February 4, 2016
Jackie here. If you haven’t heard of or thought about in store tracking, you are likely missing an emerging privacy trend. Retailers are increasingly turning to your smartphone to gather data about you and to track your movements throughout the store. Here’s what you need to know:
In Store Tracking- Does it Really Happen?
In store tracking sounds like something out of a science fiction movie, but it can and does occur. Using the Wi-Fi and Bluetooth signals from your smartphone, retailers, airports, and other businesses can effectively track your movements throughout the area, provide customized advertising, and link your online and offline identities.
While there are some potential consumer benefits to in store tracking (like additional discounts or customized promotions), there are also some privacy concerns. Using tracking, retailers and others can begin to develop a comprehensive picture of your activities. They can know when you come and go, what areas in the store you visit, what you buy, and more. This data is valuable to businesses, but might have value to identity thieves and hackers as well.
What Can I Do to Protect Myself from In Store Tracking?
If you’re concerned about in store tracking, you don’t have a lot of options. Here are a few things you can try to better protect your privacy.
Turn Off Wi-Fi/ Bluetooth- At the moment, most stores use Wi-Fi or Bluetooth to track your movements throughout the store. Turning these features off can effectively stop tracking.
Find Out Before You Sign Up- Many of the stores that use tracking do so in conjunction with an opt-in program using either their own or a third-party app. Pay attention when you’re signing up for programs and read the terms and conditions. Make sure you’re comfortable with the information you’re agreeing to share.
Ask Questions- If you have questions about a retailer’s tracking policies, ask them. They should be able to provide you information about whether tracking is occurring, if you can opt-out, how data is stored, etc.
In store tracking is coming soon to a store near you. Are you excited for customized promotions or worried about the privacy implications?
January 30, 2016
AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.
Many people don’t consider tax season their favorite time of the year, but for identity thieves who are determined to nab your tax refund, the payoffs can make it worth their while. By filling out fraudulent tax returns, they can not only falsify your return and make off with a lot of money, they can prevent you from being able to file your legitimate return on time and leave you with an identity theft mess to clean up.
There are a few things you can do to avoid becoming a victim of this rapidly growing crime, and a lot of it starts with early preparation:
1. Are you already a victim? If you’ve had your identity stolen, you may be at even greater risk of having your tax refund stolen. Think of it this way: once a thief already has your personally identifiable information, there’s little to stop him or her from filing a false return in your name and making off with even more money. If you know you’ve been the victim of an event of this kind, it’s important that you get your tax return filed as soon as possible in order to beat a thief to it.
2. Get your paperwork together. This is the time of year when your documentation will start to trickle in. W2 forms will come from current or former employers, and day care reports or medical statements will arrive detailing tax-deductible expenses. Even your church or favorite charity will send notices of contributions. By having a safe location to keep all of these important forms, you’ll be ready to file as soon as everything is in place.
3. Update your software if you’re going it alone. If you prefer to file your own returns by using tax preparation software, now is the time to make that purchase or update your previous title. There were some key changes this year to how these software titles will operate, including requiring stronger passwords and multi-step authentication, so you’ll want to be familiar with the system and have your profile up-to-date before you try to actually file your return.
4. Ask for credentials. If you’re taking your paperwork to a tax preparer, remember that a number of tax fraud rings have originated with fly-by-night tax preparation services. While there are definitely legitimate tax prep services that don’t maintain year-round offices since their services are only required for a few months each year, some of them are nothing more than identity thieves in disguise. Before turning over any important information, ask for their credentials. If they can’t show you certification through the IRS or they balk at turning over their names, certification numbers, or other pertinent data, something isn’t right.
5. You’re not done just yet…Once the work of filing your return is completed, you’re not finished. You still have to secure all of your documentation in a safe place and shred anything that is no longer needed. Do not leave your information lying around where anyone can see it, and don’t discard anything that contains personal information without rendering it unreadable first. Shred it just to be sure, and making shredding identifiable documents a good habit all year long.
The better prepared you are before you file, the easier the process will be. By maintaining all of your records in a secure place and staying on top of any documentation, next year’s return can be even more secure than this year’s.
January 26, 2016
Jackie here. Fraud alerts and credit freezes are some of the tools available to you to better protect your credit. The Identity Theft Resource Center has quite a bit of information about this topic, and we’ve consolidated some of that information for you on our blog. Here’s what you need to know:
What Is a Fraud Alert?
A fraud alert is a warning to potential creditors that lets them know to take further steps to verify your identity before issuing credit. They are easy to place on your credit report and are the least restrictive of the two options. A fraud alert is a good protective measure to put in place if you’re worried about your identity and think you may be at risk for identity theft.
If you want to place a fraud alert on your credit report, contact any of the three credit reporting agencies (Equifax, Experian, or TransUnion) and request the alert. The agency you contact is required to inform the other two.
A fraud alert is an effective tool, but it is temporary, designed to protect you in the short term during times of increased risk for ID theft. Once in place, a fraud alert only lasts 90 days. If you need another one, you’ll have to call again. They can be renewed indefinitely, but you do have to manually do it yourself.
What Is a Credit Freeze?
If you’ve confirmed that you are a victim of ID theft, you can take the next step in protecting your identity: a credit freeze. This is more extreme than a fraud alert and keeps new lenders from seeing your credit (and thereby opening new loans). It doesn’t just stop thieves though, it will also keep you from opening new, legitimate, lines of credit. A credit freeze is a lasting solution and will remain in place until you ask to have it removed.
Getting a credit freeze is a bit more complicated than placing a fraud alert. You’ll need to contact each of the three credit bureaus yourself, verify your identity, and pay a fee (usually $5-10). This fee can often be waived by providing a copy of your police report that verifies ID theft has occurred.
If you do place a credit freeze, you’ll need to plan ahead, especially if you decide to get a new job, shop for a car, move into a new home or apartment, etc. Removing a freeze isn’t instantaneous and while it is in place, you’re frozen out of your credit too.
Could a fraud alert or credit freeze help you to protect your identity?
January 25, 2016
Jackie here. The days and weeks after a loved one passes away are often very difficult for family members and friends. While you’re mourning, many identity thieves are busy capitalizing on your deceased relative’s credit. What can you do to prevent ID theft after the death of a loved one? Here are some tips:
Contact the Credit Bureaus
After a loved one dies, you’ll need to take a few steps to shut down their credit and lock up their identity. Contact each of the three credit bureaus (Experian, TransUnion, and Equifax) as quickly as possible and let them know about the death. The Social Security Administration will eventually do this, but it can take months and thieves often act quickly.
If you’re the executor of the estate, a spouse, or a child, write the credit bureaus and enclose a copy of the death certificate to ensure that no new credit can be issued in the person’s name. You’ll also need to provide proof that you’re the executor or that you have the legal right to act on behalf of the deceased in this matter. Certified letters are the best choice.
You’ll also want to get in touch with all of the deceased’s creditors. This will start the process of closing their accounts and settling up with the estate. If your loved one has been receiving Social Security, you’ll want to contact the Social Security Administration to ensure that benefits are stopped.
