Kroll Fraud Solutions Blog – A Dialogue on Data Security

Do your frontline employees know what rules apply to your business? Have they been trained to understand consumer rights afforded by federal laws? If not, could they be giving your customers bad advice?

Victims of identity theft related to an existing account often experience confusion, anxiety, fear, and a host of other very emotional reactions. So when customers turn to the entity that issued the account (financial institution or utility provider, for example) for advice, it is a major moment of truth – if the customer receives compassion and helpful, accurate direction, the positive aspects of the event are amplified. If, however, the customer receives bad advice, the negative impact will quite likely be very severe, to the point that the customer may simply terminate the relationship. Taken in those terms, the time spent training your frontline employees – those most likely to be the first point of contact with customers with an alleged account theft or identity theft – makes perfect business sense.

Ten tips for fax safety

As we discussed in the last two posts in this series, you can see how even mundane office equipment can pose a serious security risk. Part of the security battle here is simply understanding the issue, because the technology already exists to help you erase your fax or copier hard drive. So, are you safeguarding against what amounts to pure error?

As it turns out, there are several steps you and your staff can take to reduce the risk of misdirected faxes:

Faxes and copiers hang on to your sensitive documents a lot longer than you think

As if worrying about causing a data breach through simple fax error weren’t enough, there’s another menace lurking in your office equipment that can sabotage your security. Most copiers and fax machines less than seven years old contain hard drives or memory chips that can record and store any data sent through the machine; that is, any document you copy or fax.

Why your fax machine may be your worst security risk

Last week, a data breach made headlines in Canada, when a woman’s private medical information was faxed by her doctor’s office to a newspaper. It was no doubt a mistake; a simple case of a wrong number. The laws of probability assure it will happen from time to time, but unfortunately, this type of breach becomes more insidious when you look at the details. In some instances, it is hundreds of records that are faxed over a multi-year time span. And in those cases, oftentimes the doctor’s offices and government entities knew of the problem, but still took years to correct it.

Going back to our April 30th blog post . . . Back when I was just starting to learn about id theft and protecting my PII, I applied for a Hollywood Video rental membership. The application asked for my Social Security number. I asked why they needed it; the clerk couldn’t tell me. I didn’t list it and I still obtained a membership. The store at which I applied is now closed and stories have appeared about the irresponsible disposable of the records by other stores. So, how happy am I now that I didn’t give that piece of PII on the application. I tell this to the students when we present the CSR program—be stingy with personal information.