Costs of a data breach are not insignificant.  They are calculated by the number of “records” affected. When you look at the statistics, millions of records were involved in data breaches just in the past year and the cost varies from a few dollars per record to several hundred dollars per record.  So what can businesses do to help themselves keep the “wolves from the door”?  Let’s look at some suggestions:

1. Write it down!!  Every company or organization should have a written information security program and a data breach response plan.  Some states do require them if you are audited especially if you collect personal data.  It is just good practice by any means of the equation and it should be reviewed and updated on a routine yearly basis.
2. Take inventory! You can’t protect something if you don’t know you have it!  Customer data should be collected in one area where you know you can shield it from breaches.  Do you have one or two people in your firm that is responsible for privacy and security?  That person or persons should know where all your data is stored and how it is protected.
3. Store it safely!  Find a company that specializes in encryption and make it happen.  This makes it harder for hackers to find the data that is protected.  Update often!
4. Clean out often!  Find out the retention of the hard copy data and shred it when needed.  Your local CPA can help with that.  If you have alot of customer data such as credit card numbers on some particular files on the hard drive, consider how old it is and reduce it by deletion as soon as you can.
5. Electronic Document Management System – this is a wonderful investment to help maintain a tight control of your documents as it tracks everything everyone does.  In turn, and EDMS will help in the tracking process needed when there is a breach.  An EDMS is an asset for any business; helps you go paperless and is a great investment.

No one likes to be in the newspaper except when it is good news!  So try some of these suggestions for your company – and then if you do have a breach, you will be able to respond quicker and that does bring respect from your community when you communicate quickly and clearly!!

http://www.hlntv.com/video/2012/04/16/avoid-identity-theft-tax-time

On an excitement scale ranging from paint drying to BASE jumping, filing your taxes probably lands somewhere toward the left, right around flossing your teeth. It may be a snoozer of a task, but here’s something to raise your heart rate: Tax time is rife with danger and you’ve got to be on high alert! Your Social Security number is digital candy for identity thieves and during tax season, it’s an all-out sugar binge.

Scammers really ramp it up during tax time. Identity theft gets top billing on the Federal Trade Commission’s list of consumer complaints for 2011, and has led the complaint pack for 12 consecutive years. The FTC got nearly 280,000 complaints about it last year and, of those, nearly one-quarter were tax-related. That’s up from 15.6% in 2010.

It’s no surprise that this time of year poses a greater risk for identity theft because all your information is out there. Taxpayers have to provide financial details and documentation and, in this digital age, that information can hover in cyberspace for the bad guys to snatch up.

Did you give to charity last year? Read on, vulnerable friend. According to a new study from Identity Finder, nearly a half-million taxpayers like you had their Social Security numbers exposed between 2001 and 2006. During that time period, 18% of non-profit organizations put at least one Social Security number on a document called Form 990. That’s the form tax-exempt charities and foundations use to file their tax returns, and it’s public record.

To protect yourself, stop donating to charity. Just kidding. Keep giving, just don’t hand over your Social Security number along with your money; it’s usually not a requirement on Form 990. If it’s too late for that, you can plug an organization’s Employer Identification Number into a form on Identity Finder’s website to see if your information might be at risk.

Identity thieves can strike in other ways, too, online: through your wireless connection, your inbox, or with malicious software. The head of identity theft protection company EZShield, Dale Dabbs, says you can lower your risk of tax-time hacking by taking a few precautionary steps. First, secure your wireless connection. It’s not hard, we promise. While you’re at it, password protect files on your computer that contain sensitive information, and then round out the cyber-security trifecta by installing the latest antivirus software.

You can lock down all the information on your computer, but that still doesn’t keep you totally safe. Identity thieves can use less discreet ways to get your information, like simply asking for it. They pose as the IRS, send you an e-mail with a request for information, and you dutifully reply. Don’t roll out the red carpet for tax thieves! Know this: The IRS does not send e-mails asking for personal information, so if you get one, just delete it.