January 19, 2016
Jackie here. If a debt collector comes calling about a debt you don’t recognize, your first instinct might be to assume you’re a victim of ID theft. While this is a possibility, much of the time you’re dealing with something else. It is possible the debt belongs to someone else entirely or that the phone call is part of a debt collection scam. Here are some helpful tips from the FTC to help you sort out the situation.
If a debt collector calls about a debt you don’t remember, your first step should be to gather information. Don’t make the mistake of paying out of fear or worry. You do have time to verify the debt before you make a payment.
Here are a few things to ask for during that initial call:
Information About the Collector- Legitimate debt collectors will provide you with basic information like the name of the debt collector and the company’s name, address, and phone number. If they won’t provide this information, assume the call is a scam.
Information About the Debt- Make sure the debt is in your name and not someone else’s. Find out the amount of the debt, the original creditor, etc.
Validation Notice- Ask for a validation notice, or a written notice stating the original creditor, how much you owe, and what to do if you decide to dispute the debt. If the collector doesn’t already have your address, or has an incorrect one that you’ve never used, don’t provide the correct information.
If the collector wants to verify your personal information don’t correct any errors in their information (like the wrong name, address, etc.) since this can make disputing an illegitimate debt more difficult later. Don’t give out any personal information that the debt collector doesn’t already have.
If the debt is legitimate, the collector should send you a validation notice upon request. Once you receive this, start doing a bit of detective work to verify your debt. Here are a few things to check:
Check Out the Debt Collector- Verify the debt collection company with a quick internet search. Look for any signs of scams.
Verify Information with the Original Creditor- Contact the original creditor and see if they can offer any additional information about the debt. They can often help you determine if the debt is real and if the debt collector is authorized to collect on their behalf.
Check Your Credit- Does the debt appear on your credit report? Pull a credit report and see if the debt is there.
With the information you’ve gathered you should be able to determine if the debt is legitimate or not. Then, proceed accordingly. If you find yourself in this situation, you’ll find some additional tips from the FTC.
January 12, 2016
Jackie here. January 1st has come and gone, which means that it’s time to start working on your taxes. Tax identity theft continues to cause problems for many people, and one of the best ways to protect yourself is to file early. Start gathering those forms, tallying up those expenses, and getting ready to file. When it comes to protecting yourself from tax ID theft, earlier is better. This year, you can begin filing your returns on Tuesday, January 19th.
Why Should I File Early to Help Avoid Tax ID Theft?
Tax ID theft occurs when thieves use your personal information to obtain a tax refund or job. This scam typically occurs early in the tax season, stealing your refund before you’ve ever had a chance to claim it. Many people do not realize they are a victim until they receive a notice from the IRS after filing their own taxes. When you file early, you increase your chances of beating the thieves and keeping them from filing in your name before you do.
In addition to filing early, these other tips will help reduce your risk of tax ID theft.
Protect Your SSN- Thieves use your Social Security number to file taxes and claim your refund. Without it, they cannot commit tax identity theft. Do all you can to protect your SSN and don’t give it out unless absolutely necessary. Check your credit often to notice early signs of id theft.
Submit Your Taxes Securely- When you do file your taxes, do so securely. If you file online, use a secure connection and a computer with updated antivirus software, a firewall, etc. If you’re mailing in your return, take it to the post office directly. Don’t leave it in your mailbox or in an outdoor mail collection bin.
What Should I Do if I’m a Victim of Tax ID Theft?
If you receive a notice from the IRS that duplicate return have been filed, you may be a victim of tax id theft. This guide from the IRS will help you resolve the problem.
January 5, 2016
Jackie here. If you’re anything like my Facebook friends, you certainly love a good quiz. Online quizzes certainly seem harmless, often featuring favorite movie characters, delicious desserts, cuddly kittens, and historical figures. But before you take them, make sure you are aware of the potential privacy risk.
Online Quizzes and Privacy- What You Need to Know
Many online quizzes are harmless, trading answers for a silly prediction or fortune. However, lately there’s been a trend in the world of online quizzes where quiz makers are asking for more personal information. These are the quizzes you should worry about.
In a recent blog post, the Identity Theft Resource Center highlights a popular quiz with some real privacy problems. The quiz is called “Most Commonly Used Words” and examines your Facebook timeline for your most used words. To take the quiz, users have to allow access to everything they’ve posted on Facebook, their friend’s list, their photos, their IP address, which browser they’re using, and more. Although a lot of this information is necessary to determine which words you use the most, it might reveal too much about you and your browsing habits.
Quiz developers could potentially store or share your information (along with some information about your friends). Someone with bad intentions could possibly find answers to security questions, email addresses, and much more by sifting through your information. The quiz might be fun, but is it really worth trading your identity for?
Here are some signs that a quiz needs a second look before you hand over personal information:
Requires Registration- If you need to fill out a form (providing details like name, address, email, etc.) to take a quiz, you might want to skip it.
Requires Access to Your Social Media Profiles- Be careful who you give access to your social media information. Depending on how much you share on social media, there could be a lot of personal information available to third parties who have access to your profiles. Privacy settings only protect you if you don’t grant access to strangers.
The next time you take a quiz, make sure it’s just a fun quiz, not an attempt to grab your personal information.
December 31, 2015
AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.
Part of the job of the Identity Theft Resource Center is to analyze the criminal trends and victim calls to uncover where identity theft and its related crimes will lead in the days ahead. As we finish out 2015 and move into a new year, these predictions—while we hope they don’t come true—are at the top of our list:
1. Child Identity Theft Will Increase – One of the fastest growing forms of identity theft is child identity theft, affecting as many as ten percent of children and young people, according to one study. Unfortunately, this crime used to be relegated to those in your family’s inner circle who “borrowed” your child’s identity for financial purposes, but now we’re seeing an increase in hacking and data breaches that specifically target children.
Fortunately, headway is being made in halting the advance. Kentucky became the most recent state to propose legislation that would allow parents to place freezes on their children’s credit reports if fraud has been suspected; this would bring the total number of states with this kind of law to 23 if it passes.
2. Tax Refund Fraud Will Shift – The IRS met with key lawmakers, tax experts, and tax preparation software publishers this year to try to curb the nearly $6 billion in fraudulent refunds that get paid out every year. With stricter controls like stronger user passwords, alerts for information changes, alerts for multiple returns filed from the same computer, and two-step authentication, the goal is to make federal tax refund fraud not worth it for criminals, and much more difficult to commit.
Unfortunately, that means our prediction is that state tax refund fraud will increase as federal fraud decreases. Thieves currently file state returns on the same Social Security number in several different states, and with the cash cow of federal refund fraud stripped away, they’ll have even more incentive to attack the state departments of revenue. Until states have some form of unified structure for red flagging the multiple filings, this trend may continue to grow.
3. Tighter Controls on the Internet of Things – There’s little doubt that IoT innovation is very exciting. With everything from devices that are merely more convenient to devices that are truly life changing, so-called “smart” devices will continue to shape the future.
