On Thursday, January 26, they will be sponsoring a Data Privacy Day event, “The Intersection of Privacy and Security,” featuring the Honorable Julie Brill, Commissioner of the Federal Trade Commission.

Although it falls on a Saturday this year, the National Cyber Security Alliance will be celebrating with events throughout January and into February. There will also be a live-streamed Facebook event, accessible here, and live panel discussions on Thursday, January 26th from 9:30 to 11:30 am EST at http://on.fb.me/dctalkslive.

A successful business is a trusted brand that protects customer and employee data, privacy and security. Businesses small and large have opportunities to improve privacy awareness and promote best practices among employees, management, clients, customers, subscribers, partners, and other audiences. Consider doing the following in honor of Data Privacy Day:

• Become an official sponsor, partner or champion of Data Privacy Day.
• Sponsor or host a Data Privacy Day event in your area.
• Ensure that your company has a designated employee in charge of privacy and that you are complying with all applicable privacy laws.
• Develop internet privacy policies for your business. The Federal Trade Commission’s Bureau of Consumer Protection Business Center is a great resource http://business.ftc.gov/privacy.and.security. If you already have policies in place, review and update them to ensure they address current threats and best practices.
• Conduct employee training on privacy as it relates to employment, helping employees learn how to protect the privacy of clients’ and customers’ personal information and teaching employees how to manage their own privacy at work.
• Host a series of educational events or a brown bag lunch for your employees designed to increase
• awareness about data privacy in an area of interest to your employees including: mobile privacy; social networking; identity fraud and theft; online tracking; health privacy; online reputation management. Use materials, posters and videos available at http://www.staysafeonline.org/dpd.
• Create a plan in the event the privacy of customer data is compromised by a data breach. Check out the Debix Data Breach Incident Response Workbook for ideas (http://www.debix.com/workbook/index.php).
• Communicate with your clients, membership, or workforce about privacy awareness in the month of
• January in honor of Data Privacy Day using company newsletters, intranets, networks, and other internal communications. Blog about privacy throughout the month of January. Use social networks such as Facebook and Twitter to disseminate information and encourage customers and employees to learn more about privacy. Feel free to use content found at http://www.staysafeonline.org/dpd.
• Become a fan of Data Privacy: NCSA on Facebook (https://www.facebook.com/DataPrivacyNCSA) and
• follow Data Privacy Day on Twitter (@DataPrivacyDay).
• Encourage the privacy and security professionals in your workplace to visit local schools to talk with teens about privacy and share the STOP. THINK. CONNECT. message.
• Create and disseminate engaging educational materials for your customers, for consumers, for employees or for businesses.
• Conduct a study to advance understanding of privacy practices and share the results in honor of Data Privacy Day.
• Hold a shredding event to raise awareness about data privacy.

For more information, as well as tip sheets and other promotional materials, visit http://www.staysafeonline.org/.

Helpful Tip Sheets:

Privacy Tips for Social Networking

Mobile Privacy Tips

The Trend
Increasingly, workers today are bringing their personal devices to the company IT department to enable access to e-mail and other productivity apps on them.

According to a recent Forrester report, three-quarters of U.S. workers pick the smartphone they want rather than accept IT’s choice. What’s more, another recent survey discovered increasing numbers of enterprises across all industries are supporting a bring-your-own-device (BYOD) model, and in more than half of those instances, employees shoulder the cost of their device and service plan.

The Problem
So now employees can use their favorite devices for work but companies must support more platforms and deliver business apps including e-mail, chat and portals on iPads, iPhones, Android and Windows phones. That means that data and apps will be used from any location over any network—which can endanger sensitive company information, potentially getting workers or their employers into trouble.

To keep confidential data stored on personal mobile devices from falling into the wrong hands, many IT departments turn to third-party solutions to better secure, monitor, manage and support the variety of mobile devices used by employees. Using one of these solutions, IT organizations can implement security controls such as passwords and remote wipe and lock, which lets IT erase corporate data from a mobile device in the event it’s lost or stolen.

The challenge is that most employees don’t want to enter a complex password every time they need to make a phone call, send a text message or update their Facebook status. Plus, when employees use their personal phones for work, a remote wipe could erase personal apps and data in addition to corporate data and applications.

A Solution
Fortunately, companies such as Good Technology take a different approach to these BYOD security challenges and keep the best interests of employees and the company in mind. Good helps companies separate and secure corporate data while leaving employees’ private information untouched.

