Small and midsize businesses are increasingly at risk for data breach class-action lawsuits that typically have targeted large corporations. 

Large companies are learning to address cyber threats. Hackers are responding by setting their sights on SMBs. It’s simply more productive and efficient to attack poorly protected companies that could take weeks or even months to notice they’ve been breached.

As the risk of exposure moves downstream, the associated class-action lawsuits surely will follow. Statistics from the Identity Theft Resource Center show that the number of data breaches reported in 2016 exceeded 2015 levels by 40 percent, a worrying upward trend for those in the small business sector who likely will bear a greater percentage of those breaches going forward. The data stores held by SMBs may be smaller, but they’re no less rich in value to hackers. They contain financial data, healthcare information and other tantalizing personal details.

Security falls short

Unfortunately, because SMBs often lag behind larger companies in the sophistication and scope of their defensive measures, they’re much more susceptible to litigation centered on charges of negligence or a lack of due diligence. Exposures in the SMB sector also could go undetected for long periods of time, leaving more records vulnerable and increasing the size of the victim pool that may be interested in filing suit.

Smaller firms’ responses to the risk of cyber attack and litigation depend largely on their industry. Even the smallest healthcare entities are typically well adapted to address potential data breaches and cyber risks. Long-standing mandates such as HIPAA—as well as a robust centralized breach reporting mechanism—have made companies in the medical space a little paranoid about their heavily regulated environment.

Behind the curve

Other small business sectors aren’t as prepared for the risk of a breach. Outside of healthcare, the professional services industry, including legal and accounting, is much less aware of where threats exist or which measures should be taken to mitigate them. Many small firms don’t understand their responsibilities regarding data privacy or how data breach notification laws apply to them. Without a good awareness of data privacy concerns, obligations and solutions, these businesses are easy targets for any hacker who happens upon them.

Litigation bills add up

Data breach class-action lawsuits can result in million-dollar judgments, but devastating costs may be incurred even if a settlement never materializes. A breached small business still needs to defend itself against litigation, and that takes money. Between legal counsel, forensic investigations, data recovery and any other steps the company may be required to take, they’re likely to incur significant financial penalties no matter which way the lawsuit goes.

Some SMBs are realizing they aren’t prepared for a cyber attack. The truly savvy ones are waking up to the prospect that, just like the professional and employment liability insurance they already have, it would be wise to pursue coverage to defer defensive and recovery costs around their cyber liabilities. With the specter of more breaches—and more class-action lawsuits—coming down the pipeline, SMBs must find a way to minimize the threat of exposures while also putting protective measures in place should they find themselves facing litigation.

Credit: EDUARD GOODMAN, SPECIAL TO THIRDCERTAINTY

We’ve collected these cyber security statistics for small businesses from a variety of sources.

 

General Small Business Cyber Security Statistics

• Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
• 60 percent of small companies go out of business within six months of a cyber attack.
• 43 percent of cyber attacks target small business.
• 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
• Small businesses are most concerned about the security of customer data

 

Small Business Cyber Security Attack Statistics

The numbers show that small businesses are not only at risk of attack, but have already been attacked:

  

In the aftermath of these incidents, these companies spent an average of $879,582 because of damage or theft of IT assets.
In addition, disruption to normal operations cost an average of $955,429.

The types of cyber attacks broke out as following:

The root causes of data breaches broke out as following:

 

Small Business Cyber Security Prevention Statistics

• While many small businesses are concerned about cyber attacks (68 percent), more than half (51 percent) are not allocating any budget at all to risk mitigation.
• Dangerous disconnect: one of the more popular responses as to small businesses they don’t allocate budget to risk mitigation was that they, “feel they don’t store any valuable data.” Yet a good number reported that they in fact DO store pieces of customer information that are of significant value to cyber criminals:
  • 68 percent store email addresses;
  • 64 percent store phone numbers; and
  • 54 percent store billing addresses.
• Small businesses reported that only:
  • 38 percent regularly upgrade software solutions;
  • 31 percent monitor business credit reports; and
  • 22 percent encrypt databases.
• If a company has a password policy, 65 percent of respondents say they do not strictly enforce it.
• 16 percent of respondents admitted that they had only reviewed their cybersecurity posture after they were hit by an attack.
• 75 percent of small businesses have no breach readiness program or resources.