However, in 2016 we predict that consumers will start to ask a lot more questions about what personal data is gathered from these devices, how that data is stored, and what the companies can do with it legally. The bright, shiny honeymoon period might be coming to and end, the time when consumers were simply amazed by the possibilities. Now, IoT users are more savvy and more cautious, and in the coming year there will be a lot more emphasis on protecting our privacy from 24/7 internet connectivity.
Whatever the coming year brings for identity theft prevention, we’re certain that consumers will play a bigger role in their own protection than ever before. The volume of calls to the ITRC’s 24-hour toll-free call center has yet to slow down, but there’s a broader understanding of how to protect ourselves and our data.
December 7, 2015
Jackie here. Are you using email safely? If not, you could be exposing yourself to scams, phishing attempts, malware, ID theft, and a host of other problems. How can you protect yourself? Avoid these risky email practices for a safer email experience.
Clicking on Unknown Links
If you’re not absolutely certain about a link, don’t click it. Scammers often use links to install malware on your computer. A link in an email from someone you know isn’t necessarily safe. It is possible their account has been compromised. If an email looks off, don’t click the links. Here are some warning signs for potentially scammy/spammy emails.
Just a Link- The email is from someone you know (or someone you don’t know), but all you get is a link, no explanation. Don’t click. This is a common sign of spam coming from a compromised account.
Spelling and Grammar Errors- Spelling and grammar errors are a good indication that something’s wrong with an email, especially if the email appears to come from a professional source, like a bank, large store, etc. Thieves often use corporate logos and similar looking email addresses to lend credibility to their scams. Bad grammar usually means something’s not right.
Requests for Personal Information- Big companies won’t typically ask you to click on a link and supply personal information. If you get this request, don’t do it. Also be on alert for promises of prizes, money, savings, etc. when you click a link and enter your information.
Not Choosing a Strong Password
If it seems like we’re constantly reminding you about strong passwords, we are. This is one of the most important ways to protect your accounts, but too many people let it slide. Choose a strong password. It may be tempting to recycle passwords across multiple accounts or to choose a simple, easy to remember password, but for your email account, security is a must. Your email account is the gateway to your online identity. Also, avoid the urge to save or store your password on your browser or mobile device.
Sending Stuff You Shouldn’t
There are some things you should never send in an email. Don’t send your Social Security number, your driver’s license number, account numbers, passwords, etc. in an email, even if you know and trust the recipient. If this information needs to be communicated, use the phone or tell the recipient in person.
Not Cleaning Up
Even if you’re doing everything right, there are times that sensitive information may end up in your inbox. If this happens, delete the email immediately and empty your trash. This tip isn’t foolproof, however, so it’s best to take the proper precautions when it comes to protecting your information and only use this step as a last resort.
Every so often, give your inbox a quick check, looking for sensitive information that shouldn’t be there. If your account is compromised, you’ll be glad that this important information isn’t easily accessible.
When you check your inbox, also check your security settings and ensure that your recovery information is up to date, just in case you lose access to your account.
Email can be a valuable tool, but if you don’t use it carefully, you’re putting yourself at risk for ID theft. How do you keep your inbox secure?
December 3, 2015
Jackie here. The holiday shopping season is here. How are keeping yourself safe from ID theft? Here are some essential tips for safe holiday shopping.
Check Your Statements More Often- As you start making more holiday purchases, it can be more difficult to spot credit card fraud. During the holiday season, pay extra attention to your banking and credit accounts. Look for suspicious purchases, including low dollar purchases. Many thieves make smaller purchases because they are less likely to be noticed, but will still add up over time. You may want to use one card for all holiday shopping to simplify the verification process.
Shop at the Right Site- Look alike websites are a problem this year. Before you shop, make sure you’re using a legitimate and secure site. Don’t follow links embedded in emails and navigate to the site on your own.
Use Credit, Not Debit- Card cards offer richer fraud protections than debit and are a safer choice for your holiday shopping. Debit cards also pull directly from your bank account. If your account is compromised, you could end up with an empty account while you wait for the issue to be resolved.
Don’t Use Public Wi-Fi- When it comes to online shopping, public Wi-Fi is a no-no. Wait until you have access to a secure connection, like your home network or a data plan. Your payment information is at risk when transmitted over a public connection.
Watch for Skimmers- Skimmers are a common problem during the holiday season. If a payment terminal looks tampered with, use a different one.
Protect Yourself- Thieves use the hustle of the busy holiday season to steak phones and wallets. Be on the lookout for thieves. Don’t set valuable items down or leave them unattended. Keep your cards on you at all times (consider taking only one card when you holiday shop in case your wallet is stolen). Be careful with your phone. Cards have theft protections, cash doesn’t. The holiday season is also the season of theft.
For more great tips, check out this article from U.S. News. How do you protect yourself when holiday shopping?
November 30, 2015
Jean here from the AllClear ID HR team. As any company continues to grow at a rapid rate, preserving the company culture becomes increasingly important in maintaining a work environment that fosters a happy, productive team and attracting the very best talent. That said, we proudly announce that we’ve been listed on the “The Austin American-Statesman Top Workplaces” – a list of the best places to work in the Greater Austin area.
The evaluation for the Top Workplaces program is based on the feedback from an employee survey that was completed a couple of months ago. We were fortunate to have a high number of responses by our employees who are passionate enough about their roles and being part of the AllClear team to take time out of their busy schedules to share their invaluable perspectives on what it’s like to work at AllClear ID.
The list names 100 companies that were selected to receive the Top Workplaces award, and we are truly honored to have been selected, particularly since the judges were our very own employees! As a company, our mission is to provide excellence in customer service – something that we place equal importance on when it comes to taking care of our AllClear team.
As the Senior HR Manager here at AllClear, I couldn’t be happier to receive validation that we’re all doing something right in promoting a culture that provides a rewarding, encouraging, and fun place to work.
November 25, 2015
AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.
There’s a new annual holiday event that a lot of smart shoppers are catching on to. Instead of waking up early and standing outside in the cold to battle the sea of shoppers once the doors open, a lot of consumers are checking out the ads and sales papers for an event that happens shortly after Black Friday. Called Cyber Monday, it’s a great way to plan ahead and save a lot of money this holiday season, all from the comfort of your own computer screen.
Cyber Monday can get your holiday shopping off to a really good start, but only if you know how to protect yourself and your family during your online activities. However, any time you mix internet websites, your financial information, and your personal data, the chances for identity theft go up.
Here are some helpful hints to protect your identity during the event:
1. Going Mobile? Keep It Safe – If you’re like one of the growing numbers of consumers who’ve turned to shopping on their mobile devices, you should put some protection in place. If you have the option to shop through a dedicated store app, that’s usually a safer bet than trying to browse and buy on the mobile version of the store’s main website. Regardless of how you make your purchases, though, make sure you look out for the HTTPS designation at the front of the web address. That tells you the website is secure.