For example, rather than remotely wiping the entire device, IT can wipe only corporate data, leaving personal data and applications intact. This lets employees use their personal mobile devices at work without having to worry about compromising company information.

Keeping Information Secure
Don’t use cloud programs on your mobile device to share corporate files and data.

Beware of e-mail fraud.
Don’t send e-mail to anyone you don’t know or respond to e-mails from unknown sources without first verifying that they are legitimate.

Secure your device’s settings and have it automatically lock after five minutes.

Don’t forward e-mails from your corporate address to private e-mail accounts, especially e-mails with attachments.

Don’t use check-in apps everywhere.
Turn location setting off when not using apps that require it.

Be careful of beta programs/apps—they can be dangerous, as in many cases the developers haven’t sorted out security yet.

Further Information
To learn more, visit http://www.good.com.

Nearly one in five Americans report that they have been the victim of a phishing scam, according to the results of a survey conducted by Experian, the leading global services information company. Alarmingly, of those respondents who wouldn’t or didn’t report having been a victim of phishing, nearly two-thirds reported that it was because they didn’t know how.

While taking proactive measures can help minimize your chances of being the unwilling participant in fraudulent activity, it’s equally as important to know how to react in the event that you do find yourself the victim of a phishing scam. Rod Griffin, director of public education at Experian, offers some dos and don’ts for the critical next steps you should take if you have been phished.

Things to Do:
Notify law enforcement. The war against phishers cannot be won in isolation. It is important that you notify your local police department or other appropriate law enforcement agency of any instances of confirmed theft of your personal information as this may help prevent similar activity from happening to you or others in the future.

File an online report with the Federal Trade Commission. You can log on to www.consumer.gov/idtheft for step-by-step instructions on how to file a report.

Contact sources that report fraudulent information. It’s important to contact your bank or credit card companies that handle accounts that may have been compromised. Contacting a credit reporting company is also important. You can request that the credit reporting company add a fraud alert to your credit report and notify the other national credit reporting companies so they can do the same. As a potential fraud victim, you can request a free copy of your credit report and review it for any fraudulent information.

Contact the company that appeared to request the information fraudulently. If you suspect that you’ve received a fraudulent email or been contacted via instant messaging, directly contacting the company in question will allow you to either verify the request or notify the organization of phishing activity.

Things to Avoid:
Delay reporting. Immediate action is essential to mitigate the potentially negative consequences that can result from fraudulent activity.

Take a narrow course of action. Partnership is the key to minimize the consequences of any form of identity theft; be sure to communicate appropriately with national credit reporting companies, credit grantors, data providers, law enforcement and government agencies.

Be embarrassed. Every year, a staggering number of people are victims of phishing activity. It’s much more humbling to have to deal with the long-term consequences of identity theft than to come forward and seek assistance.

Reinvent the wheel. While it may be helpful to take additional precautionary measures in the future (e.g., subscribing to an identity theft monitoring service, such as that available at http://www.protectmyid.com), it may not be necessary to replace your electronic devices (i.e., computer or smartphone) or reapply for personal documentation (i.e., Social Security number) but you should ensure that you have up to date anti-virus and desktop firewall protections.

Many small-business owners already know this; in fact, in a recent survey by Carbonite Inc., a provider of online backup solutions, 81 percent of small-business owners said they consider data their company’s most valuable asset.

Yet the same survey found that more than half (57 percent) have no plan in place if something disastrous happens to their data. And nearly half (48 percent) of small businesses with two to 20 employees have already experienced data loss, according to a separate Carbonite survey. A third of those never recover their lost data.

“The Federal Emergency Management Agency has said that 40 to 60 percent of small businesses never re-open after a data disaster,” says Peter Lamson, a small business expert for Carbonite. “Small businesses that plan ahead and take key steps such as protecting their valuable business data will be in a much better position to get their businesses back up and running when disaster strikes.”

So how can you protect your company from some of the most common causes of data loss?

“The single most important thing small businesses can do to protect their data is to back it up every day,” Lamson says. “We know from our research, however, that while some small businesses perform daily backups, many don’t. And of those that do, many are using antiquated methods or are only partially backing up primarily due to the time or costs associated with business backup.”

Most small businesses that back up their data rely on physical devices, like external hard drives, USB/flash memory sticks or CDs/DVDs. Physical devices require business owners to keep track of them, manage the backup process, and assign an employee to this task. Furthermore, backup copies are often stored on-site and exposed to the same risks as the original data.