Bottom Line

As cyber criminals continue to target small businesses, owners and employees need to know how to protect both their customers and themselves. There are cost effective programs that help small business with breach preparedness and resolution.  

  Article published Jan 3, 2017 by Matt Mansfield In Technology Trends

MISSOULA, Mont. - The IRS is warning of a new scam targeting those who are deaf and hard of hearing.

The following is a news release from the IRS:

Every day scammers come up with new ways to steal taxpayers’ identities and personal information. Some scammers pretend to be from the IRS with one goal in mind: to steal money.

Be aware that con artists will use video relay services (VRS) to try to scam deaf and hard of hearing individuals. Don’t become a victim. Deaf and hard of hearing taxpayers should avoid giving out personal and financial information to anyone they do not know. Always confirm that the person requesting personal information is who they say they are.

Do not automatically trust calls just because they are made through VRS. VRS interpreters do not screen calls for validity.

The IRS has procedures in place for taxpayers who are experiencing tax issues. If you receive a call through VRS from someone claiming to be from the IRS, keep this in mind:

The IRS Will Never:

• Demand immediate payment and require the payment be made a specific way, such as by prepaid debit card, gift card or wire transfer. In most cases, the IRS will not call taxpayers about taxes owed without first having mailed a letter to the taxpayer.
• Threaten that local police or other law-enforcement groups will immediately arrest taxpayers for not paying a tax bill.
• Demand that taxpayers pay taxes without giving them the opportunity to question or appeal the amount owed.
• Ask for credit or debit card numbers over the phone.

Receive a Suspicious Call? Here’s What to Do:

• Deaf and hard of hearing taxpayers who owe taxes or think they might owe taxes should call the IRS at 800-829-1040 through VRS. IRS employees can help with a payment issue or confirm if there really is a tax issue.
• Taxpayers who know they don’t owe taxes or have no reason to think that they owe any taxes (for example, they’ve never received an IRS letter or the caller made bogus threats or demands as described above), should call and report the incident to the Treasury Inspector General for Tax Administration, or TIGTA, at 800-366-4484.
• Taxpayers can file a complaint using the FTC Complaint Assistant. If the complaint involves someone impersonating the IRS, include the words “IRS Telephone Scam” in the notes.

To learn more about the latest tax phone scams, go to IRS.gov and type “scam” in the search field. IRS YouTube videos are available on a variety of topics in American Sign Language (ASL) with open-captions and voice over.

New advancements in how we file have made the process a little less painful, but have also left the door wide open for hackers, scammers, and identity thieves.

There are a number of tips to keep in mind as you file your state and federal taxes. These suggestions are meant to protect your data when you file, but can also work to secure your refund if your information has been compromised in the past.

1. Filing early – Complete your tax return and off your to-do list as soon as you can. Not only will you sleep a little better knowing it is finished, but you stand a better chance of beating a thief to your refund. Tax return fraud has grown exponentially in the past few years, in part due to the abundance of stolen identities available for sale online, so the best way to prevent it is to get your return filed before a thief can do it for you.
2. Knowing your preparer – Whether you use a walk-in tax preparer or have an accountant who handles your returns, ask questions about who can see your data and where it ends up. Keep in mind that a number of identity theft rings that have been broken up over the years were using tax prep services as a “front” for their real business. If you let someone else handle your sensitive documents, make sure they have a solid, long-standing reputation, and make sure you ask serious questions about where your information will be stored.
3. Filing yourself – If you handle your own taxes, you still have to watch out and secure your information. How? By making sure that the return itself is safe. If you prefer paper-and-pen forms that you’ll send through the mail, do NOT mail it from your curbside home mailbox. Drop it in a blue postal service box, or even better, take it to the counter of your local post office. If you file online, make sure you’re only doing so over secured wifi—as in, not your local coffee shop’s public wifi connection—and look for the HTTPS designation at the front of the IRS’ web address.
4. Remembering that your state taxes are under attack, too – If you’ve been a victim of identity theft or tax return fraud, or if you’re just concerned that it could happen to you, don’t overlook state return fraud. We tend to think of the IRS refund as the major payout and it usually is, but the potential for fraud at the state level is just as likely. In fact, since scammers can file returns using your information in multiple states, it may be an even bigger problem than people realize. Get your state return filed as soon as you can, and be on the lookout for notifications that there’s an issue with your return in a state you’ve never even visited, let alone worked in.
5. Destroying it! – With all of the new advancements, it’s easy to overlook the good old-fashioned tools of the identity theft trade. Shred any documents or receipts that you will no longer need in connection with your tax return, and keep a close eye on your mailbox so your necessary tax forms don’t wander off. If you don’t receive your forms in a timely way, it’s possible they were stolen, so check with the sender to confirm that they had been sent.