2. Passcode and Password – Keeping others out of your personal data business is always important, but too many people overlook the dangers of their mobile devices. Your smartphone and tablet are gateways to your identity whether you know it or not, so it’s important to passcode lock them in case of theft or loss. But on this Cyber Monday when you’re shopping from the safety of a home network, it’s equally important to create strong, unique passwords for all of your online accounts. This is especially true for any new accounts you may establish as you browse unfamiliar websites.
3. Only the Best For You! – When you’re shopping online, be careful of shady-looking websites that claim to offer the hottest holiday toys and gadgets. Also, be very careful around these online auction sites that say they’re selling iPads for $50 or flat-screen televisions for $100. By sticking with major retailers and known web addresses, you’re more likely to actually receive your stuff. Your identity is also more securely protected, even in the event of a hacking, due to insurance against data breaches that many companies have in place.
4. Don’t Go Phishing – This is the perfect time of year to be caught in a phishing email net. After all, you’re very busy, you’re still looking for that “perfect” gift, and scammers know you’re likely to click on a link if there’s a promise of getting something off your to-do list. Never click on a link or an attachment in an email that you weren’t expecting, even if it seems to come from someone you know. At the same time, don’t fall for a “spoof” email that appears to come from your bank or credit card provider, telling you that there’s an issue with your account that you can resolve by clicking the link or entering your account information.
5. Secure Your Computer – No matter how you choose to shop this season, protect your computer now and into the New Year with strong anti-virus and anti-malware software. Having it in place before you shop on Cyber Monday will help protect you from harmful content in the websites you visit while browsing. Once installed, you’ll need to make sure you update it routinely whenever notifications arrive. Protective software is only as strong as it was the day you installed it if you don’t update it.
However you choose to celebrate the holidays, just remember to keep your security at the top of your to-do list. It’s a gift you’ll give yourself all year long.
November 20, 2015
Jackie here. October 1st brought about a big deadline for the new EMV (also called “Chip and PIN”) cards, but what does this really mean for you, the consumer? Let’s explore the changes that took place and find out how they’ll change credit card processing.
The changes impact all major credit cards (Mastercard, Visa, American Express, and Discover) and all merchants that use them. The new cards are more difficult to counterfeit and are expected to slow the losses from credit card breaches and card cloning. Chip cards feature an added layer of protection when compared with cards that only have a magnetic strip. If a thief gets the number to your card, they may be unable to use it. This switch is intended to cut down on credit card fraud.
About the October 1st Deadline?
October 1st was a big deadline for merchants, financial companies, and card processors. The deadline required that all merchants and all financial institutions start using EMV technology. The deadline has come and gone, but if you’re like me, you probably haven’t seen much of a change. I can still swipe my card at many merchants and even have some cards without a chip.
While the deadline was a big one for merchants and card providers, it doesn’t really impact consumers as much as you’d think. However, businesses that haven’t made the deadline could be taking on big liabilities should fraud occur. If a counterfeit card is used, the party that is least EMV compliant will be responsible for the losses. This means that your bank will be stuck with the loss if they haven’t issued a card or the merchant will be responsible if they don’t have a payment terminal that processes the card.
What Changes Are Coming?
The October 1st deadline applied to most merchants, but outdoor terminals at gas stations are exempt until 2017. Expect to continue swiping your card at the pump in the near future. If your card hasn’t yet been upgraded, you’ll likely see a new one, complete with a chip soon. Right now, cards feature both a chip and a magnetic stripe, but future cards may rely solely on the chip function as systems are upgraded. We may also see the PIN function being used more often. Most of the new cards function as chip and signature cards, which are less secure than using a PIN.
Are you using an EMV card?
November 12, 2015
Jackie here. How much is your privacy worth? A life insurance company is hoping that consumers will trade a bit of privacy for a discount. The new program will provide participants with an activity tracker and steep discounts in exchange for information about their health habits. What privacy implications does this program have? Would you sign up?
Privacy and Your Health: What’s the Connection?
When it comes to trading information for insurance discounts, experts fall on both sides of the spectrum. Some believe the discounts will be a great opportunity for consumers, while others worry that privacy is more valuable. Let’s take a quick look at some of the pros and cons.
Benefits of Activity Tracking for Insurance Discounts
Risks of Activity Tracking for Insurance Discounts
Sharing your health and activity information for a discount does have the potential for some risk. Some privacy experts worry that changes in your health could result in losing your insurance policy when you need it most. A life insurance company could potentially cancel a policy when they realize that a person has been afflicted with a long term health complication. Other experts worry that insurance companies will use the information they gather to create tools to deny or cancel coverage.
Additionally, these programs could result in negative rate changes for healthy people that can’t exercise at the moment. For example, women may be unable to engage in the same physical activities immediately after having a baby or injuries may keep people from being able to work out, potentially resulting in rate spikes.
The data gathered may also be valuable to hackers. Activity trackers learn your habits (when you exercise, where you go, etc.) and can provide valuable information to potential thieves.
If you choose to partake in one of these programs, be sure you fully understand how your data will be used and who will have access to it.
November 1, 2015
Earlier this year, the Federal Trade Commission expanded its efforts to help businesses protect consumer information by launching a new initiative called Start With Security. It is designed to help small- and mid-sized businesses in various industries understand how to strengthen data security around consumer information.
So far the initiative includes three daylong workshops in major U.S. cities and a new guidance document. Additional workshop locations are being planned throughout 2016.
“Promoting good data security practices has long been a priority for the FTC,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “The new Start with Security initiative shares lessons from the FTC’s 53 data security cases. Although we launch cases when businesses put data at risk, we’d much rather help companies avoid problems in the first place.”
Aimed at start-ups and developers, the workshops bring together FTC and local experts to provide information on security design, common security vulnerabilities, strategies for secure development, and vulnerability response. Sessions cover topics such as:
• Building a Security Culture
• Embracing Security Features
• Adapting Security Testing for DevOps and Hyper-growth
• Dealing with Bugs, Bug Reports, and Third-party Code
The first workshop was held in San Francisco on September 9th. It was hosted and co-sponsored by the University of California Hastings College of the Law.
The second Start With Security workshop is in Austin, Texas on November 5th. It is co-sponsored by the University of Texas Robert C. Strauss Center and the Center for Identity.
A third workshop is scheduled for Seattle at the University of Washington on February 9, 2016. More details will be published soon.
The FTC is currently exploring additional locations to hold the workshop throughout 2016, such as Chicago, Cleveland, and more.
The Start With Security business guide lays out ten key steps for effective data security drawn from its own cases. It’s meant to provide an easy way for companies to understand the lessons learned from these cases, and aligns with the FTC’s primary mission: to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them.
The document includes case references, as well as plain-language explanations of the security principles at play. Advice includes, for example:
• Keep sensitive information secure throughout its lifecycle
• Verify that privacy and security features work
• Protect devices that process personal information
The new publication is available online. Print copies are available through the FTC’s publication bulk order site.
Further, the FTC has introduced a one-stop website that consolidates the Commission’s data security information for businesses at www.ftc.gov/datasecurity.
