Protecting Your Organization from Identity Theft

November 30, 2016

Did you know that, on average, 15 million residents in the U.S. are affected by identity theft and upwards of $50 billion are stolen1 each year?

During the holiday season we hear a lot about keeping your identity safe when shopping online or in retail stores across the country, or even across the world. Why? The most obvious reasons are that your money can be stolen and in turn, your credit ruined. These are both valid points for consumers, but how can you apply that to your organization and more importantly, your money, intellectual property, and customer records?

Your Information Could Be Stolen = Your Money, Intellectual Property, or Records 

You’ve seen the ads for one bank or another promising that if there are fraudulent charges on your account, you will get your money back for those unauthorized payments. But how long will that take? Do you have to prove that the purchases were unauthorized? How can you know when you will see your hard earned money again?

For organizations, this is an even bigger risk. Yes, hackers can get in and steal your money. And yes, it will probably take an organization longer to get back the $4 million they lost than the $400 you have missing but there is much more. What if they stole your intellectual property? Or your patient or customer records? There is no way to get that information back. Not only have you lost the information for your own organization but you have placed your patients and customers at risk of being one of the 15 million at risk that I referenced earlier, and you have lost your patients and customers trust.

It Could Ruin Your Credit = It Could Ruin Your Credibility

So many decisions in  life, fair or not, depend on your credit score. It’s how we buy a house, or a car or open a business. When your identity is stolen and fraudulent charges are made with your account information, it unfairly affects your credit as well. The same thing happens when you are an organization only rather than affecting your credit, it affects your credibility.

What do the names Target, Home Depot, and Anthem have in common? Did you guess that they are all Fortune 500 companies? Or that they were all victims of a massive data breach in the past few years? The internet never forgets and even though it has been years since some of these companies have been breached, their legacy was impacted, not just by each breach, by how they handled it and what measures they took after the fact.[[{"fid":"2833","view_mode":"default","fields":{"format":"default","field_file_image_alt_text[und][0][value]":"Online Shopping ","field_file_image_title_text[und][0][value]":"Stay safe shopping online","alignment":"left"},"type":"media","link_text":null,"field_deltas":{"1":{"format":"default","field_file_image_alt_text[und][0][value]":"Online Shopping ","field_file_image_title_text[und][0][value]":"Stay safe shopping online"}},"attributes":{"alt":"Online Shopping ","title":"Stay safe shopping online","height":"3616","width":"5424","style":"width:250px;height:167px;margin-left:10px;margin-right:10px","class":"media-element file-default","data-delta":"1"}}]]

Home Depot personally paid for credit monitoring for thousands of their customers in the wake of their breach. While that may or may not have impacted their customers’ credit scores, it did help with their credibility as a company. Target not only didn’t offer to help the customers that were affected, but it turns out that they actually knew about the attack for quite some time before reporting it to the public. Stocks sank and for years they have worked to gain back their customers trust.

 

Fight Back Against Identity Theft

So how do you fight back as an organization when there are so many identities for bad actors to steal? There’s a few things you can do to keep those identities safe:

1. Monitoring

When it comes to credit score monitoring, you only see something after it has happened and after it has negatively affected your score. Be proactive by continuously monitoring your access rights so that you can see inconsistent behavior when it starts, not after a bad actor has already caused damage. This allows you to minimize any damage you do incur.

2. Alert

When there is a charge on my credit card that is over a specified limit, my bank sends me a text alert to make sure it was an authorized purchase and a legitimate purchase. Your system should do the same thing when it sees inconsistent behavior such as someone from the sales team trying to get into the payroll systems. If something looks questionable, you will receive an alert immediately which gives you the ability to stop bad actors before they get in. [[{"fid":"2705","view_mode":"default","fields":{"format":"default","field_file_image_alt_text[und][0][value]":false,"field_file_image_title_text[und][0][value]":false,"alignment":"right"},"type":"media","link_text":null,"field_deltas":{"1":{"format":"default","field_file_image_alt_text[und][0][value]":false,"field_file_image_title_text[und][0][value]":false}},"attributes":{"height":"2592","width":"3872","style":"width:250px;height:167px;margin:2px 10px","class":"media-element file-default","data-delta":"1"}}]]

3. Prove

Earlier I asked how you could prove that the charges were not made by you and are, in fact, fraudulent. There are cases where it is obvious, such as purchases in Miami and New York only minutes apart. But there are also cases when the bank can’t be sure and must find a way to prove that you didn’t spend that money. Audits, no matter if you are compromised or not, work the same way. If you do happen to be breached, can you prove that you did everything in your power to stop it? Can you show the password resets and other security measures you went through? Not only will this help you be compliant but it will go a long way in helping your credibility with clients to know how hard you are working to keep them safe.

4. Password Reset

When Amazon saw that I had reset my account password last week they sent me an email with an alert just in case it wasn’t me. Guess what? It wasn’t. Luckily I was at a computer and logged on to reset the password before any damage was done without having to call a help center and wait on “the next available operator”. But what if that would have happened while I was out shopping or at a family gathering? You can’t always run to the computer to check on your system or reset your password to prevent loss, so make sure you have the option for your employees to reset their passwords anywhere with a secure mobile option.

Is your organization prepared to take these steps? While they may not all necessarily be mandated by your industry’s rules and regulations, they are proven ways to keep your organization’s identities safe and keep your employees and customers from becoming one of the 15 million. 

Want to learn more about how to keep your organization and its members safe? Download our eBook “Comprehensive Attack Intelligence” to understand the anatomy of an attack and how you can stop it before it starts.

1http://www.identitytheft.info/victims.aspx

  • Identity and Access Management
  • Password

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!