Credit: Identity Theft Resource Center

The most common credentials are a combination of username and password, but those have lost a good bit of their protective powers. Next-generation credentials also are edging toward a precarious place. Here’s what you need to know about the dangers of compromised credentials and how to mitigate those risks.

The speed of work these days puts enormous pressures on InfoSec, IT and workers alike to rush the credentialing process. Employees, contractors and even vendors are rapidly credentialed with little attention given to security rules such as limiting access per job roles, enforcing secure passwords, and immediately revoking credentials after an employee moves on. These are but a few of the dangers that lead to compromised credentials.

When passwords and usernames linger long after an employee, contractor or vendor relationship has ended, criminals get to choose from a smorgasbord of credentialed identities with which to phish employees and even top executives.

And when automated systems render short, ineffective password choices or, conversely, overly long ones that users must write down to remember, they end up compromised quickly. Add to that any password sharing practices and security shortcuts during sign-ons (such as storing a password in a browser) and things get more precarious. Yet, all of this is common.

These practices represent significant risk considering that according to Verizon’s 2016 Data Breach Investigation Report, 63 percent of confirmed data breaches involved weak, default or stolen passwords.

Unfortunately, PINs and tokens can fall prey to shoddy security practices as can several of the next-generation credentialing protocols. This means the cost of data breaches will continue to escalate.

Per the Ponemon Cost of Data Breach 2016 report, the average cost of a breach has jumped to over $4 million per incident. That’s a 29 percent increase since 2013 and a 5 percent increase since last year. But this staggering figure doesn’t include damages to brand reputation, customer confidence, an executive’s career, or other related costs in damages or recovery.

Fortunately, companies can mitigate risks and regain control.

Policy makes better practice

The key to making effective policy is to consider the work processes and stagger the credential processes to fit. For example, a password may suffice for access to public-facing information with no transaction, identifying or sensitive information. These passwords should still be encrypted and protected, but they shouldn’t slow down the user.

On the other end of the spectrum, where access to highly sensitive information is needed, stronger, more complex passwords and security layers such as biometrics, cryptographic keys or out-of-band confirmation codes can be added.

The point is to match the security measures to the actual risk. But you also want to make your policy workable in the real world.

Consider asking users to think of a long sentence that means something to them and capitalize every second, third, fourth or other letter in every word. They also should use at least one symbol.

Also, it is a good idea to involve business users and executives in the policy development so that what you end up with is workable for all parties. This means better adoption and adherence.

Adding security tech, services to your arsenal

It’s important to not only use strong credentials, but to associate known behaviors with those credentials. If for example, you know that Bill comes to the office on Tuesdays and Thursdays but works remotely the rest of the week and that he routinely accesses certain types of files, it becomes much harder for a criminal to use Bill’s compromised credentials undetected

Monitoring activity such as password resets, unusual fund transfers, unauthorized account access reports, unexpected address changes, and public record alerts also are helpful in catching malevolent characters quickly.

Fortunately, security services can handle all of these issues. However, not all security services are created equal.

Differences in threat intelligence

One of the key areas that differentiates security services is threat intelligence. But that’s a broad term and the services offered may be unclear, so it pays to dig deeper for a better understanding.

For example, some security vendors rely heavily on Open Source Intelligence (OSINT) data that is publicly available and sometimes unverified. While there is value in shared threat information, it is difficult to authenticate and evaluate the threat when there is insufficient or unverified information available.

Security vendors who proactively scan Dark Web sites, hacker dump sites, hacktivist forums, file-sharing portals, data leaks and botnet exfiltration, and malware logs to both verify the publicly shared OSINT data and harvest additional threat data provide the most protection.

Closely evaluate what a security company means when it says “threat intelligence” before you sign on.

Compromised credentials will always be a potential problem but with the right partner, the risk can be contained. 

ORLANDO, Fla.--(BUSINESS WIRE)--One in four U.S. consumers (26 percent) have had their personal medical information stolen from technology systems, according to results of a survey from Accenture (NYSE: ACN) released today at HIMSS2017 in Orlando.