October 30, 2015
By Kirsten Matetich, Marketing Director at AllClear ID
Forrester Research, Inc. recently released The Forrester Wave™: Customer Data Breach Notification and Response Services, Q3 2015 report. Based on their evaluation, AllClear ID is a leader in the space. We think that the report hits on a lot of important themes, including the challenge of capacity industry-wide, and the importance of putting customers at the center of any breach response plan.
We believe our ranking as a “Leader” validates our customer-centric approach and is further proof that AllClear ID is setting the industry benchmark for data breach response.
The opening of the report does a great job of summing up what we believe to be true about data breach response: “In the age of the customer, an incident response plan is not complete unless it includes considerations for customer-facing breach notification and response. A breach of customer data is emotional for both the customer and your organization! As such, waiting until a breach to start thinking about what to do is a recipe for pain and public scrutiny. Line up resources in advance to mitigate the fallout from a customer data breach.”
The report scores are based on current offering, strategy, and market presence and across 23 pieces of criteria. AllClear ID received the highest score of any company in the Strategy category. As part of that category, we scored the highest possible rating in employee subject matter expertise, partnerships and affiliations, and corporate strategy– all of which we feel speak to our long-term view of our partnerships with our clients and our big-picture perspective of this industry. We’ve spent years honing our expertise while staying focused on what we do best – data breach preparation and response.
A few important points of differentiation that we see in the market include:
Capacity: Forrester characterizes the industry as in an “arms race to ensure scalability of resources.” We agree and recognized the need for high levels of quality capacity over a year ago, and have built capacity accordingly. We are first to market with a breach preparation program to reserve capacity for clients to ensure appropriate resources are trained and ready to go no matter the type or size of the breach.
Customer Service: Our focus on scale and quality translates into a great customer experience, reflected in a 97% customer satisfaction rating for AllClear ID. We have maintained our high customer satisfaction rating for years and continue to make it a priority to provide great service to our clients’ customers.
Specialization: According to the report, “AllClear ID’s core business is customer breach notification and response services. It is well-positioned for servicing multicountry customer breach notification and response. AllClear ID has made a conscious decision not to expand beyond its core strengths and instead refers clients to a vital network of partners for other breach-related services like PR/communications support and incident assessment and forensics services. Takeaway: AllClear ID specializes and innovates in customer breach notification and response.”
We are particularly happy that as a takeaway, Forrester included, ‘AllClear ID specializes and innovates in customer breach notification and response.’ While some companies pride themselves on being a generalist, we find specializing and innovating to be what our clients appreciate most. We always align with our clients’ needs, and avoid conflicts of interest that generalist companies encounter. For example, we think it’s a conflict of interest to do the forensics to determine if an incident is notifiable or not, then to turn around and sell notification services.
To read the report in its entirety, The Forrester Wave™: Customer Data Breach Notification And Response Services, Q3 2015 report is available to Forrester subscribers or for purchase at the following link: https://www.forrester.com/The+Forrester+Wave+Customer+Data+Breach+Notification+And+Response+Services+Q3+2015/fulltext/-/E-RES117434?al=0
October 27, 2015
Jackie here. Do Millennials neglect protecting their identities? A TransUnion survey suggests that Millennials are the age group least likely to actively protect their data. Interestingly, they are also the generation most concerned about cyber threats. How can Millennials change their habits and become more secure online? Here are a few key changes that can help enhance online security.
Don’t Check Financial Accounts on Public Wi-Fi
A large majority (84%) of Millennials (and other groups) put themselves at risk by using public Wi-Fi to access financial accounts. Public Wi-Fi is great for looking at the latest viral cat videos, but don’t use it for checking sensitive accounts. Check your bank account, credit card accounts, etc. on a secure connection. Data sent over public Wi-Fi can easily be intercepted. Consider using your data plan instead if you need to access any websites that contain sensitive information (including social networking, email, online shopping, and online banking sites).
Password Protect Your Phone
Millennials have grown up in a world where cellular phones are the norm, but a shocking 67% said they don’t bother to password protect theirs. If your phone doesn’t have a password, set one up right now. It takes just a couple of seconds to unlock and adds an important layer of security to your device.
Stop Storing Bank Info on Your Phone
Many Millennials appreciate easy access to their online accounts and too many (86%) reported storing banking information on their phones. This practice makes it easy for an identity thief or an untrustworthy friend to access your accounts should they ever get their hands on your phone – especially given the large majority of people surveyed said they didn’t have password protection enabled. I know it is a pain, but enter your bank information manually (username, password, etc.) every time you need to log in to your accounts.
What changes can you make to better protect your identity? Many of these habits apply to groups other than Millennials, so if you have similar habits, consider making some simple changes.
October 26, 2015
Jackie here. Have you been using your new chip card? These new chip-based cards are more secure than the magnetic strip cards alone, but more is still needed. The new chip cards aren’t the magic solution to credit card fraud.
How Are Chip Cards More Secure than Magnetic Strip Cards?
Chip cards look much like a traditional magnetic strip card with one difference: a golden chip on the front of the card. This chip is called an EMV chip (stands for Eurocard, Mastercard, Visa) and contains the information needed for a card to work properly. Today’s chip cards have both a magnetic strip (to be used when a terminal isn’t chip-enabled) and a chip, but as more retailers become compliant cards may eliminate the magnetic strip.
The technology in the chip protects PoS transactions and consumer data. The chip transactions also generate a special one-time code that further protects your information.
The Security Limitations of Chip Cards
While chip cards are more secure, they aren’t fraud proof. Lost and stolen cards can still be used for in-store and online purchases. Additionally, whenever a transaction is performed using the magnetic strip, data can be captured if thieves have installed malware on the payment terminal. Many of the chip cards used in the U.S. don’t have a PIN feature, an important added layer of protection that helps to ensure that only the registered user can use the card.
How to Protect Yourself
Now that you’ve got a new chip card in your wallet, here are some easy tips to protect yourself and reduce your chances of credit card fraud.
Use Chip Readers When Possible- If you can, insert your card into the chip reader rather than swiping your card. This limits the exposure of your sensitive data.
Be Careful with Your Card- Once you get a card, take care of it. Activate it promptly and store it securely. If you do lose your card, report it as soon as possible.
Check Your Statements- Check your bank and credit card statements often. If you notice a problem, report it.
The new chip cards are more secure, aren’t foolproof. It’s important to still keep an eye out for suspicious transactions on your statements. October 1st, 2015 marked the day when parties who do not support EMV technology may be held liable for fraudulent charges. Despite this date, many card issuers and retailers will slowly transition to the EMV technology in the coming months and years.
Updated 1/15 to provide clarity around the October 1st deadline.
Jackie here. Does your mail put you at an increased risk of ID theft? We talk often about digital risks, but just like your inbox, your physical mailbox is packed with personal information. Let’s take a quick quiz and evaluate your mail practices. What are you doing well? What do you need to change?
Do you have a locking mailbox?- A locking mailbox is one of the easiest ways to protect your mail. Get a locking box with a key to protect against mail theft.
