your Smartphone

In their annual focus on security, the latest edition of Consumer Reports Magazine is worth reading to help you consider whether you are taking proper measures to ensure your security in all arenas—in your home, in your office, your computer and the often overlooked smartphone.

Though so far smartphones don’t seem as susceptible to viruses, there is still the risk that your data can be comprised simply by losing your phone—or someone stealing it. We are storing more and more data on these devices yet aren’t taking measures to protect this confidential information. First and foremost, create a password or PIN to access the phone. As with all passwords, make it strong by using a combination of letters (caps and lower case), numbers, and symbols. Also realize that when you engage in programs such as Foursquare that allow you to comment on restaurants, stores, and other places you visit, you are also letting strangers as well as your friends know where you are in real time.

There is software available that lets you lock the phone or erase data remotely. Photos can also reveal your exact location if you use photo-sharing service such as Flickr. To avoid having photos geotagged, turn off the phone’s GPS if you can when you don’t need it.

Be careful when downloading apps and be wary of security settings on all programs in which you engage.

Our goal is to be your source for all news related to data security, so please check out our website for more information. Our specialty is on-site document shredding service. The most secure form on hard-copy disposal is ON-SITE shredding. www.hvshred.com