Going beyond online identity protection

Oct 29, 2009 1:25pm

By John Herr, CEO, EZShield

Earlier this month, almost 100 people were charged in the U.S. and Egypt as co-conspirators in a phishing ring that managed to siphon off almost $1.5 million from customers of Bank of America and Wells Fargo since 2007. The same week, FBI director Robert Mueller admitted he had almost fallen victim himself to a phishing scam.  Score two points for the good guys. 

But the fact remains, this month – like all months – the volume of fraud and identity theft that happens online is staggering. This month just happens to be National Cyber Security Awareness Month.

We applaud the government, business and activist efforts to devote an entire month to raising awareness and helping educate individuals about how to protect themselves against cybercrime. Nevertheless, there is more to protecting ourselves against fraud and identity theft.

Most people don’t realize that the overwhelming majority of identity theft happens offline.  In 2004 – the most recent year for which statistics have been published – 89% of such thefts took place in offline contexts. The weak economy of recent years has only heightened the appeal of these activities, including - for example - mail theft. Once sensitive personal information has been obtained, it can be easily aggregated and traded across borders. The international black market for trading identities is growing at 17.3% a year, according to analyst firm IDC.

Mail theft is just the start. Your identity can be stolen any time that your personal data is exposed. For example, the Federal Trade Commission notes that in 2007, 14% of these thefts occurred in the workplace.

People need to take a more holistic approach to protecting themselves from fraud and identity theft. Think of it not just as cybersecurity, but identity security. 

Because your identity exists both online and off, five things everyone should do are:

  • Shred bank, credit card, and other statements with printed account numbers
  • Get a locking mailbox
  • Create strong online passwords, change them regularly and don’t keep them on post-its or paper out in the open
  • Refuse to use your social security number, date of birth, or other such data as a password when dealing with call centers and businesses 
  • Sign up for an identity protection service that monitors for both online and offline breaches and restores identity 

Cybersecurity is incredibly important as the two incidents mentioned above demonstrate.  But offline security is crucial, too.   In addition to October as National Cyber Security Awareness Month, perhaps we should think of the other 11 months of the year as ‘identity security awareness months’.  After all, 11 months represent about 92% of the year – not far off from the 89% of identity crimes that happen offline.