Do you collect your mail every day?- Don’t leave your mail sitting in the box, especially overnight. Bring it in as quickly as possible after it is delivered. If you’ll be out of town, put your mail on hold or arrange for someone to pick it up daily.
Do you pay bills online when you can?- Signing up for e-bills and online payments can keep thieves from accessing your credit card bills, bank statements, and other important documents. If thieves get access to a check of yours, they might be able to use a technique known as washing to change the payees name to theirs.
Do you take outgoing mail to the post office?- That little red flag on the mailbox alerts others to something inside. If you need to mail something containing personal information, take it to the post office.
Do you look for signs of id theft?- Prevention is important, but so is early detection. If you do become a victim of ID theft, you’ll want to find out as quickly as possible. Check your bank and credit card statements as frequently as you can. Examine your credit report at least once a year.
In a digital age, it is easy to forget that a big source of information is sitting right outside your front door. Take the necessary steps today to protect your mail.
October 17, 2015
There’s little doubt that smartphones, phablets, and tablets have made life more convenient and more connected. But what too many tech users fail to recognize is that their mobile devices are just like mini hand-held computers. They’re vulnerable to cyber thieves and hackers if they aren’t protected.
What About Work Phones?
The first thing you must take into account is who owns your phone or tablet. That seems like a pretty simple question, but it can actually get very complicated when your personal use and your business use are intertwined. Some companies require their employees to carry a specific device and may even have a company phone number associated with it, but still charge the device, accessories, or even the usage plans to their employees. That means you’re paying for it, but the company’s name is on it. So what are you allowed to do with it? Can you download the latest game, or log into your personal
Facebook account in the Facebook app?
These are all things that need to be clarified with your employer before you do anything personal on the device. The behaviors you engage in through your personal use can have repercussions for the company, especially if a hacker gets access to company emails you sent, files you loaded in your personal/work Dropbox account, and more.
Personal Phones aren’t Always Safe
But even if it’s your own device, there are ways that your mobile device can turn on you once a thief targets you. Everything from losing the physical device (and therefore handing over control of your email to the thief) to accessing the internet over unsecured wireless connections can leave you vulnerable.
In the case of physical loss of the device—whether through theft or misplacing it, and whether it’s personal or professional—having a strong passcode on the device is important for keeping someone else out of your data. Envision this scenario: someone randomly finds your lost phone, then taps the email icon. He or she in your account now, and can change the password on your email to lock you out of it. Next, they head to your Facebook app and clicks “forgot my password,” and the link to reset it to a new one is sent to the email account that you no longer control. Then, it’s on to your banking app which is prominently located right there on the screen.
The thief now controls most of your important accounts, which are all easily accessible without a passcode on your mobile device.
Things get even hairier if the thief is intentionally targeting you and has the necessary tech skills to work his way into your accounts. For this reason, a VPN is a strongly recommended tool. It keeps others from “seeing” you when you’re online, and there are many great free options out there, as well as low-budget paid accounts.
These issues can mostly be prevented with a few security measures in place. Passcode locking is great, but two-step authentication is even better. Setting up your banking app to require additional information if you’re connecting from anywhere but home is a good step, and logging out of your accounts completely after each use is even better.
These few steps can go a long way in protecting your mobile device and the information stored on it from hackers and ID thieves.
“AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.”
October 15, 2015
Jackie here. Today’s kids use the internet more than any other generation. For parents, increased internet usage means it’s important to know how to prepare kids for the risks they may encounter online. This often feels like a daunting task. Where do you start? These 4 essentials can help you get started.
Do your kids know how to create a strong password? All too often, adults choose passwords that aren’t secure (think ‘password123’) so it only makes sense that children do too. Teach your child the basics of a strong password (letters, numbers, symbols, not common words, no names, no important dates, etc.). Also, make sure your child knows when (and when not) to enter a password when prompted online. Many scams impersonate popular sites to attempt to steal your password.
Parents can set a good example for their children by sharing wisely on social media. Teach your children not to overshare. The more information you put out there, the more information thieves have available for cracking your security questions, creating targeted phishing attempts, etc.
Secure Mobile Devices
Children often access the internet using mobile devices like tablets and smartphones. One survey found that 37% of children didn’t have security software on their mobile device. Only 34% of parents have installed a parental control app. Security software and parental control tools are an important way for parents to protect their children online.
Cyberbullying is a bitter reality online and can be particularly harmful to children and teens. Help protect your child by teaching them what to do should cyberbullying occur. Teach them about the blocking and reporting options on Facebook and Twitter so they can control those that have access to their accounts and information on these sites. If abusive messages are received, teach your child to talk to you and to save the messages in case they are needed for sharing with school administration or the police.
For more great tips, check out this article from WeLiveSecurity.
October 9, 2015
Jackie here. There has been a recent surge in health and wellness programs sponsored by employers, and this means companies are collecting more personal health data about their employees. Let’s take a look at some of the privacy implications.
What Are Corporate Wellness Programs?
Coming soon to a workplace near you are corporate or employer sponsored wellness programs. Wellness programs have become increasingly popular since the Affordable Care Act created new incentives for employers to create and increase participation in these programs. These programs encourage employees to take proactive steps to better health in exchange for incentives. Employers save money on healthcare costs, employees enjoy perks, discounts, and better health. Many of these programs involve sharing health data with your employer.
As health and wellness programs are relatively new, privacy protections and regulations vary greatly. This means that you must take a little extra time before you sign up for a wellness program to ensure your information will be protected.
Who Sees Your Health Data?
Wellness programs acquire a lot of data, information that is potentially seen by many.
Here are a few of the parties that may have access to your health data when you participate in a sponsored wellness program:
Wellness Provider- Many employers hire an outside company to manage their wellness programs. This company might have access to informational surveys and health histories you fill out, data from labs and doctors, self-reported health information, and much more. These companies often reserve the right to share your data with 3rd parties, as needed.
Employer- Employers often receive anonymized data about the health and wellness of their employees. While this data is anonymous, in many cases it can be traced back to a particular worker, especially in small companies (or in larger companies if the reports are broken down by department).
Health Insurer- Health insurers often have access to your health information and may store it in your records.
Fitness App Company/Wearable Device Maker- If you wear a wearable fitness device (like a FitBit) you’ll share information about your activity levels, heart rate, and even sleep patterns with the company managing the wellness app and the device maker.
Fitness Center- If you get points for checking in at the gym, you’re sharing your exercise history with your fitness center and others.
Can I Opt Out?
In some cases, these wellness programs are mandatory. Yes, you’ll get perks as you achieve health goals, but if you choose to opt out, you may have to pay. Many companies charge a premium on the insurance policies of those that decline to participate, sometimes hundreds of dollars each year. Employees are faced with the choice: participate and give up privacy or pay a fine.
What can you do? Understanding the terms and conditions of a wellness program is important. Read the information you receive carefully and ask questions (here’s a great list of ideas). Speak up if you’re uncomfortable.
Do you have a corporate wellness program at your work? Would you like one?
