Business Identity Theft: A Real

Threat to U.S. Companies

In this Issue

•Whatlawsprotectyou?

•Howisyourinformationstolen?

•Howcanyouprotectyourbusinessidentity?

•Requestyourfreesecurityconsultation

800.697.4733 | shredit.com

For organizations of all sizes, preventing fraud is better than dealing with the tough consequences. In this issue we will discuss the growing threat of identity crimes directed against businesses and the legal response from the U.S. government.

According to the 2011 Annual Report on Consumer Fraud, identity theft was the leading fraudcomplaint for the 11th consecutive year. Recent researchby Javelin Strategy shows that nearly 12millionAmericanswerevictimsofidentitytheftin2011,anincreaseof13percentover20101.

As identity theft continues to be the fastest growing formof consumer fraud, government bodieshavemade theprotectionofpersonal information apriority.However, agrowing trend isprovingthatit’snotjustcustomerdatathatthievesareafter.Fraudstersarenowobtaininginformationaboutcompaniesandassumingtheirbusinessidentitiesinordertostealcompanyassets,clientlistsandcreditinformationorsecurenewbusinessrelationshipsandpayments.U.S.companies,largeandsmall,arevulnerabletobreachesindatasecurityandriskfinancialdamagesandreputationallossesresultingfrombusinessidentitytheft.

1 http://www.reuters.com/article/2012/02/22/idtheft-javelin-idUSL2E8DM1WJ20120222?utm_source=twitterfeed&utm_medium=twitter

800.697.4733 | shredit.com

Identitythievescanbethird-parties,employees,competitorsandeven suppliers – and they are using increasingly sophisticatedmeasurestostealconfidentialbusinessdataandcommitbusinessidentityfraud.

Withalltherisksassociatedwithdatabreaches,whydon’tmorebusiness owners report the theft of company information? Insomecases,largecompaniesdon’tnoticesmallbreachesintheirdata security structures until after fraud has been committed.Medium-sized and small businesses owners often don’t reportinformationbreachesbecausetheybelievethattheiroperationswouldbeadverselyaffectedifthebreachwerepublicized.

What laws protect you?

TheIdentityTheftandAssumptionDeterrenceActof1998(IdentityTheftAct)wasinstitutedbytheU.S. government to address the growingproblemof identity theft. Specifically, the Actmade it afederalcrimetotransferorusesomeoneelse’sidentificationtocommitoraidacriminalactinviolationofFederal,state,orlocallaws.

Furthermore,theRedFlagsRuleisasetofUnitedStatesfederalregulationsthatrequirecertainbusinessesandorganizationstodevelopandimplementdocumentedplanstoprotectconsumersfromidentitytheft.

AnycreditororfinancialinstitutionthatallowscoveredaccountsmustimplementaprogramforRedFlagsRule.Withthat,theRedFlagsRulewaswrittenintoFACTAtoensurethatfinancialinstitutionsandcreditorshaveawrittenidentitytheftpolicyandprocedure2.Anamendmenttotherule,in2010,expanded the definition of institutions thatmust comply to include any business that has accessto consumer credit reports,provides informationabout consumers to credit reportingagencies,oradvancesfundstoorfromsomeone.TheU.S.governmenthelpsprotectbusinessesbyhelpingthemtoguardagainstdatabreaches.Bycomplyingwithconsumerlaws,businessesareprotectingthemselves.

2 http://www.idtheft.gov/reports/VolumeII.pdf

800.697.4733 | shredit.com

How is your information stolen?

Theftofpaperdocumentsandelectronicdataoccursinmanyforms,fromdumpster-divingtohackingintocompanynetworks.Often,fraudiscommittedwhenfilesareleftoutintheopenandvisitorsareabletosteal,copyorsnapaphotoofinformationthatshouldbekeptconfidential.Furthermore,someorganizationsdonottakeproperstepstosecurelydestroytheirprivatedata.

Thegrowingmobileworkforceandshift tocloudcomputingare leavingorganizations increasinglyvulnerabletoelectronicsecuritybreachesandthetheftofsensitivebusinessdataonline.Thenumberofpeoplewhoseinformationwasaccessedinadatabreachincreasedby67percentin20113.

How can you protect your business identity?

Considerhowidentitythievesarestealingtheinformationrequiredtoassumeacompany’sidentityandtakestepstopreventit.Herearesometipstohelpyouwardofffraudsters:

•Preventionisthebestprotection.Insteadofjustdealingwithidentitytheftasitoccurs,developpreventativeapproachesthatarestrategic,integratedandlong-term,suchaseliminatingsecurityrisksatthesourceandcarefullymonitoringandrestrictingaccesstoinformation.

•Develop internal policies and protocols that mandate secure document storage and disposalpractices.

•Shredeverythingonaregularbasis.Byimplementing“shredall”policies,youavoidtherisksofhumanerrororpoorjudgmentaboutwhatneedstobeshredded.

•Createacultureofsecuritybyeducatingemployeesoninformationsecuritybestpractices.

•Shredusingaprofessional service. It’s theonlyway toensure thereareno security loopholesanywhereintheprocess.

•Ensureyourelectronicdataisprotectedbysecurelyandsafelydestroyingyourharddrivesandphotocopier.

3 http://www.reuters.com/article/2012/02/22/idtheft-javelin-idUSL2E8DM1WJ20120222?utm_source=twitterfeed&utm_medium=twitter

About Shred-it

Shred-itisaworld-leadinginformationsecuritycompanyprovidingdocumentdestructionservicesthatensurethe securityand integrityofourcustomers’private information.Thecompanyoperates140branches in16countriesworldwide, servicingover150,000global,nationaland localbusinesses, including theworld’s topintelligenceandsecurityagencies,morethan500policeforces,1,500hospitals,8,500bankbranchesand1,200universitiesandcolleges.

Your FREE Security Consultation

Toconductyourownsecurityself-assessment,Shred-ithasdevelopedanonlinesurveytohelpbusinessesbetterunderstandsecuritygapsontheirwebsiteatthefollowinglink:http://www.shredit.com/Shredding-Service/Risk-Assessment-Survey.aspx

TolearnmoreaboutShred-itservicesortobookyourFREEsecurityassessment,visitwww.shredit.com

YoucanalsovisitShred-itonFacebookorfollowusonTwitterat@Shredit.

800.697.4733 | shredit.com