Many small businesses are turning to online backup services to safeguard their data and streamline the backup process. Services such as Carbonite Business provide online backup that meets the ease-of-use and budget needs of small businesses. Not only does online backup add a layer of security by storing valuable data off-site, it also allows for automatic and real time backup. If a business’ computers are connected to the Internet, then its data is backed up automatically.

Here are some common causes of data loss and how you can help protect your company from them, in addition to backing up:

Cause: Hardware/software failure (54 percent)

Protection: Do regular maintenance tasks for hardware and software. Most operating systems now come with built-in disk clean up and diagnostic functions. Run them regularly to help keep your software in good shape. Keep an eye on hardware too, with simple steps such as checking power cords periodically to ensure they’re OK.

Cause: Accidental deletion (54 percent)

Protection: Accidents happen and sometimes data that you mean to preserve gets lost or deleted. This is when having an instantly accessible backup is vital. Ready access is another advantage of online backup. Rather than having to go track down an external hard drive or call your IT person, online backup allows you to access your preserved data in real time, so that you can be back up and running quickly.

Cause: Computer viruses (33 percent)

Protection: Software to protect your PCs and system from viruses and malware is essential. Keep your virus protection software up to date to help ensure you maximize your ability to block viruses. Make sure employees know never to attempt turning the software off, and direct them to avoid opening email attachments unless they are confident of the source of the email.

Cause: Theft (10 percent)

Protection: Thieves don’t only target big companies. In fact, small businesses can be particularly appealing targets for data thieves since they often have fewer safeguards in place than do larger companies. In addition to a firewall and secure Internet connection, your prevention measures should include steps to keep thieves from stealing hardware such as flash drives, external drives, data tapes and even the PCs themselves.

Editor’s Note: October is National Cyber Security Awareness Month. You can download a free Mobile Safety Tip Sheet here.

For many consumers, using a smartphone or a similar device can be a convenient way to handle much of their banking and shopping.

To help protect your phone or device from scam artists and increase your awareness of cyber security, here are a few tips designed to keep you and your money safer:

Sync mobile devices. Essentially, mobile devices are small computers with software that needs to be kept up to date, just like a PC, laptop or tablet. Make sure all the mobile devices in your house have the latest security protections. This may require syncing your devices with a computer.

Guard your personal information. Protect your phone just as you would your computer. Secure your mobile device by using a strong passcode and be cautious about the sites you visit and the information you release.

Think before you app. Before you download applications (apps) on your devices, review the privacy policy and understand what data an app can access.

Protect your money. When banking and shopping on your mobile device, check to be sure the sites are security enabled. Look for web addresses with https://, which means the site takes extra measures to help secure your information.

Bank of America executive Keith Gordon, who specializes in security, explained: “Bank of America’s security systems analyze millions of transactions a day, looking for patterns to help identify and help stop fraud and identity theft from happening. The company has more than 50 alerts, helping customers detect possible fraud and keep track of their accounts.”

When in doubt, don’t respond. Fraudulent texting, calling and voice mails are on the rise. As with e-mail, requests for personal information or calls for immediate action are almost always a scam.

As an added precaution, Gordon recommends that consumers choose a bank that offers its customers protection from such scams. Bank of America customers who are victims of fraud are protected with their $0 Liability Guarantee and are not liable for such transactions.

Should fraudulent activity originate from a transaction on your consumer deposit or credit card account, the losses will be covered by the guarantee.

Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, share with friends, family and colleagues, and encourage them to be Web wise.

To learn more, visit http://bankofamerica.com/security.

Recently, however, high-profile security breaches have caused a lot of people to think a little more carefully about the safety of personal data on their phone.

Attackers are deploying a variety of increasingly sophisticated techniques to take control of your contacts, personal data and money through your mobile device. According to a recent report (Lookout Mobile Security Threat Report, August 2011), three out of 10 Android owners are likely to encounter a Web-based threat on their mobile device each year. App-based threats are also on the rise. There were over 400 Android apps infected with malware in June 2011, up from 80 infected apps in January.

Protecting your phone with a password is always a good idea, but may not be enough. Here are more ways to protect yourself from smartphone security threats:

Treat your phone like your PC and get protection. Most people protect their PC from malware and viruses and now the phone needs the same level of protection. Protect yourself and your private data from malware, spyware, phishing attacks and malicious apps by downloading a security app like Lookout Mobile Security. Lookout can even help you locate a lost or stolen phone.

Download the updates for your phone and mobile apps. Hackers are always looking for new ways to attack a device and vulnerabilities in the phone software can provide that opportunity. Often, these updates include patches to security flaws recently found in the software that can put your information at risk.

