I recently had an identity theft scare.  Nothing major – just some $1.00 charges showing up on my checking account.  I spoke to my bank and they said that this is a common way that thieves check to see if the account is active and valid.  They push through a $1.00 charge and if it goes through, they refund it so that the balance doesn’t change, but they know they’ve got valid information.  From there, they can do with it whatever they please.  Luckily, I caught it early and we made the necessary security changes to keep myself protected and I’m out nothing but a few hours of my time.

But a lot of times, things like this can go unnoticed and cause damage on a much larger scale.  Illinois residents were the 7th most targeted for identity theft in 2017 and identity theft was up over 20% from 2016 according to Experian.  If you don’t want to be one of the 45,000 identities stolen every day in the United States, there are a few simple and affordable ways to protect yourself and your business that we recommend.

3 Simple Ways to Reduce your Risk of Identity Theft

As an individual, there are a few practices that you can put into your daily routine that can drastically reduce your chances of identity theft, credit card fraud, or other forms of cybercrime.  There also some great programs you can put in place so that, if something does happen, you’re protected.

1.  Have Good ‘Data Sanitation’ Practices

Breaking habits like writing down your passwords on sticky notes, using the same password for everything, saving passwords within your browser, or sharing passwords with others is a great place to start.  I know it’s convenient, and I’m guilty of it too, but there are some better alternatives.  Using a password manager, or at minimum a password protected excel document, is a solid place to start.  I also recommend using more complex passwords by thinking in phrases or inserting special characters within words rather than just at the end.  For example, instead of using the name of a pet with some simple numbers or characters as a password (i.e. mollie123!) consider using a phrase that is still easy to remember and integrating characters into it (i.e. My4thPetM0ll!e).  You can also use randomly generated passwords, but you will most likely need to store those somewhere as they’re nearly impossible to remember.

2.  Be Careful about what you’re Putting on the Internet – Especially Social Media

Just like posting vacation announcements and pictures can make your home a target for burglary, posting personal identifiable information can make you target for cybercriminals.  So, avoid posting information about your bank, potential answers to security questions – your mother’s maiden name, street you grew up on, first pet, favorite sports teams or books, etc. – to reduce your risk.   Oh and, this may seem like an obvious one, but it needs to be said, PLEASE don’t post a picture of your cool new image on the background of your credit card.

3. Pay Attention

The last thing you can do to reduce your risk is simply pay attention.  Routinely checking on the transactions of your credit cards, checking accounts and even your credit score, can alert you to any fraudulent activity.  While company’s fraud & theft protection is good, nothing is perfect.  And catching it early can make it much easier to get what was stolen back – whether that’s your money, your credit card information, or even your identity.

Identity Theft Protection & Insurance

We highly recommend investing in some form of identity theft protection or insurance.  There are several great companies out there with comparable services that can help prevent identity theft and help you get what was stolen back should it happen.

I personally use ID Shield, which is an identity protection program that’s offered to us as an employee benefit but can also be purchased on an individual or family level.  Through ID Shield I can monitor things like my passwords, social security & driver’s license numbers, bank accounts, credit score, and credit checks.  It also offers some unique monitoring services like sex offender registrations in your neighborhood, monitoring your social media activity to make sure you’re not putting out personal information, and email alerts should anything change.

One of the reasons we choose ID Shield over a different program for our employees is the unlimited access to consultation, private investigators, and its full service restoration guarantee.  Many comparable programs have a limit set of what they’ll spend to recover your identity, your money, or your accounts.  ID Shield has no such limit and has one of the industry leading identity recovery firms on retainer.

Protecting Your Business’ Data

Things get more complex when we talk about cybertheft exposures from a business perspective.  As a business, you have a responsibility to protect more than just your own personal data.  You’re also responsible for the personal data of your employees, your customers, and your suppliers.  And, unfortunately, many business owners don’t realize just how susceptible they are to this type of crime.  According to HSB Inspection & Insurance Co., 53% of businesses experienced a cyberattack last year alone.  Of those who were attacked, 72% spent between $5,000 and $50,000 to investigate the attack, replace equipment, and deal with the consequences.