“Health systems need to recognize that many patients will suffer personal financial loss from cyberattacks of their medical information”

Tweet this

The findings show that half (50 percent) of those who experienced a breach were victims of medical identity theft and had to pay approximately $2,500 in out-of-pocket costs per incident, on average.

In addition, the survey of 2,000 U.S. consumers found that the breaches were most likely to occur in hospitals — the location cited by more than one-third (36 percent) of respondents who experienced a breach — followed by urgent-care clinics (22 percent), pharmacies (22 percent), physician’s offices (21 percent) and health insurers (21 percent). Half (50 percent) of consumers who experienced a breach found out about it themselves, through noting an error on their credit card statement or benefits explanation, whereas only one-third (33 percent) were alerted to the breach by the organization where it occurred, and only about one in seven (15 percent) were alerted by a government agency.

Among those who experienced a breach, half (50 percent) were victims of medical identity theft. Most often, the stolen identity was used to purchase items (cited by 37 percent of data-breached respondents) or used for fraudulent activities, such as billing for care (37 percent) or filling prescriptions (26 percent). Nearly one-third of consumers had their social security number (31 percent), contact information (31 percent) or medical data (31 percent) compromised. Unlike credit-card identity theft, where the card provider generally has a legal responsibility for account holders’ losses above $50, victims of medical identity theft often have no automatic right to recover their losses.

“Health systems need to recognize that many patients will suffer personal financial loss from cyberattacks of their medical information,” said Reza Chapman, managing director of cybersecurity in Accenture’s health practice. “Not only do health organizations need to stay vigilant in safeguarding personal information, they need to build a foundation of digital trust with patients to help weather the storm of a breach.”

Despite the myriad of breaches occurring, significantly more consumers still trust their healthcare provider (88 percent) and payer (82 percent) to keep their healthcare data secure than trust health technology companies (57 percent) or the government (56 percent) to do so. And while more than four in five consumers (82 percent) said they want to have at least some involvement in keeping their healthcare data secured, fewer than two-thirds (64 percent) said that they have such involvement today.

In response to the breach, nearly all (91 percent) of the consumers who were data-breach victims took some type of action. Some changed healthcare providers (cited by 25 percent), insurance plans (21 percent) or sought legal counsel (19 percent). Others took personal steps, such as changing login credentials (29 percent), subscribing to identity-protection services (24 percent) or adding security software to their computer (20 percent). Only 12 percent of data-breach victims reported the breach to the organization holding their data.

“Now is the time to strengthen cybersecurity capabilities, improve defences, build resilience and better manage breaches so that consumers have confidence that their data is in trusted hands,” Chapman said. “When a breach occurs, healthcare organizations should be able to ask ‘How is our plan working’ instead of ‘What’s our plan?”

Methodology

The findings in this news release relate only to the U.S. portion of Accenture’s seven-country survey. The full research, “Accenture’s 2017 Healthcare Cybersecurity and Digital Trust Research,” represents a seven-country survey of 7,580 consumers ages 18+ to assess their attitudes toward healthcare data, digital trust, roles and responsibilities, data sharing and breaches. The online survey included consumers across seven countries: Australia (1,000), Brazil (1,000), England (1,000), Norway (800), Saudi Arabia (850), Singapore (930) and the United States (2,000). The survey was conducted by Nielsen on behalf of Accenture between November 2016 and January 2017. The analysis provided comparisons by country, sector, age and use.

About Accenture

Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions – underpinned by the world’s largest delivery network – Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 394,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.

Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organization’s valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown.

In this day of ubiquitous digital information, it seems like it’s easier than ever to have your identity stolen. The Federal Trade Commission reportedly received 490,000 identity theft complaints in 2015, up from 341,898 complaints the previous year. In order to help keep your identity safe, it’s important to stay vigilant with your personal information.

Here are some things you can start avoiding immediately.

1. Giving Out Personal Information Over Phone or Email

It’s not a good idea to give out personal information if you are on the receiving end of any call. Also, email is an insecure way to send information, and most legitimate companies would never request information be sent to them this way.

Example: the Internal Revenue Service will never call or email you — their correspondence is done via U.S. mail. If someone calls and says they are with the IRS and wants to know things like your Social Security number, hang up — it’s a scam.

Similarly, a bank or other financial institution most likely isn’t going to call and ask for your personal information. However, if it’s you initiating the call to a bank or other company, you may be asked to give your Social Security number, address, mother’s maiden name or PIN number as part of the way to identify yourself.

2. Using Weak Passwords

It’s not uncommon for most people to have dozens of online accounts and it may be pretty hard to keep track of all the passwords. You may fall prey to the temptation to make your passwords easy to remember, but it’s a good idea to curb that impulse. While any password can be discovered using a brute-force attack, make yours so difficult that the thieves move on to easier targets. Many security experts recommend that your password be at least eight characters, using one letter, one number, one symbol, and one uppercase letter.

In addition, avoid using the same password for everything — should one password be successfully hacked, you can bet hackers will use it to try other accounts. Even if your password is complex, it pays to change passwords every few months so if your account is breached, the thieves won’t always have ready access to your accounts.

3. Failing to Secure Paper Documents

You’ve probably heard this bit of advice before, but it bears repeating: shred all documents containing personal information that you no longer need. Secure your mailbox and never leave bills with checks inside a mailbox overnight to be picked up the following day. If you’re going on vacation, it’s a good idea to put your mail on hold or have a trusted family member or friend pick it up for you so it doesn’t sit in your mailbox.

4. Ignoring Your Credit Reports

According to an Equifax study from earlier this year, 40% of Americans are not pulling their credit reports each year, even though they are entitled to annual free copies. You can view your credit reports from the three major credit bureaus — Equifax, Experian and TransUnion — for free each year by visiting AnnualCreditReport.com.

Keeping a watchful eye on your credit reports can alert you to early signs of identity theft, like seeing new accounts you did not open or inquiries on your credit report that you do not recognize. If you spot these signs of trouble, you should immediately notify the creditor of the problem. It’s also a good idea to file a police report and notify the FTC. The earlier you intervene, the better. (You can also keep an eye out for sudden credit score changes by viewing two of your credit scores, updated monthly, for free on Credit.com.)

If you have young children, it’s a good idea to pull their credit files as well. Thieves attempting to cultivate new identities will often use an underage person’s information, as the theft may go undetected for years. Parents can request credit report copies for their children under the age of 18 to make sure their identities are not being abused.

5. Foregoing Anti-Virus Software on Your Computer

While no anti-virus software can totally protect you from malware, it’s wise not to skip on this piece of software. Once installed on your computer, malicious malware can steal passwords and other sensitive information stored on your computer.

If you get a call from someone who claims your computer was hacked or has been infected with a virus, this is also most definitely a scam — these people will try and get your credit card information from you under the pretense of installing software on your computer. If they do install software, the software could also steal other information on your computer.

6. Keeping Your Phone or Tablet Unlocked

Consumer Reports reported that 3.1 million phones were lost in 2014. No matter how you get separated from your phone, your unlocked phone is a treasure trove of information. Passwords may be cached in your phone’s web browser, allowing thieves to gain easy access to online accounts; some people even keep their lists of passwords on their phones. Anyone who has the phone may be able to impersonate you online at social media sites, allowing them to request more personal data from your social media contacts.

Article contributed by Kristy Welsh, a consumer advocate who contributes to Credit.com, where this article originally appeared.

 Identity theft is one of the hardest-hitting crimes that consumers face, largely because it’s easy to pull off. Whether through old-fashioned means like dumpster-diving or stealing your driver’s license, or through more sophisticated cyber crimes like hacking into a university network, thieves can make off with your entire identity before you even know your information was compromised.

There are a lot of steps that college students can take to prevent this crime. Passcode and password locking their hardware, shredding those pesky pre-approved credit card offers, locking their dorm rooms … the list goes on. But what too many college students aren’t aware of is the wide variety of crimes that fall under identity theft.

Most individuals typically envision identity theft as someone using their credit card or opening a new account in their name. And that’s still a major threat, with the overwhelming majority of cases involving financial identity theft. But don’t be fooled into thinking your identity is safe just because your credit card hasn’t been compromised.