October 3, 2015
Jackie here. Today’s computers are smarter and faster than ever before, but even with all the technology we have, it often seems impossible to completely protect personal information. Quantum mechanics, a complex branch of physics, may hold some of the keys to enhanced protection.
Some researchers worry that quantum computers (currently theoretical, but could be a reality in the coming years) could put an end to current data protection practices. These computers calculate differently than a modern PC and are believed to be able to quickly break in to public key encryption systems.
While most experts think quantum computers are probably 10+ years away from becoming a reality, researchers have begun looking for ways to protect information from attacks with these devices. The NSA is warning that quantum computers could become a problem when it comes to protecting information.
One solution may be to use quantum mechanics in the fight against quantum computers. Researchers hope that by transmitting data using quantum principles, they will be better able to tell when information has been compromised. Some even say that the system will be un-hackable if done properly.
An un-hackable password may be waiting in the future, but before we can use it, we’ll need to change the way data is transmitted. Current systems use 0s and 1s to electronically send a signal. The quantum theory would use protons, or bits of light. The process is very complex and would require major changes in infrastructure.
While this particular threat, and its potential solution, are years away, it is a good reminder that protecting your identity should be an ongoing effort. New threats and new ways to protect your identity crop up frequently.
October 1, 2015
Jackie here. In a connected world, keeping information private can be difficult. All too often, companies share or sell consumer information without their permission or knowledge. When it happens to you, you are now able to do something about it. The FTC has a new complaint tool that you can use to report privacy violations.
What Types of Violations Can I Report?
This tool is perfect for reporting specific instances when your information was shared without permission. For example, if you start getting targeted advertising in the mail (like ads for maternity clothes or formula samples when you are pregnant and haven’t signed up for them, etc.) and know what company gave up your information. Any time your personal information is shared in a manner that you didn’t expect or didn’t give permission for (and you know where the problem originated), you can report it. This tool isn’t for reporting ID theft, just privacy violations.
How Do I Report Privacy Violations?
If you see a privacy violation, report it using the FTC’s Complaint Assistant. You’ll see an alert near the top of the page that says, “Concerned about how a company is handling your personal information? Click here to report privacy concerns.” Click and fill out the form on the next page.
You’ll be asked for the company’s name, address, email address, phone number, website, etc., so have this information handy. Don’t worry if you don’t know all the information requested. The FTC says,
“Not all fields may apply to your complaint.” You can skip fields if needed.
After you fill in information about the company, you’ll be asked to provide your information and comments on your reason for reporting a company. Be specific. The FTC wants to know why you have a complaint, not just with whom.
Speaking up is a great first step in letting companies and the FTC know how you want your information shared. If you find your privacy has been violated, report it.
September 28, 2015
Jackie here. Job hunting is stressful on its own, and identity thieves often try to cash in on eagerness find a job. This latest job-hunting scam might look like a promising job opportunity, but is really a way to obtain your password and gain access to other accounts. Here’s how to protect yourself.
Job Offers Aren’t Always as They Seem
You get an email that appears to be from a human resources department. They claim they found your info on LinkedIn. You’ve been searching for jobs and this seems like an answer to your hunt. The email looks legitimate. It often contains a company letterhead, a signature block, seemingly official email addresses, etc. The company asks you to click on a link to open a Google Docs file and share your information.
Don’t Click the Link
If you see this email, don’t click the link. It is actually a phishing attempt. The scammers have created public folder on Drive. When you click the link, you are directed to enter your password (as often happens when using Drive), but this time it isn’t Google asking, it’s the scammers and when you enter your password, they have it.
How to Protect Yourself
If you want to avoid this scam and others like it, I’ve got a simple piece of advice for you: don’t click on unknown links. If you receive an unsolicited email containing links or attachments, don’t click. You can find more advice for avoiding this scam from the BBB.
September 25, 2015
“AllClear ID proudly sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please visit their website.”
As experts and advocates in the cybersecurity space gear up to host National Cybersecurity Awareness Month in a few short weeks, there’s no time like the present to take a closer look at some statistics regarding identity theft. One of the most comprehensive looks at the impact that this type of crime has on its victims is the Identity Theft Resource Center’s annual Aftermath report, which follows up with victims who’ve reached out to their center for support.
The 2014 report, which compiled all of the information over the course of the 2013 calendar year, offered some key findings for the cybersecurity community:
• Age, race, location, and income level had very little to do with rates of victimization.
• Utility and cell phone accounts are highly lucrative for identity thieves.
• Criminal, Government, and Medical identity theft are on the rise.
• Most victims reported less than satisfactory experiences in working with law enforcement to clear up this crime.
• 94.2% of the victims reported that they are still highly engaged on the internet and through their mobile devices, despite having their identities stolen.
One of the more telling findings about the annual survey has been the change in behavior that many of the victims experienced. Even though almost all of the victims have said they’re still highly engaged online, approximately half of them have adopted some new habits as a result. One of the most important habits is the routine perusal of their credit reports, something that many people overlook as a preventative measure.
Other proactive behaviors can prevent issues with some of the increasingly common forms of identity theft. The survey found that the majority of Medical identity theft victims—whose identities were used to acquire medical services—only discovered their identities had been used fraudulently after they were billed for medical services. At the same time, of the 40% of victims who reported they’d suffered Government identity theft—when a thief had used their identities to apply for benefits, commit tax return fraud, or other related behaviors—the majority of victims typically find out their identities have been stolen after their legitimate documents or applications (such as a tax return) are rejected for being duplicates.
The results of this year’s Aftermath Survey will be released on October 15th as part of National Cyber Security Awareness Month. It is the ITRC’s hope that the findings will encourage the public to take steps to protect their data and monitor their identities before a thief has a chance to use them, we can reduce the number of victims and minimize the damage. Next month, when NCSAM is in full swing, be sure to follow up on the educational and informative content that can help stop identity theft and turn these proactive behaviors into good habits.
September 18, 2015
Jackie here. Plain and simple, smart devices are vulnerable to hacking. Many people, however, don’t think of cars as smart devices, but they are becoming increasingly automated and connected to other devices and systems. Here’s what you need to know when you get behind the wheel of your connected car.
Are Cars Hackable?
Are cars hackable? Technically yes, but in reality the answer is a lot more complex. Some cars aren’t hackable at all. If you drive an older model car that doesn’t connect to the internet, it likely can’t be hacked. Newer cars may be able to be hacked, but the process is complicated and isn’t something everyone has the knowledge to do.
Researchers have successfully hacked multiple cars, but the process is difficult. In one instance the researchers had to have physical access to components under the dash to be able to change the software to enable remote operation. This means that while possible, your car won’t be hacked by a random stranger in a faraway location. To be successful, the hacker would need physical access to your car and the mechanics inside. Hacking a car isn’t a simple feat. In another “hack”, the researchers damaged the vehicle multiple times, requiring repair, before they were successful.
While some vulnerabilities have been discovered (allowing the researchers to successfully hack cars), many of these have been corrected. That’s not to say there aren’t others, but as problems are found, they are often corrected by the manufacturer.
Technology is changing how we think about security. Hacking was once only a worry for computers, but now it is something to consider with almost every device you buy.
September 16, 2015
Jackie here. How many Facebook friends do you have? Do you know them all? I recently read an article about how Facebook friends could impact your creditworthiness. It sounded too creepy to be true, so I did a bit of digging. Here’s what I found out.
Facebook Friends and Creditworthiness… What’s the Link?
Several years ago, Facebook started exploring the possibilities of using social media connections to determine creditworthiness. The idea has been touted as a tool to check credit on those without a credit score. But it doesn’t end there. According to some reports lenders may use your profile to check out friends, to share information should you go into default, to determine your odds of repayment, and more.
Facebook even filed patent paperwork that could potentially be used for this purpose. According to CNN Money, “Here’s how it would work: You apply for a loan and your would-be lender somehow examines the credit ratings of your Facebook friends. If the average credit rating of these members is at least a minimum credit score, the lender continues to process the loan application. Otherwise, the loan application is rejected.”
Would this work? The CNN Money article author has their doubts, “It’s not clear if Facebook would ever try to use the patent for lending, or how exactly it would work. How practical is it for a lender to try to access all the necessary information it needs from your Facebook friends?”
The questions remain, but one thing we do know is that social media may have larger implications than one would initially expect. Be careful what you share. Choose your friends with caution and be sure to check those privacy settings.
September 15, 2015
Karen Taylor for AllClear ID
Brand resilience is a new strategic initiative for risk professionals, says Forrester Research in a new report for security and risk professionals.
Brand reputation and customer loyalty are intangible assets that are rarely viewed as risk categories. Yet, risk teams should be involved in protecting them to help strengthen a company’s brand resilience, stated Forrester Research in a new report, Brand Resilience: Understanding Risk Managers’ Key Role in Protecting Company Reputation.
Brand resilience is “the ability of the brand experience to live up to and remain consistent with the brand promise, maintaining its integrity even in the face of damaging interactions, events, or circumstances.”
Brand resilience is reinforced when companies forge a tight alignment between its values and the perceptions that people actually have of the brand, said Forrester.
When there is a gap between the brand promise and the brand experience, brands “become more susceptible to breaches that violate customers’ trust, and customers form brand impressions that are incongruent with the values and image that the company tries to represent.” This could result in significant risks from which companies “may never fully recover.”
While brand resilience is not itself a risk category, it is the result of any risk event. According to the report, risk professionals should be more active in protecting brand value.
Reputation Risk is a Growing Concern
In today’s uncertain business climate, consumer trust and loyalty are critical, but vulnerable, company assets. Worse, once compromised, the damage is difficult to repair. In fact, any breach of customer loyalty heightens the impact — as well as the probability — of damage from any other risk event, no matter the source, says Forrester.
Yet, they reported that “risk pros are failing to address growing risks to their firms’ reputations.” This is a mistake, because “in the age of the customer, reputational risk has become a major issue for business leaders.”
Today corporate reputation has even eclipsed other more traditional risk categories, like finance, regulatory, and the supply chain.
Risk’s Role in Brand Resilience
Risk professionals may wonder why a company’s reputation management should fall under their job responsibilities. After all, marketing is typically in charge of brand-related issues.
Forrester found three leading reasons why risk pros should get involved in brand-related issues:
1. Empowered Consumers.
Risk pros overlook the impact of empowered customers on their risk environments, including disrupting markets, upending competitive advantages, and determining companies’ success.
Today “customers’ perceptions and views matter,” noted Forrester. “Yet, risk teams remain focused on financial controls, change management, and IT compliance issues instead of adjusting their priorities to mitigate the customer-facing risks that consume greater amounts of companies’ resources, strategic plans, and innovation.”
2. Marketing Lacks Risk Experience.
While brand and marketing professionals are often put in charge of reputational risk, they are usually ill-equipped to appropriately track and evaluate risk, which leaves organizations exposed.
What’s more, corporate reputation often extends into areas far beyond the purview of marketers. Marketing teams have little control or impact on risks like data security breaches, workplace safety, and product quality issues. Risk professionals could supply the missing links.
“To strengthen their relevance in the organization, risk pros should complement their marketing team by helping them build brand resilience and customers’ trust,” stated Forrester.
3. Siloing Brand Risk.
Risk professionals typically miscategorize brand reputation risk. They often relegate it to its own risk category, thereby diminishing the impact of reputation damage on other risk categories. Instead, risk professionals should view the entire company-wide impact of any brand reputation breach — such as a personal data breach, which will impact many departments.
In recent months, we’ve seen the impact that a mismanaged data breach response can have on brand reputation. For risk professionals to successfully safeguard brand risk, they must begin to think of data breach preparation as a critical component of their traditional risk mitigation role. An effective response to a data breach can help repair relationships with customers and preserve brand loyalty after a data breach event. Planning and training in advance of an incident will minimize mistakes and costly missteps.
September 8, 2015
Jackie here. We talk a lot about passwords being the key to your accounts, but what happens you lose that key? Security questions to the rescue! These little questions are just as important as your password. How do you choose a good one? What should you avoid?
What Makes a Good Security Question?
Let’s start by taking a little quiz. I’ll list a few security questions below. Which questions do you think are strong?
• In what city were you born?
• What was the name of your favorite elementary school teacher?
• What is the name of your pet?
• Who is your favorite historical figure?
• What did you eat for dinner last night?
If you weren’t sure if the above questions are strong or not, here are some tips for picking the better questions. A good security question needs several key components. It should be impossible to guess or research, unchanging, memorable, simple, and have many potential answers (but only one answer to you). The key to a good question is an answer you’ll know, but no one else will.
Let’s look at the questions above and determine which questions are the better options on the list.
In what city were you born?- This question is problematic as it is easily researched. It may be public record and it is even an answer people may list on their Facebook profiles. Not a good choice for a security question.
What was the name of your favorite elementary school teacher?- This question is better. Few people probably know your favorite teacher in elementary school, but this is a question you’re likely to remember, especially if a specific teacher had a big impact on you.
What is the name of your pet?- If you frequently post online about your pet, this question is not the one to choose. This answer would be well known by anyone that knows you and is probably easily found on your Facebook profile.
Who is your favorite historical figure?- This is a good security question, provided you remember the answer. If you choose a question like this, make sure you choose a memorable answer.
What did you eat for dinner last night?- Although hard to guess, this question is constantly changing and will be impossible to remember. Not a good option for a security question.
While security questions are often pre-selected, you generally have a choice of options. Look for the best possible questions and choose answers that you will remember, but that others cannot easily figure out. If you can’t choose a unique question, consider creating a unique answer. You don’t have to answer with the actual correct answer if you’ll remember something else.
What Do I Do If I Forget My Answer?
Choosing a security question with a memorable answer is important, but what happens if you do forget? Every company handles this situation differently, but many will allow you to reset your questions with either a rescue email address (online) or a call in to verify your identity with a customer service representative. It is typically much easier to reset a password than a security question so make sure your answers are ones you’ll remember.
Do you have any tips for choosing good security questions and answers?