Information Security During the Holidays

I was angry. I discovered the issue when I was making arrangements to move into an apartment after accepting an offer for my first full-time job graduating from college. I had issues arranging utility service. I was informed I could not activate utilities because there was already an active account opened in another person’s name tied to my Social Security number, and there was an overdue balance of a few hundred dollars. It took me a little while to process that information while I was on the phone with the representative. I recovered, then went into action mode. Okay, what do I have to do to clear this mess up?

I got even angrier when I was told I have to make a photocopy of my driver’s license, birth certificate, Social Security card, fill out a few forms, one being a notarized affidavit stating I am who I’m saying I am, send all the forms and evidence by certified mail, and wait three to four weeks.  Seriously? Isn’t the process backwards? Shouldn’t they have done this verification prior to service activation so it would have been caught sooner as fraud?

I was told the account was opened the year I was only 9 years old. The issue wasn’t detected until more than a decade later by chance. After a lot of back and forth follow-up phone calls with the utility company, reporting the incident to the appropriate authorities including the credit bureaus, not to mention stress and frustration, I finally cleared my identity and moved into my place.

Data Security – a very critical aspect of everyone’s life in this millennium. When this incident happened, the digital landscape wasn’t what it is today. No online purchasing or banking, debit cards, social media, etc. were around at the time. Neither I nor my parents had any clue how my Social Security number got into the hands of a criminal when I was young.

With digital data storage being a norm in today’s society, there are much higher risks in personal data becoming compromised. No one is immune from data breaches – company, industry, or individual.  A lot of aspects in my roles throughout my career have been involved with data security, and I gained a lot of satisfaction in doing my part to prevent and mitigate risks. What are companies doing to protect us, and what can you do to protect your private information?

General Data Protection Regulation (GDPR) is a European law on data protection and privacy that many global companies implement as due diligence when processing data. Adopted in 2016 and enforced in 2018, many business and IT departments in organizations collaborate to ensure processes and technical features account for passing, storage and viewing of personal data of employees, clients, and the general public.

ISO 27001, Information Security Management Systems is an international standard. When an organization is certified, it commits to keeping their data secure in all forms by continually assessing strict corporate policies, procedures, and risks.  Certification provides evidence of integrity, strict adherence and mitigation while providing comfort level to clients and individuals that serious measures are being taken so data will be protected.

These are some of the many data protection standards that companies use. I have been involved in a lot of aspects of data security over the years, from managing and reporting security vulnerabilities, working with Auditors, IT Managers and Cybersecurity Analysts to resolve based on severity, to managing the implementation of the ISO27001 standard for the largest scope in my organization and participating in GDPR assessments for projects.  From a corporate financial security perspective, I am a member of a Sarbanes-Oxley team that governs the process related to fraud protection impacted by financial policies and controls within the company.

The incident I described earlier is unfortunately what a lot of us have experienced or are experiencing. Some incidents are much simpler to fix than others. I was lucky to clear my name within a few weeks versus months or years. It was an incident that can be tracked to a single individual, so the investigation was completed without complications. Other situations may not be as simple. So what can we do as individuals to protect ourselves from identity and financial fraud? And how can we detect fraud sooner than later?

Here are some important reminders, especially as we enter the holiday season during a pandemic:

1. Always ensure you are on a legitimate and protected web site when purchasing online.

2. Be cautious when entering in SSN, birthdate, income, etc online.

3. Know your benefits as a debit/credit card holder in case there are suspicious and unauthorized transactions.

4. Physically protect your debit/credit cards.

5. Monitor your accounts and credit score regularly. Many financial institutions offer credit score monitoring as part of having an active account with them. You can catch unauthorized inquiries or account activity.

6. Along with credit score, monitor your credit report. A benefit I use is the free credit bureau reports we can get once a year.

7. Shred hard copies of confidential documents.

8. Have an active anti-virus software on your devices.

9. Change your passwords regularly, including Wi-Fi, and be cautious of open Wi-Fi access.

10. Be cautious when posting information on social media.

That experience taught me to be more vigilant of my data and information. Our Cybersecurity friends are hard at work ensuring our personal information is protected, but there are not so nice people out there that will challenge the law. Unfortunately, we hear about the massive data breaches, and it is critical that we do what we can to protect our information from getting into the wrong hands, and knowing what to do when it does. We’re probably saying, ‘Yes, I know this information and it’s common sense’, so this is not the first time we’re hearing of these reminders. Hearing them often will give us the mental and physical muscle memory to be extra aware of our actions when it comes to our personal data. This also gives us the opportunity to assess the actions we can proactively improve on to shield ourselves from fraud. What tips can you use?

-Gail