• Criminal identity theft: College students are particularly susceptible to criminal identity theft, considering they live in near so many strangers. If someone in your dorm or apartment building uses your identity at the time of arrest—simply because they know your name, apartment number or other minor details—you could be left facing charges for the unresolved issue. If this person happens to have borrowed or stolen your driver’s license, perhaps because you’re old enough to purchase alcohol and they’re not, then they may even be able to provide your complete identity to the police. You never find out about the incident, and therefore you never resolve it until a warrant is issued for your arrest.
• Medical identity theft: Much like criminal identity theft, college students have to safeguard their identities against people who want to use them to secure medical care. It might be something that seems harmless on the surface. Maybe, a girl in your building needs a way to access birth control without alerting her parents. But it can also be something very serious, such as someone stealing your identity in order to get a prescription for controlled substances. Not only can your medical record permanently reflect care that you never received, but you could find yourself involved in a crime if those prescriptions are then used for illegal distribution.
• Internet takeover: One of the scariest identity theft crimes for young people to envision just might be internet takeover. While the other forms of the crime are alarming, they can more easily be resolved. But when someone takes over your technology or gains access to your accounts, the fear of long-term damage is very real. They may just lock you out of your accounts for the fun of it, but it could lead to expulsion and lost job opportunities if a hacker takes over your university account and deletes your work, or accesses your Facebook account and uses it to post hate speech, embarrassing photos, or other potentially harmful content.

So what are college students supposed to do to protect their identities? The first step is to understand the different ways identity theft can hurt you. From there, it’s important to safeguard your information, your documents, even your computer, and to keep others from nabbing your sensitive data. Never give out your university passwords, your account passwords, or even your personal documents. You can be implicated in any crimes that are committed under your identity, and you can face lifelong complications.

The article was contributed by Eva Velasquez, president and CEO of the Identity Theft Resource Center.

 

By Bob Meyer

Keeping employees happy and providing them with a solid benefits package is an ongoing task for employers. Employees are averaging about four to five years at a job versus the 20 to 30 years people used to spend at one place. To help hold onto valuable employees, employers are offering even more voluntary benefits these days. Some of the more common voluntary benefits that have been offered for years are dental, accident, vision and disability. It’s plain to see that benefits have to keep up with the times and technologies being offered. Now a new set of voluntary benefits are being offered such as critical illness, student loan reimbursement, pet insurance and paternity leave. 

The most popular new benefit being offered these days is identity theft protection. According to a recent study by Willis Tower Watson, it is predicted that identity theft protection, which was offered by 35 percent of employers in 2015, could double to nearly 70 percent by 2018, making it the fastest growing type of employee voluntary benefit over the next couple of years. For this reason it is important for brokers and employers to be educated in this benefit and see the value it can deliver to employees

Identity theft is a growing concern for many Americans and based on the numbers it should be a concern for everyone. It is said that about one of four Americans will experience identity theft. These days everything from checking your bank balance, to reading your Facebook feed to buying a new pair of shoes is all done from the convenience of our phones and computers. With more and more things being done digitally, your information is more accessible for hackers and thieves to access and use fraudulently. 

Many people think of identity theft as fraudulent charges on their credit card, but identity theft goes much further than that and can be more complicated to resolve than just letting your credit card company know that you were not the one responsible for certain charges. For those who are not familiar with identity theft and various ways it can occur, here is a list of the major types of identity theft. 

• Tax ID theft—An individual’s social security number is used to falsely file tax returns with the IRS or state government.

• Child ID theft—Children’s identities are very vulnerable because the theft of their identities often goes undetected for many years. Once the child reaches an age where they are looking to use their identity, the damage has already been done. According to the Identity Theft Resource Center, “The chance for a child’s information right now in this day and age, before they reach adulthood, to be compromised in a breach is 100 percent.” For this reason when employers are looking into offering employees identity theft protection they should make sure that the coverage includes spouses and children. 

• Medical ID theft—This happens when someone’s personal information has been stolen to get medical services or to issue fraudulent billing to the victim’s health insurance provider. This is currently the fastest growing form of identity theft!

• Criminal Identity Theft—When someone fraudulently gives another person’s name and personal information (ex: driver’s license, date of birth, or Social Security number) to a law enforcement officer upon arrest or during an investigation. This type of identity theft can be very timely and costly to resolve. 

• Senior ID theft—Seniors are usually in constant contact with individuals that access their personal information such as medical professionals, caregivers and staff at long term care facilities. For this reason seniors are vulnerable and often the target of many scams. 

• Social ID theft—A thief uses an individual’s name, photo and other personal information to create a phony account on a social media platform such as Facebook, Twitter, etc. 

With all these different forms of identity theft happening, there is more and more stress surrounding the idea of becoming a victim of ID theft. For this reason employers are offering identity theft coverage as a way to help provide employees with a sense of security and help to improve financial wellness.  Employers are seeing that by helping their employees with financial wellness, they are more likely to create a more engaged and productive workforce. When employees are stressed with the burdens of their financial well being they are more likely to be distracted and need more time off. 