If scammers do get away with your Social Security number, they may be able to file taxes as if they’re you. They could walk away with your refund and leave you stuck trying to correct the problem with the IRS. HLN Money Expert Clark Howard says the best way to stick it to ‘em is to make sure there’s no refund to steal. Lower your withholding enough that you break even with the IRS, then sit back and laugh at the would-be thieves who come up empty-handed.

Happy filing!

Source:  HLNtv.com by:Brianna Chesin  4/16/12

To aid in identifying vulnerabilities, consider performing a penetration test, also known as ethical hacking, to attack the network using known threats, comparing internal documentation on operational or management controls in the area of IT security to known “best practices” (i.e. ISO 17799) and then comparing the actual practices against the company’s documented processes.

When considering the security of an office, it is imperative not only to worry about preventing people from physically entering the building but to ensure that the data and systems inside are protected from intruders.

Neglecting to do this will not only put security of sensitive client or company information at risk, it could ultimately compromise the company’s reputation.

Lawyers Weekly, 4/20/12 Douglas W. Grosfield, Cambridge, Ont.

But here is a secret: You are the only one in charge of protecting your good credit. If you don’t, there is really no one else that will! So snap out of it! Take control!

Here are some suggestions:

1. Don’t take every credit card with you! If you know you are going shopping and you are going to make a purchase with your credit card, leave the rest at home in a safe place and take the one you are going to use.
2. Don’t take your Social Security card with you! What if your wallet or purse is stolen? The thief will have all they need to get to everything you have! Leave it at home in a safe place too.
3. Check your credit! Make it a habit to check your credit report at least once or twice a year. A better rule of thumb is every quarter! You can get your annual report at AnnualCreditReport.com, which allows you to request a report once a year from the three national consumer credit reporting companies: Experian, Equifax and TransUnion. Also check out How to Get a Free FICO Score.
4. Shred your mail! It is an unfortunate fact of life that there are people who make a living dumpster diving. Don’t be afraid to print your documents, just be aware how you store and dispose of them. All the junk mail – credit card offers, billing statements and renewal notices need to be shredded. If you own a business, consider hiring a service to do it for you as they will recycle the shredded paper for you as well!
5. Don’t give information on the phone! Any legitimate credit card company or business that needs information from you will not call you on the phone. Remember be suspicious if anyone wants to “confirm your details” via the phone. If you call the credit card company, they MUST ask you details to confirm who you are but if they call you, they cannot ask details.

What do you do if your identity IS stolen?

The steps you take when you identity is stolen are crucial, and should be done immediately.

1. Call the police – you will need documentation and proof that you have been a victim in this case.
2. Request a credit freeze – This is not a pleasant thing to do as it is rather radical because it prevents anyone including you from opening any new credit – until you remove it. It is usually not free, but you can check the rules at the Consumers Union site.
3. Call your bank and creditors – According to the FTC, reporting a stolen card before it’s used absolves you of any liability. But if the thief uses your credit card before you can report it, the most you are responsible for is $50 per card. Debit cards are the worst – if you don’t report it for two days, it could cost upwards of $500. If you wait 60 days it could mean your entire balance!!
4. Request a fraud alert on your accounts – its free! All you have to do is request it online!!
5. Go to the bank – and request copies of any checks that have been written on your account so you can have them for police. This will speed the process up greatly!

For more information, check out this website, FTC’s Identity Theft site.

The horror in most peoples mind about shredding is the off-site plant based truck in an accident turning over down the interstate in some major catastrophe with your documents flying everywhere. Do you know the odds are far greater that the on-site truck is going to dump his load at a recycling center (compromising your documents that are not completely shredded) than our truck in such an accident? When their truck is full before the end of the day, they have to dump it at a recycling facility where there are no background or drug testing required for their employees—no fiduciary responsibility to you at all. Most of your on-site mobile vendors try to use this as a “fear factor” to make you think of the horror in your mind about shredding, which is simply not true.

