The Federal Trade Commission (FTC) reports that about 10 million people are victims of identity theft every year.
How it Happens
Identity thieves get information in a variety of ways, including:
- Stealing personal items such as a wallet, purse, laptop, personal digital assistant and mail
- Picking through garbage for discarded credit card statements, bank statements, and pre-approved credit card offers
- Hacking into computers
- Posing as someone else to obtain personal information from a bank, credit card company, etc.
- Conducting telephone and email scams
Stay One Step Ahead
To minimize your risk, the FTC recommends the following precautions:
- Check your home mailbox daily, and drop your outgoing mail into a secure U.S. postal mailbox only.
- Carry only what you need in your wallet or purse, and leave your Social Security card at home in a safe place. Keep an itemized list on paper of all the items in your wallet, make front and back copies of your credit cards, calling cards, driver’s license, insurance card, passport, etc.
- Pay attention to your billing cycles, as identity thieves may change your billing address on your credit cards, so late bills may indicate a problem.
- Give out your personal information on a need-to-know basis and to legitimate businesses only. Do not print your Social Security number, home phone or driver’s license number on your checks. If requested, use your work number. If you are required to use your Social Security number as an account number, request to use an alternate identifier.
- Update your virus protection software. It is also a good idea to use a firewall program.
- When shopping online, make purchases from a secure browser, indicated by https://, and do not use automatic log-in features.
- Before disposing of an old computer, delete your personal information using a wipe utility program, which cleans all the information off your hard drive.
Report Identity Theft
If your wallet or some of its contents are stolen:
- Determine what’s been stolen, and call all creditors immediately to cancel your accounts.
- File a police report. This will help provide proof of immediate action to your credit card providers.
- Call the three national credit reporting bureaus, as well as the Social Security Administration, so that a fraud alert can be placed on your name and Social Security number.
Cyber insurance coverage is a relative newcomer to the insurance market, which can present some challenges for both businesses and insurers. To date, there are no official industry standards for cyber insurance, but there have been major strides in recent years to establish some. The National Institute of Standards and Technology (NIST) offers a comprehensive overview of the current state of cyber risk management. Adherence to these standards is currently voluntary, but many experts believe that the NIST recommendations have become the unofficial industry standard for cyber risk management.
Still, with the breakneck pace of technological evolution and increasing pressures to digitize data, most businesses are already vulnerable. The best way to protect yourself and your business is to conduct a risk assessment and identify any gaps in your coverage. Here are a few things worth looking for:
Understand the coverage that you have, and the coverage that you don’t. Many people might make the mistake of assuming that a commercial general liability (CGL) policy covers losses in the event of a cyber attack. However, assumptions like that can be dangerous and costly, as many CGL policies specifically exclude electronic data. Take the time to review your current coverage and identify any exclusions that might leave you vulnerable.
Understand your company’s specific needs. Companies vary in their use of and dependence on data. For instance, customer data held by financial or health care businesses is comparatively more valuable to criminals. Other companies, like online merchants, may potentially suffer greater losses as the result of an attack that crashes a website or interrupts service. Different policies have different limits, sublimits and exclusions for different kinds of losses, so it’s important to work with an expert who can find exactly where your liabilities lie and what kinds of coverage you need.
Consider retroactive coverage. Unfortunately, cyber breaches often go undetected for a long time. As a result, a policy that only offers coverage to the date of inception might leave you vulnerable to a cyber attack that hasn’t yet been discovered. To mitigate your liability as much as possible, get coverage with the earliest possible retroactive date.
Obtain coverage for third-party vendors. Many businesses outsource their data processing or storage to a third-party vendor. This is a smart move, especially if you aren’t equipped to handle the IT side of your business. Unfortunately, it may leave you liable for damages if the actions of that third party are responsible for a breach. Make sure you have coverage for the actions or omissions of third parties with whom you do business.