The stress is not just the fear of becoming a victim but the stress associated with resolving the identity theft once it has occurred. According to the Federal Trade Commission that tracks identity theft statistics, they estimate that “recovering from identity theft takes an average of six months and 200 hours of work.” In more complicated cases it may take even longer for the issue to be resolved. For employers this is a real problem because the agencies and authorities that must be contacted to resolve identity theft are not open in the evening or on the weekends. Therefore employers are left either paying for employees to resolve their issues while on the clock or paying for lack of productivity when an employee has to take time off to rectify the situation. Either way the employer ends up paying into the cost. By providing identity theft coverage the employer can help to save time and money and reduce stress for the employees. 

Identity theft coverage is a rather new type of employee benefit being offered, so employers and HR professionals need to be familiar with the types of features often provided by identity theft providers and how those features can help to reduce employee stress and time away. When selecting an identity theft provider, here are some of the types of services you want to make sure are offered.

• Customer service line—Make sure that the provider selected has a line for employees to call for info once the employee’s identity has been compromised. These call services should help walk the victim of identity theft through the process of what they need to do. Also with these services many providers can even arrange three way calls with credit bureaus and other agencies to help make sure things are going in an efficient and timely matter. Some providers even assign a customer service rep to the individual’s case from the time they call in initially. This is a great perk to have because it will save the customer time having to explain their situation to each new person they speak with.  

• Reimbursement—Make sure that coverage purchased offers some type of reimbursement for time and money lost. Not only should the provider help to reimburse for any financial loss, they should also reimburse for the costs associated with time it takes to resolve the issue. For example if an employee needs to take two days off work to fly to another state to prove that they are who they say they are, these costs for time away from work can be reimbursed by the identity theft protection provider rather than the company having to pay the employee for the time taken off. Many identity theft protection providers will also cover cost of child care if someone needs to take time to rectify their situation.

• Resolution services—Many identity theft protection providers offer a $1 million guarantee.  This means that the identity theft protection providers will spend up to $1 million dollars to resolve your issues. Knowing when the company has spent $1million dollars on a specific case is impossible, so looking for a provider with an unlimited guarantee is a good way to make sure that at some point the identity theft provider does not stop working to resolve the issue until it is fixed. 

• Family Coverage—Knowing who is covered under that identity theft coverage is very important. Some providers price their products on a per person basis, others automatically cover the entire family under the policy. Being aware of this is very important because if the pricing is done on an individual basis the coverage may become very costly once the whole family is covered under the policy. 

• Monitoring Services—At this point in time identity theft cannot really be fully prevented, but being aware of when your personal information is being used to do things such as make major purchases, changing your address, or set up new utilities is key to resolving the issue in a timely manner. If an individual is alerted about their personal information being used and it was not authorized by them, they can notify the identity protection provider to help keep a better eye on their information and make sure it does not lead to bigger issues down the road. 

Employers looking to offer identity theft coverage can offer this benefit on a voluntary or employer paid basis.  On December 30, 2015, the IRS announced that identity theft coverage being offered to all employees can now be offered as a tax free benefit if the benefit is paid for with payroll deductions or is offered as an employer paid benefit. Prior to the December 2015 IRS announcement, this benefit was only able to be provided on a tax free basis if the employer had a history of breach.  With this announcement the IRS is working to make it easier for employers to offer this benefit.

With identity theft it is not a matter of if it will happen but rather when it will happen. At some point all individuals will need to have this type of coverage, so the sooner it is offered the better. With rates for this type of coverage starting as low as four dollars per month with some carriers, can employers afford not to offer this coverage? 

 

Author's Bio
Bob Meyer
is the President of Meyer Group, a benefits consulting firm that has been serving clients in the Midwest for over 35 years. Meyer Group helps to build and customize benefits packages for clients and brokers. Meyer is a University of Missouri graduate and is a diehard Mizzou football fan to this day. Meyer has a specialization in self-funding and Affordable Care Act compliance. He is a visionary with years of industry knowledge and he is always looking to be ahead of the curve in the benefits industry. Six years ago he launched Compliance Source, a company created to help companies navigate the laws surrounding the ACA and ensuring that companies remain compliant. Meyer's most recent venture is helping to launch a new consumer friendly website, FreedomIDdirect.com. His firm has been offering identity theft protection services for years to groups and associations but now in addition to helping groups attain this type of coverage, he is helping to make sure that the same great coverage can be offered to individuals at lower prices than leading competitors. Meyer can be reached at Meyer Group, 9201 Watson Road, Suite 300, St. Louis, MO 63126. Phone: 314-961-7077. Email: rmeyer@myrgrp.com. Website: www.myrgrp.com. 