Small Businesses = Bigger Targets

Oftentimes, when I bring up cyber liability insurance to a customer, their default response is ‘oh, we’re a small company, no one would target us for cybercrime – we’re not worth their time’.  But in reality, small businesses are being targeted more and more frequently.  According to Small Business Trends, 43% of cyber-attacks committed in 2015 were targeting small businesses.  In 2011, that number was just 18%.  I don’t know about you, but if I were a bank robber, I’d rather rob 10 small banks with minimum security, using minimum effort, with a minimal amount of risk of getting caught, instead of robbing 1 Fort Knox and hoping for a huge payout but taking a big gamble.

The fact is, for most of these cybercriminals, this is a career.  They’re perfectly content with ‘routine’ jobs that give them a decent ROI; which is exactly what small, mom & pop type business are to them.  Small businesses can also act as a back door for cybercriminals to get into larger corporations.  That small business my be a supplier, a customer, or stakeholder in a larger business; so, their data may give them an in.

General Cyber Liability Insurance

When it comes to cyber exposures for businesses, we generally break them down into three major categories.  General Cyber Liability Insurance coverage, typically covers things like identity theft due to crimes such as phishing or ransomware and the first and third-party damages associated with the crimes.  It can also cover the legal costs such as settlement fees associated with any lawsuits that arise from the crime.  But, his can vary from policy to policy.  Be sure to consult your independent agent about the extent of your Cyber Liability Insurance coverage.

Data Breach Coverage

Data Breach coverage, which is often (but not always) built into Cyber Liability Insurance, refers to coverage in response to a breach and theft of data that was in your care.  This is often one that business owners forget about, especially non-retail businesses.  If you have a computer, receive or send payments online, or store any of your employee’s personal data like banking information, health records, or driver’s license & social security numbers, this is the coverage that protects you should any of that be stolen while in your care.

Important variances in data breach policies include whether the cost to notify individuals that their data is potentially at risk is included and whether it’s inside or outside the policy limits.  Also, consider how long it takes for the policy to respond, and what the deductible amount is.  Data Breach and Cyber Liability Insurance don’t typically cover any loss of value to the brand resulting from the breach.  Nor do they typically cover other indirect losses like intellectual properties.

Social Engineering & Misdirected Payment

This is, more often than not, excluded by most Cyber Liability Insurance policies because of how the theft was committed.  Suppose you get an email that looks like it’s from your largest supplier – the headline reads “URGENT: INVOICE PAST DUE”.  When you open it, the email says something similar to ‘the invoice for your recent order is past due.  If payment is not received within X number of days, there will be Y penalty’.  The penalty is often being sent to collections, the business relationship being terminated, or order cancelled, or even a lawsuit.  It will then say, ‘to proceed with online payment, please click HERE’.  The email may even appear to be signed by an individual from that company.

So of course, wanting to salvage the relationship with your major supplier, you click the link.  You’re taken to an online payment site with their logo and you pay them the amount of the invoice.  It could be $5,000, $10,000, or even $50,000.  You submit payment, whew – relationship salvaged.

The problem is, this was a social engineering scam.  You just willfully and intentionally gave way $50,000 of your company’s money.  Your banking information wasn’t stolen, your data wasn’t breached, and they didn’t hack you; you gave it to them.  Now, the email you get may vary – it may not be very threatening at all.  They may not want to draw much attention and are asking for a relatively small sum of money – this way you will be less likely to notice it; you’ll just pay it and go about your day.  This type of con that is often not covered by your Cyber Liability Insurance, because it was an ‘intentional act’.  So, be sure to ask your independent agent about whether social engineering is included in your coverage.

Be Skeptical, Be Safe.

It’s always important to be skeptical any time you get an email asking for payment or to download anything.  Especially if you weren’t expecting an email.  Even if the name on the email looks familiar, ensure that the email address is correct and accurate.  Look out for 1’s instead of L’s, 0’s instead of O’s, and duplicate letters – 2 l’s instead of 1.  Mouse over links before clicking them.  Google the phone numbers provided and see if they’re related to any known fraudulent activities.  They may actually be associated with the company they’re claiming to be.  Better yet, call the number you have for the company or the individual and ask if they sent an invoice.

Some Cyber Liability Insurance policies won’t cover your cyber or social engineering claim if you haven’t done your due diligence.  So a cursory Google search and trying to contact them is a good place to start.  You can never be too safe!

If you have any questions about Cyber Liability Insurance, common online scams, or identity protection, comment below.  Or if you found this blog post helpful, please let us know and share it with one of your friends!  If you’re unsure whether or not you have Identity protection of Cyber Liability Insurance, please don’t hesitate to contact us.  One of our Account Executives will happily sit down and give you a one-on-one consultation.