Use discretion when downloading apps. Download apps only from sites you trust, check the app’s rating and read the reviews to make sure it’s widely used and respected.

Use discretion when clicking links from your phone. On a smartphone, because of the small-form factor, people are three times more likely to submit their personal login info on a phishing site than if they were using a PC. When you surf the Web, e-mail, text and enjoy social networking from your phone, you can be exposed to some of the same malware and phishing scams found on the PC. Lookout Mobile Security will examine every link in real time and automatically warn against phishing attempts and unsafe sites-guarding users from identity theft, financial fraud or malware.

For more information on the security issues on your phone, go to http://www.mylookout.com.

More than 9 million Americans are affected by identity theft each year and nearly 40 percent of all Americans are more concerned about identity theft after hearing of the recent breaches of information within major corporations, according to an IBOPE Zogby International survey.

“Identity theft is the fastest-growing crime in America (Source: USDOJ) and identity thieves can get hold of your personal information in a variety of sneaky and illegal ways,” said Heather Battison, senior education director for TransUnion’s consumer products. Her company is one of the three major national credit-reporting companies. “The more you know about this prevalent crime and how it occurs, the better prepared you will be to protect yourself.”

From account takeover to identity theft, these crimes are often time consuming for consumers to work through. Although it is hard to truly avoid becoming a victim of identity theft, there are a few ways you can help guard against identity theft and detect it.

First, carry only what you need in your wallet. Leave extra credit cards, your Social Security card, PIN numbers and other info at home or in another safe place.

Watch your mail for statements from creditors with which you have not opened accounts and for statements or bills you normally receive regularly but that have stopped coming.

Don’t include your Social Security number on your driver’s license.

Consider a locked mailbox at home. Going on vacation? Have your mail held at the post office.

Buy a shredder and destroy unneeded bills or documents that contain personal information.

Use only secure websites to conduct transactions. Never disclose personal information over the telephone or Internet unless it is to a trusted source and/or you initiated the call/transaction.

Review credit card and bank statements carefully every month. If something doesn’t look right, investigate it immediately.

Review your credit reports frequently. Subscribe to credit monitoring, such as TransUnion.com, a service that alerts you to critical changes made to those reports. This will help you detect not only signs of fraud, but identity theft as well.

Learn More
For more information and tips on how to prevent identity theft or ways to better manage your credit, visit http://www.TransUnion.com or follow TransUnion on Facebook at http://www.facebook.com/TransUnion.

Under the Red Flags Rule, a business defined as a “creditor” must have written policies in place to spot the “red flags” of identity theft. An acceptable identity theft prevention plan must have procedures in place to detect, prevent and mitigate identity theft. The plan must include training employees and subcontractors and periodically re-evaluating new security risks. To mitigate identity theft, a strong plan should also include a proactive protection solution to cover the affected individuals.

Credit monitoring is not enough. The types of crimes that consumers face today are not as simple to clean up as closing a credit card. Whether personal information is used to commit other crimes, clean out bank accounts, file false tax returns, steal home equity or obtain utilities, employment, government and medical benefits, the crime can follow consumers for years to come.

Although the law was designed to protect consumers, as CFO magazine points out, identity theft costs businesses big bucks, too.

The Red Flags Rule would seem amenable to all, but it wasn’t quite that easy. As originally drafted, it required any business to comply if it extended credit. Insurance and medical industries, among others, argued that the Rule would be overly burdensome to small businesses.

The Red Flags Rule as finally implemented has a much narrower definition. According to the FTC, creditors must meet one of three criteria. They must:

• Obtain or use consumer reports in connection with a credit transaction;
• Furnish information to consumer-reporting agencies in connection with a credit transaction; or
• Advance funds to—or on behalf of—someone, except for funds for expenses incidental to a service provided by the creditor to that person.

In other words, your dentist who bills you after a root canal or your wireless phone carrier that sends you a monthly statement are not “creditors” for the purposes of this law but a car dealer’s finance office would be.

What I don’t understand is why any business would put on blinders about the effect that data theft crimes could have on it. We hear constantly about losses brought by massive cyber-attacks and data breaches at multinational companies and the millions of consumers affected. We may not hear about what happens when a school or small business discovers a corrupt employee is selling other people’s Social Security numbers or when a hospital employee sells patients’ medical or financial records to an identity theft ring. Wouldn’t a business owner prefer to develop a plan to detect identity theft risks than deal with police, potential lawsuits, negative publicity and angry victims after a breach occurs?