While it’s important to do everything you can to protect yourself from identity-related crime when you’re traveling, it’s equally important to do everything you can to protect your home and the breadcrumbs of your identity that you leave behind.

Every possible kind of identity-related crime exists in a dormant state in your home. In more forms and places and files than you can possibly remember, sensitive personal information stays behind, and only you can protect it.

Identity theft is a pandemic, and it can happen to you or your kids. Depending on how prepared you are, resolution can be as simple as a few phone calls to the identity theft service organization provided by your insurance company, financial services institution or employer, or it can take a lot longer. If you decide to go it alone, bear in mind that it’s no easy task to prove you were scammed to a retailer, a credit reporting agency, a bank investigator, a debt collector, a medical provider, a judge, the IRS or local or federal authorities.

So before you leave for a ride on the EuroRail or hit the links, campground or mountain trail, be sure you aren’t sharing your credit cards, identity, finances or medical files with a stranger.

What Identity Theft Looks Like

Your personally identifiable information is a basic ingredient in all stripes of identity-related crime. In the night kitchen of data crime, it’s flour, and the thief’s ingenuity is the yeast. The rising and baking process happens wherever your information is used to commit fraud — a thief opens up accounts in your name with banks, credit card companies, etc. — and the cooling rack is when a fraudulent account winds up in debt collections.

The latest report from the Federal Trade Commission provides a breakdown of the most common kinds of identity-related crime. Tax and wage-related fraud led the way last year, followed by credit card fraud and a cattle call of other crimes.

Child identity theft is another major worry. Because child ID theft takes advantage of a financial nonentity and monitoring the credit reports of minors isn’t standard practice or even on the radar of most parents, it can take a long time to discover — a fact that fraudsters literally bank on. Their information must be secure at all cost.

Before You Travel

Notify your bank, credit union and credit card providers that you are going away. This will keep your card from being frozen when you attempt to make a purchase or ATM transaction in a place outside your usual flight path. It also might help protect against invasions of your various accounts.

Since caller ID is one authentication factor used by many institutions, if a scammer has access to your home line and some of your records, they may be able to access your cash or credit. Sign up for transactional monitoring programs offered by your financial institutions so that you’re notified any time there is activity in your bank or credit accounts.

Also consider freezing your credit accounts so that no one, including you, can access your credit unless you thaw it.

Make sure the post office and your newspaper delivery service know that you will be out of town, and fill out the proper forms to suspend any deliveries while you are away. Overstuffed mailboxes are thief magnets.

It’s crucial to let your family members, close friends, doctors and lawyers know you will be on vacation. Folks need to know how and where to contact you if there is an emergency.

It’s also a good idea to provide copies of pertinent documents to those you trust in case your sensitive personal information is stolen while you are away. Alternately, you can scan sensitive identification documents like passports and licenses and store them on an encrypted, password-protected thumb drive, which you must keep very close. Then the only issue is remembering the (hopefully) long and strong password you use to access the data it contains.

Tell your home security company that you’ll be out of town, if you use one. They need to be even more sensitive to any activity around your home. If you invite someone to stay there in your absence, alert the security company of their presence.

While You’re Away

There are plenty of strategies you can implement to protect your home while you’re away. Set lights on timers or find a trusted house sitter. But bear in mind, a significant percentage of identity thieves are related to or know the victim well.

Regardless if there is someone staying there or not, make sure that every document containing sensitive personal information is filed in a completely secure environment (for example, a safe) or in a safe deposit box at your bank. While this should be part of your normal best practices, it is even more important when you are not around.

If you have reason to believe you’ve been a victim of fraud, be sure to monitor your credit for signs of identity theft. You can view your free credit report summary, updated each month, on Credit.com.

While doing these things may seem like a great deal of work at a time when your head is in vacation mode, don’t forget that no one has a greater interest in your personal and financial security than you.

Adam Levin is co-founder of IDT911 and Credit.com, where this article originally posted.