American Document Securities’ “closed loop” off-site shredding is safer and more efficient. Why? Off-site plant based shredding ensures that all of you confidential documents are mixed with thousands of pounds of other customers’ documents. With our service, your documents are picked up, placed into a locked container, locked up into a secure truck, transported to a secure facility; shredded immediately and finally baled to ensure ultimate security. The bales are held in our secure warehouse until they are sent directly to the paper mill.

Most vendors that only offer on-site shredding do not bale the shredded paper. What if something small such as a check passed through the shredding teeth of the on-site truck? It happens all the time with any shredder! At our facility, we have the ability to retrieve the document and shred it immediately to ensure confidentiality; on-site trucks can only dump the full load which compromises the security of your documents.

Off-site plant based shredding services are also more cost effective than on-site services. If you do witness your on-site shredding, have you done the cost analysis for the wages and benefits you are adding to the shredding services? Once again, ADS wants you to understand that we want you to get the best value for your dollar, because, a happy, informed customer is our best asset!!

Finally one day I needed to purchase a piece of equipment for my business, and who shows up but someone who breeds Australian Shepherds as a side hobby, but does it in a BIG way. Long story short, we traded a male puppy for an Angus calf on the farm, and heaven has surely shined on my new companion ever since! He is so smart it is scary, and like any dog is unbelievably loyal and friendly. It makes me think of how we as business owners and managers need to model our attitudes and thoughts by – we need to show gratitude like our loyal canine families. We need to be happy to see our customers every time we walk in the grocery store on the weekends and happen to see them, and be fiercely protective of their feelings and needs. Wouldn’t life be so much better if we treated each other with the love and respect dogs give their master? I think they make great mascots for our personalities!!

If you are like me, I need to start living in today . . . not yesterday or tomorrow but today, and understand that I can’t change yesterday, and I am not promised tomorrow. So if I keep thinking about yesterday and tomorrow where did today go? Where am I living? Will today become another oblivious day in the thousands before it, without a good memory or a smile to say, Oh yeah I remember that!! Make today the best day of your life . . . make it an unforgettable day just for you!

It gives great information like 70% of Americans still prefer to read print and paper communications compared to reading off screen even 18-24-year-olds. The website goes on to indicate a majority of respondents are concerned about the effect of print and paper production on forests and believe that there is a connection between the loss of tropical rainforests and the manufacture of paper, but they prove this unfounded.

In fact, they quote authoritative sources like the U.S. Forest Service and others report that the amount of forestland in the U.S has remained nearly the same and that American Forest and Paper Association data show that more than 63 percent of all paper used in the U.S. in 2010 was recycled. According to the EPA, that is more than any other commodity, including plastics, glass and metals.

So remember, it isn’t such a bad thing to print that document, just think about how it is destroyed for confidentiality and how to recycle it and you are on your way to making more paper towels, baby diapers and many other useful and needed things for everyday life!

The answer would be no of course, but go with me here . . . a records management business like ADS takes everyday shredding and storing of your documents as seriously as if we were handling dollar bills. Why? Because that is how we distinguish ourselves from the competition of recycling companies who take no measures to insure the safety of your documents, current or past their retention. If you had a bag full of dollar bills that you needed transported from one location to another, you would be very selective on who you hired wouldn’t you? Well why is that different than confidential information? So in reality hard copy information is money . . . just in a different form.

Think about that the next time you need a quote for shredding or storage companies, and ask questions about their integrity, insurance and certifications before you make a quick knee jerk decision as to who is “the lowest price”. You may not get the lowest price, but you will get your money’s worth!

Here are some very important questions to ask yourself – Do you have the time to sort & rebox all those boxes of paper documents in the back office (the office you need to use, but they are in the way)? Do you lock the door to keep unwanted employee eyes prying into HR records? Do you have the time to develop a retention schedule for all of that info? Do you have a retention policy in place? Do you have a privacy policy in place? Are you tired of getting invoices that you can’t decipher or calling a phone number for help and don’t get a live person? That won’t happen with American Document Securities!! And finally yet importantly, why do you want to worry with all that yourself anyway? Just give us a call and you will get a live person . . . and we can take care your needs today!

