Saturday, October 17, 2009

WAKE UP! Red Flags Rule Is Here…

Can I Have Your Attention Please?

Ahem, down here guys...OK, here we go. Identity theft is a monolithic problem in the world today. Anyone from the savviest of business CEO’s to youngest babes in our society are at risk; this includes any entity such as a government or non profit agency. Not even the deceased are safe (so to speak) from this crime.

In fact ID theft it is the fastest growing white collar crime in America, and why not, most of the bad guys never get caught and nearly all consumers continue to go about their daily lives as unwary as sheep to a sheering only to find out to late that they have been misled to a financial slaughterhouse in the aftermath of having their Identity stolen.

More than ten million victims fall prey to identity theft in the United States each year and the number of victims who report this crime continues to explode every year. The reported lost or stolen personal data since 2005 is now more than 339,674,601, this estimated to be only 20% of what the actual number truly is!

What this really breaks down to is more than half of all U.S. citizens (including small children) have had their personal information stolen. And the FTC says that Every Credit Card ever issued (including Bankcards) has been compromised…Yikes, each and every one!

Is it no wonder then that the Payment Card Industry (PCI) has decided it has had enough of covering the financial losses for credit fraud (in the billions) or that the Federal Trade Commission has decided to finally step in and take action in order help stop the devastating effects of this crime by putting the liability for these breaches onto businesses through the Red Flags Rule?

Now keep in mind that credit fraud is only 33% of the problem. The other 67% is due to other nefarious practices not the least of which are data breaches from within a company i.e. a disgruntled employee or negligent security practices or (heaven forbid) no security at all, or outside breaches from cybercriminals known as black hat hackers who take advantage of the low hanging fruit due to poor security . This brings us back to the new federal laws and regulations known as the Red Flags Rule.

To whom do these laws and regulations apply?
The General Rule of thumb is that if your business or entity collects, uses, transmits or stores any identifiable information about your customers and or employees you must comply with the laws and regulations. This includes: name, address, phone number, SS#, driver’s license, birth dates, medical information, Tax ID# etc.

Not every law or regulation is applicable to every business but every business must meet minimum standards of information security or face heavy fines or even civil action should a breach occur.

What is a Red Flag?
A Red Flag is potential sign that Identity Theft may be occurring and businesses are required by the FTC to spot and act upon any red flags that may be a telltale sign of identity theft. Some of the requirements for compliance include:

• Developing a written red flags program to include: identifying potential red flags, detecting red flags, and a protocol to respond to red flags.

• Educating your employees on these protocols.

• Maintaining and updating your company red flags plan (this is a living law and is subject to changes, it is up to you to know what these are).

Enforcement of the Red Flag Rules begins November 1st 2009, and ignorance of this law is no excuse. Be aware that States can enforce these laws as well and many states have put their own special spin on what is required for a business to be compliant.

Who is a Candidates for Red Flag Rule?

• Doctors, dentists, acupuncturist, chiropractors, massage therapists, nutritionists, mental health providers etc.




• Utilities

• Retailers

• Online merchants

• Telecommunications companies

• Debt collectors

• Employee benefit plans that sponsor a flexible spending account when the arranged using a debit card.

What if I don’t comply?
Businesses subject to Red Flags Rule must comply by Nov. 1, 2009 or face the possibility of enforcement action by the FTC in the form of fines or other legal actions. The penalty alone per name stolen or leaked is a staggering $3,500! Your business will come to a halt while the forensic investigators are looking into the cause of the data breach. And here’s a fun stat for you - 50% of businesses that lose their critical data for 10 days or more have to file for bankruptcy immediately…fun stuff!

Moving right along, your business name by this time is more than likely “Mud” and in most states you are required to inform each and every customer that your company’s data breach has put their good names in jeopardy (ouch); and if that isn’t enough, the law also allows the consumer/victim the right to recoup their losses from you... I’m talking civil and in some cases even criminal suits here I have your attention now?

So what can a business owner do to protect their business data from being harvested by a cyber crook out on the take?

1. Education. Go to the FTC’s website at: FTC Red Flags Rule and learn the facts straight from the horse’s mouth and how they apply to your businesses.

2. Get the best internet protection you can for all of your company’s computers along with a cracker jack team of IT professionals: Safe PC Solution

3. Develop and start implementing your Company’s Red Flags Rules protocol.

4. A simpler way to do this is to have a team of experts work hand in hand with you to certify that your business is following all of the Best Practices so that your company’s important personal information doesn’t fall prey to bad guys looking to sell it for a nickel a name! InfoSafe

In conclusion:
The US Dept of Homeland Security released a statement in September of 2009 that says that “87% of breaches could be thwarted by simple to intermediate preventative measures.”…WOW! Is that all?

Tracy Lund
Computer Security & Identity theft

(831) 661-0598

No comments:

Post a Comment