Even with the law in place, however, thieves can get a hold of your personal information from trash cans, dumpsters, stolen mail, even shoulder surfing. That’s why to safeguard their personal information from the risk of misuse, many people are looking into LifeLock identity theft protection, a proactive defense system that monitors your identity and alerts you to potential dangers. Learn more at http://www.lifelock.com.

About the Author:
Ms. Richardson, certified identity theft risk management specialist, is a member of the National Association of Consumer Advocates and the American Consumer Credit Education Support Services, and author of “Give Me Back My Credit!”

Equifax, one of the nation’s major credit reporting agencies recommends taking the following four steps, as soon as possible, to protect your personal information from misuse.

Fraud alerts – and beyond. 
Protect yourself against identity theft by requesting a fraud alert with one of the three major nationwide credit reporting agencies like Equifax. When you request a fraud alert with one credit reporting agency, it is reported to the other two credit reporting agencies.  Fraud alerts are free and can be placed online, by phone or mail.

However, a fraud alert is not always enough to keep your personal information safe. Because fraud alerts protect against new account fraud and are only a flag to credit grantors to take extra steps to verify your identity, you might also consider placing a security freeze on your credit file. Security freezes protect against new account fraud and prevent your credit report from being reported to third parties, such as credit grantors, except those permitted by law or those you have given permission. Security freeze fees vary by state; they are not free.

Monitor your credit report.  
Some breached organizations offer free credit monitoring services to affected consumers for a limited time; if you receive a letter that offers free monitoring, take advantage of the offer before it expires. Credit monitoring enables you to stay on top of your account activity and protect your identity during a period of time when you may be more vulnerable to identity theft.

Monitoring products like Equifax Complete Premier typically charge a monthly fee and include these core product features like three-bureau credit report monitoring, identity theft insurance, lost wallet assistance and alerts of key changes to your credit file.

Consumers can also obtain a free, annual credit report from each of the three credit reporting agencies at http://www.annualcreditreport.com.

Close accounts.
Contact the appropriate creditors, banks, phone companies, and utility companies to close any accounts associated with the breached company, as well as any accounts that you know, or believe, have been compromised or opened fraudulently.

Stay alert.
Identity thieves may not use your information right away–sometimes thieves take up to a year or more to use your personal information. To stay on top of the situation, continue to monitor your credit reports regularly and read your financial account statements promptly and carefully.

Stay alert for signs of identity theft like:

• Failing to receive monthly bills or other mail
• Being denied credit or offered less favorable terms (i.e. higher interest rate)
• Receiving calls or letters from debt collectors for accounts you did not open

Watch out for phishing.
If criminals get access to your email account, they could use it to send fraudulent emails to you. Watch out for unsolicited emails that ask you for credit card information, your Social Security number or other personal data that you want to keep secure. If an email comes through asking for “verification,” directly contact the company or agency that is allegedly sending it by phone to confirm.

While it may be hard to protect the personal information you’ve entrusted to a company or to prevent security breaches from happening, you can take steps from requesting fraud alerts to credit monitoring or frequently changing your passwords, to protect yourself and keep your information from being exposed. For more information, go to http://www.equifax.com.

Adding to the confusion, some software vendors give the impression that free or basic security will provide adequate protection against all types of online threats, thereby creating a false sense of security among those who use their products. However, free offerings can put consumers at risk and be more costly in the end.

An Answer
A comprehensive, up-to-date security suite can protect your computer from the latest viruses and other malicious programs that can cause it to perform slowly and your programs to crash.

Security software also protects important personal data on your computer from being stolen, exploited or used without your permission. That could lead to your losing irreplaceable data, such as photos and videos or credit card information. Most people understand the value of the information on their computer. When Norton, a leading provider of Internet security products, asked people if they would accept $1,000,000 in exchange for allowing strangers unlimited access to their computer, 71 percent said “No way!”

Fortunately, a comprehensive Internet security suite will protect your personal information against the threats of today and tomorrow.

When picking out security software, keep these tips in mind:

Identity protection features are critical for protecting against cybercriminals stealing your money and identity. Ensuring your security keeps your identity safe as you shop, bank and surf online.

Look for products that provide proactive protection against known and unknown threats such as viruses, spyware and phishing attacks before they do damage to your computer. Key words to look for are “proactive protection.”

Choose a product from a trusted brand known for its expertise in security and buy from a trusted source. Hackers and cybercriminals are constantly evolving their methods and a well-known provider will have the resources and expertise to keep up. The security software from Norton offers comprehensive protection based on the way users actually behave online.