9 minute read
How to protect yourself from ID fraud
Identity theft is a real threat for both individuals and businesses. The loss or theft of confidential information could have a devastating impact on finances, credit, and reputation. But there are ways to protect yourself from the risk of identity fraud.
Advertisement
The first thing to do is to establish what confidential information you possess. This could include anything from old insurance documents, bank statements, expired ID cards, digital files, and for businesses, even physical assets like staff uniforms. When you have a good idea of your vulnerabilities, you can begin to understand and manage the risks of that data falling into the wrong hands.
For Individuals – Fraud, including credit card fraud, identity theft and cyber-fraud, is the UK’s most prevalent crime, costing the UK economy around £190bn a year. Identity theft can be extremely damaging for your finances and credit score. If your credit score is affected by identity theft, you could become ineligible for mortgages, loans, insurance products, and even jobs. Fraud can also have a psychological impact on victims. It’s easy to brush the risk of these crimes under the rug and think it will never happen to you. Unfortunately, these crimes are not always committed overtly or by an obvious scammer. There have been many cases of fraud going unnoticed for months or even years!
For businesses – Any information you process containing personal or confidential information could, if incorrectly handled, cause a data breach. Data breaches can devastate organisations and can lead to huge fines from the Information Commissioner’s Office if your actions or inactions were the cause of that breach. Not only is there a risk of financial loss, but corporate identity theft could also risk your brand’s reputation and result in a loss of trust from customers.
Once you know what information you need to keep safe, it’s time to pinpoint the areas where there could be a risk of loss or theft. This could include visitors to your property, how documents are secured when not in use, and what happens to that information once no longer needed.
Fraud protection
Techniques we all use to protect ourselves from burglaries are also effective against identity theft. Keeping doors and windows bolted at night and when we are out will help to prevent criminals from accessing our homes, valuables, confidential information and identity documents. It’s also important to keep valuables out of sight from windows and doors if possible. Criminals will often stake out properties before breaking in to see where they can gain the most “ reward” for their risk. Various high-reward items can include electronic devices and any information that can be used to create false identities. Many of our valuable electronic devices contain a wealth of confidential information, so it’s vital to keep these devices out of sight and locked away, if possible, when not in use.
For businesses, areas containing personal information should have some form of access controls, code entry systems, as well as CCTV and alarmed gates where possible. Any cupboard, desk, or drawers that contain confidential information should be lockable, and employees should be aware of their responsibilities to keep this information secure. You should also use lockable bins to store confidential information before destruction so this cannot be accessed by any unauthorised personnel.
Confidential information can easily slip out of our homes and company doors, whether that’s on paper or digitally. To stand the best chance of keeping this information safe, everyone in your household or business must be vigilant when it comes to data.
For Individuals –There are many tricks identity thieves will use to try to steal your identity or convince you to send them money. This includes bin raiding, phishing scams, door-to-door scams, computer software fraud, romance scams, pension scams and many more. The best way to protect yourself from these attempts is to keep your personal information or bank details secret from anyone you meet online or any unexpected visitors or callers. You should also use strong, unique passwords for each of your online accounts, enable multi-factor authentication, and also make sure your confidential documents are inaccessible to anyone who visits your home.
Another common way identity thieves will target victims is through social media. Ensure any social accounts you have are set to private and you only accept friend or follow requests from people you know. ‘Sharenting’ is something else to be wary of. Practice extreme caution when it comes to sharing information about your children online. Unfortunately, children are often prime targets for identity thieves due to their clean credit scores and the fact that the crime is likely to go unnoticed for a significant amount of time.
Perhaps even more shockingly, in identity theft cases where the victims are children, it’s estimated that around 60% of thieves are known by the child or their family. Be careful not to post anything about your child that reveals the day they were born, where they were born, their full name, the name of their first pet, photographs of them in their school uniform, and their mother’s maiden name if applicable. Things like new baby announcements can be treasure-troves of personal data for identity thieves, so be careful not to expose your family to this risk while celebrating any new additions.
Fraud protection
Businesses of all sizes are vulnerable to data theft, and thieves do not discriminate. If there is any vulnerability within your digital security, website security, or even premise security, an experienced thief will be able to find it. For this reason, your business needs to be active in looking for potential risks and vulnerabilities. Strong digital data security measures should also be in place for all online resources your business uses. This can be enhanced through document and shared drive access controls, anti-virus software, anti-malware, firewalls, encryption and secure passwords. Portable devices, for instance, work mobiles and company laptops, should also be protected. Your IT department should also keep an up-to-date record of which devices have been issued to which employee so these are easy to recover if necessary.
Uniforms are another thing to bear in mind. If you have an employee who leaves, you must recover their old uniform. This is because your ex-employee could continue to use your uniform to gain access to other branches, approach your suppliers, or impersonate your workforce. Not only could this damage your brand, but it could also damage your business relationships. Uniforms with out-of-date branding should also be destroyed for the same reason.
Remember, a data breach can be something as simple as a post-it note containing customer information going in the wrong bin. It’s also worth remembering that, just because your data is currently stored digitally, that doesn’t mean it can’t become physical. Large volumes of confidential information such as customer databases or HR records can be printed with the click of a button. This is then easily taken out of company doors, put in the wrong bins, or viewed by unauthorised personnel. Your employees need to receive clear training on the risks of printing out data, and what needs to be done with that data once no longer needed.
Holding onto unwanted documents or digital storage devices can clutter up your living spaces and workspaces. It can also expose you to the risks of identity theft.
When it comes to any documents or devices you need to dispose of, destruction is the safest and most secure way to protect yourself. This is done best by secure data destruction providers. When you use a reputable and accredited data destruction provider, your information will be destroyed in line with European security standards by security-vetted personnel, and your data will never be publicly accessible. A professional organisation will also mix your confidential materials with tonnes of other materials, removing the risk of reassembly.
If you ’re shredding at home and putting your fragments into an unlocked recycling bin, these can easily be put back together by an experienced thief.
For businesses, the secure destruction of confidential information is a legal requirement. With a secure shredding service provider, you ’ll receive proof of destruction for your compliance records and audit trail. This is usually in the form of a Waste Transfer Note and a Certificate of Destruction. A regularly scheduled service will allow your organisation to keep on top of data destruction requirements and ensure you don’t exceed any timeframes set out in your data retention policies. Of course, communication is also vital. Staff at your organisation should be aware of what data they need to destroy, how to destroy it, and where to store it before destruction.
For remote workers, it’s also worth remembering that business documents should not be disposed of in domestic bins. It could be worth supplying your remote employees with lockable storage for their business paperwork.
Fraud protection
When they need to destroy or dispose of business documents, they should either return these to office premises in person to be disposed of in the usual ways or use a secure shredding service. Tracked postal shredding services are also available, and any reputable data destruction supplier will be fully accredited and able to issue a Certificate of Destruction for your audit trail.
All businesses have a legal duty to ensure any sensitive or personal information about their customers or staff members is kept safe from the risk of theft or loss. Data thieves operate in many complex ways and it isn’t always easy to identify a breach or what caused it. Because of this, businesses should be proactive in their actions to combat the risks of data theft, and all staff members need to be aware of their own responsibilities too.
When it comes to paperwork and digital storage devices, we would always recommend a Shred Everything policy. It takes away the risk of confidential information being left in the incorrect bins and takes the pressure away from employees who may not feel confident enough to decide whether a document needs to be shredded or just recycled. For individuals, it’s about self-preservation. What is convenient, such as ripping up paperwork and putting it into the recycling, isn’t always safe. When it comes to our identities, it’s always better to be safe than sorry ” .
