Kroll Fraud Solutions Blog – A Dialogue on Data Security

Tip #2: Train all of Your Employees to Properly Handle Sensitive Information

When your employees deal directly with customers, they encounter a myriad of potential security risks that other industries do not . Earlier this year, we discussed a customer service mistake that could have had major implications for the customer and the store.

Retailers should provide regular security training to employees in proper handling, storage and disposal of sensitive personal information and host additional training sessions prior to major shopping seasons (e.g., 2010 holiday shopping season) as a refresher. Be sure to include all temporary employees in these sessions, as well. In the training sessions, provide information that helps employees stay up-to-date on the latest scams as well as techniques for detecting fraud.

Tip #5 Beware of scams. Scammers try to obtain sensitive personal information (SPI) from consumers in a variety of ways. Practice caution regarding any communication that appears to be from a legitimate business and requests personal information.

Often the scammer tries to get you to react to their communication without thinking –they heighten your sense of urgency by claiming you have something to lose (or even gain) if you don’t reply to an email, visit a website, or call a number by voice or text message to supply information such as bank or credit card account numbers, Social Security number, date of birth, etc.

Tip #4 Think before you share. Whether on your social networking page, in casual conversations, or when completing a retailer’s customer information form, be careful about the type of information you share. Many people give away too much without even realizing what they’ve done. Know that just because a space for a particular piece of information (i.e. date of birth or Social Security number) exists on a social networking profile or a retailer’s preferred customer account, for example, you do not have to fill in that space with such personal information. Be stingy with the key components to your identity and don’t be afraid to ask why the requestor needs it.

Back at the first week of May, we discussed the CBS News report about copier security that was gaining so much attention. It has come as a surprise to a lot of people that copiers containing hard drives are continually and, quite frequently, returned to the office supply center with sensitive data still housed inside. In fact, it has drawn the attention of Congressman Edward Markey, who wrote a letter to the chairman of the Federal Trade Commission urging him to look into the matter. The FTC has responded, assuring Markey that they will reach out to those in the copier and office supply industry “to ensure that they are aware of the privacy risks associated with digital copiers and to determine whether they are warning their customers about these risks, whether they are providing education and guidance on this subject, and whether manufacturers and resellers are providing options for secure copying.”

Ten tips for fax safety

As we discussed in the last two posts in this series, you can see how even mundane office equipment can pose a serious security risk. Part of the security battle here is simply understanding the issue, because the technology already exists to help you erase your fax or copier hard drive. So, are you safeguarding against what amounts to pure error?

As it turns out, there are several steps you and your staff can take to reduce the risk of misdirected faxes: