Protect against holiday ID crime, experts warn

With identity threats rising in proportion to increased holiday spend, security experts initiated “National Identity Theft Prevention and Awareness Month,” a public awareness campaign that runs through December 2019. Elevated holiday season threat levels are largely due to increased transaction volume and merchant and consumer distractions, according to Darrell Laffoon, chief technology officer at Sontiq.

“December is a hot month for cybercrime,” Laffoon said. “It's only natural that employees get distracted around this time of year. One fundamental way to protect organizations is to reinforce best practices training.”

The massive scale of recent data breaches means nearly everyone’s personally identifiable information (PII) has been compromised, Laffoon added. Sontiq has been tracking breach activities for the past five years, he said. The company has compiled a series of reports designed to educate the public about ever-present threats across multiple channels, including social media, mobile devices, email and ecommerce sites.

Security-first culture

Small businesses tend to think that only big companies have to worry about security breaches, but criminals use smaller companies as a springboard to get to larger companies, Laffoon noted. In reality, cybercriminals are not interested in the Targets of the world when they can easily access a small merchant’s customer base and sell that data quickly on the black market, he said.

According to Laffoon, incorporating security into a company’s corporate culture is a necessary step toward preventing all forms of cybercrime. “Have a good educational program and actively practice it, not just yearly, but as an ongoing process with regular information and updates that are widely disseminated to the organization,” he said.

Monthly newsletters, videos and employee quizzes are tools that help keep information security top of mind for an organization, he noted. Another best practice is to proactively monitor business data. A lot of us do this with our personal data, but we also need to do this from a business standpoint, because thieves buy and sell sensitive data on the dark web year round.

Monitor, detect, remediate

Laffoon further noted that criminals can apply for business loans and lines of credit on behalf of a business or file fraudulent business tax returns, which are trending activities for cybercriminals during the holiday season. Firewalls and passwords are insufficient protections against these types of threats, he said. Use a business dark web monitoring service that initiates alerts when a company’s information is on the black market. He offered the following additional tips for protecting sensitive data:

• Social media ID theft protection: Be cautious about what you share, because information is permanent, even after you have deleted an account. Be wary of links that come across your timeline; they could be phishing scams.

• Holiday online shopping: Beware of seasonal games and surveys, which can be malicious, and of fake apps designed to steal sensitive data.

• Mobile device security: Always lock your phone when not in use; avoid public charging stations and WiFi networks and use caution clicking on email links. Take precautions before ordering anything on a smartphone. Perform an internet search on an Instagram or Facebook ad and read the reviews to ensure it’s not a scam.

• Phishing scams: Filter out spam and junk mail; never click on an email link.

“From an IT perspective and an information security team perspective, implementing breach preparedness and having an incident response plan can definitely mitigate the costs of a data breach, which can run into hundreds of thousands of dollars for SMBs,” Laffoon said.

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.