I know when I speak that my colleagues in my industry and other industries would love to be given the opportunity to say, hey we give more “bang for your buck”, and if you give us half a chance to match or beat the big guys price, we would!! My customers are also contracting what I call price tunnel vision – someone comes along with a better price in hand, and because things are so hard right now, they don’t take the time to check out the competition to read the fine print or see if they truly are legitimate. I have experienced national companies coming to my customers with ridiculous prices for their services, but they don’t tell the customer that there will be fuel surcharges, extra expenses for this and changes in schedules to fit the company needs not the customer, etc. This is the most important time to consider all the other factors besides price – what if there is a breach with this new vendor? Do they have the proper insurance to deal with it and cover you? Have they been in business very long? Do they have references? Have you asked around to see if they give good service? I have several customers who have been very long term customers because they were “burned” badly by poor service – so badly they were fined from the fire marshals (location in a high rise in Atlanta) because the big guys forgot to pick up a couple of weeks in a row. Do they care? Heck No! Does it matter to me? Darn right, it does because as a small business, all my customers are big fish in my ocean!

Where your documents are shredded is null compared to how – defining the chain of custody.

The “plant based” shredding company has a major advantage over the on-site mobile trucks. Have you ever asked yourself what happens if the truck breaks? Do they still show up at your door and pretend to shred your confidential material? Do you really know what you are watching if you do take the time to stand there and watch it? Do you realize that it takes almost twice as long for a mobile truck to shred your documents as a plant-based shredder? But you say, I feel so much more comfortable knowing that I have witnessed it – OK lets think about this a minute… why not witness it at your desktop at your convenience?

Do you know that American Document Securities has several cameras documenting every move of each process your documents take? We can uniquely mark your containers for easy recognition so you can identify and watch the process on your desktop at any time (even in real time), plus have proof for legal purposes for your files! All of our employees are FBI fingerprinted, drug tested and each sign a confidentiality contract for your peace of mind.

Call us about it today for more details!!

I politely answered him to say that I had been in the records management business for over a decade, and as I went into more detail, I could tell that something was wrong. It became so obvious I had to sort of laugh and ask what WAS wrong, and he proceeded to tell me his story.

The story goes that the father is an owner of an insurance business that has three locations, and they use an on-site vendor for their shredding needs. One day they found their checking account was $4K or so shorter than it was supposed to be and after much tracing and research, someone had stolen an old check from one of boxes given to the on-site shredding vendor. Research showed that it was not an employee, but someone else and they never understood how it happened. At that time, I tried to explain what could have easily happened – the chain of custody was broken.

The on-site vendor obviously dumped his load at a recycling center instead of bailing it at a facility, and for whatever reason, the check slipped through the shredder. The recycling center, which has no fiduciary responsibility to the customer or the vendor, hires employees with no background checks or drug testing, and the employee in question sees the check and the rest is history.

Chain of custody is the very essence of the shredding business – where it is done is null compared to the process the documents take once they leave your door. On-site vendors can let documents blow away in the wind or take a load to the recycling center just as in this case.

Off site shredding vendors lock the containers in a locked vehicle, and unload inside a facility with cameras; then your documents are shredded securely, baled and safely held until the load goes directly to the paper mill for processing back into paper towels, etc. This process is no different from taking documents home or having a records management company like mine deliver a box of documents right to your office door.

It would seem logical to the unknowing eye that having the documents shredded at your door is the safest way to do it, but my best advice is to investigate further as to the safeguards and procedures that are taken with your vendor – one way is to ask if they are NAID certified. NAID certification puts the procedures in place FOR you so you don’t have to worry!

Blessings,

Renee Keener

To learn more about this program click here: Information Protection Training