As if 2020 wasn't bad enough, we enter 2021 with another looming danger that continues to expand and wreak havoc in millions of peoples’ lives. It's the 'Cyber-demic,' a cyber-warfare that's spreading like we haven't seen before, caused by hackers who are leveraging COVID-19 to steal, sell, and damage personal identities. Even more unsettling is that, unlike the pandemic, there's no vaccine to slow down these attacks that are rapidly spreading and will continue to haunt individuals and businesses alike.
A detailed article about the 2021 Experian Data Breach forecast paints a grim picture of what's yet to come:
Without any warnings, your small business clients could face significant risks on several fronts.
As Covid-19 continues to make the news, the vaccine rollout will present opportunities for criminals to prey on many Americans' fears, confusion, and misinformation. The advent of “contract tracing” organizations is creating new avenues for criminals to steal your client’s personal health information (PHI), or perhaps the thieves will pretend to be contract tracers to maximize the information they can steal. Health records continue to be the most valuable data to resell on the black market, which opens nearly everyone up to vicious attacks of all kinds.
With Covid-19 protocols requiring more and more people to set up Home Working environments and the 5G Networks' evolution, cyber-hackers have innumerable opportunities for attacks. These technological hacking geniuses know all the vulnerabilities of Home Networking. The extensive connectivity of 5G technology makes your clients’ employees all more vulnerable to being caught off guard. According to the 2021 Experian Data Breach Industry Forecast, with the technological control of a business' security and other devices, criminals will more regularly hold a business hostage in exchange for ransom, valuable information, or just for the potential fame.
Add to all of this the fundamental uncertainty of day-to-day restrictions and potential mandates on the public, and it is easy to understand that your clients are wondering how to best protect their lives, their businesses, and their assets.
Have you considered new ways to generate revenue that will expand your clients' trust in the services you provide to them? You can protect your small business clients with new services that include robust protective monitoring and ID theft and fraud recovery. This monitoring can include Dark Web monitoring to alert businesses and individuals when their non-financial data (i.e. PHI) is being attacked or used against them. These kinds of services are available, and several components can extend to their employees’ families. Bringing these enhanced services goes a long way to increase client loyalty while helping you generate additional revenue.
Yes, the vulnerabilities of data breaches are ever-present for today’s businesses, and fraud is getting worse all the time. Why not heed the "cyber-demic" warnings of the 2021 Data Breach Industry report and use this as an opportunity to show your clients you care by providing them with an invaluable service that they can’t afford to go without?
We are facing an unprecedented time in our lives with the coronavirus upon us and people taking every imaginable precaution to “be safe” and survive the aftermath. With the wave of fear going on, it might be a great opportunity for I-Sigma members to look at the financial aspects of this unprecedented time and determine what other ways that your customers could be supported.
With data breach and ID theft related issues becoming a major concern for the medical industry, it may be prudent for your business to look for stronger ways to protect these clients. Criminals know that businesses in general, especially healthcare operations, are extremely distracted by the news and how to survive the fallout.
Your clients might really appreciate a gesture of added protection and concern from you at this time….anything positive could solidify a relationship. Although you can’t provide a medical solution, you can provide enhanced protection against the threats of a data breach, fraud, or ID theft, plus provide increased client awareness to be on guard.
The coronavirus scams are already in full swing by criminals. We should expect it to only get worse as people continue to get bombarded with every imaginable negative news associated with this pandemic…driving up fear and uncertainty. Significant distractions that criminals prey upon.
There are a wide variety of solutions out on the market that incorporate business protection against data breach events, which could give clients the ultimate safety net against criminal fraud & ID theft attacks. If nothing else, incorporating these kinds of services signifies to clients the intent to be protective in whatever means possible….and help calm fears. It might even be practical to provide these services at no cost to clients for an extended period of time, thus showing a sensitivity to the economic effects of all of this as well.
These unprecedented times call for unprecedented action and I-Sigma members have a powerful voice with their clients to guide them and offer a positive message of breach protection and safety while they are dealing with all the other dangers at the same time. Any kind of positive news at this time could be received by your clients in the most significant way and remind them how you’re ready to go above and beyond to enhance their business when times are tough.
Synthetic Identity Fraud is the fastest growing type of identity theft that is affecting auto dealers. It’s a type of fraud in which a criminal uses fake information, sometimes combined with real (usually stolen) data, to create a fictitious identity. A Credit Profile Number (CPN) is essentially a synthetic social security number, which is often used to create a fake identity. These made-up identities are established for the sole purpose of deceiving creditors to borrow money and open accounts.
Due to the new chip cards, fraudsters are no longer as successful at counterfeiting credit cards, so they have targeted fraudulent auto loans at a higher rate, which impact auto dealers. It can be easy for auto dealerships to fall prey to synthetic identity theft since much of the information criminals provide them with is legitimate. According to TransUnion, the outstanding balance on auto loans linked to suspected synthetic identity fraud more than tripled from 2012 to 2017.
How “Phantom Borrowers” Threaten the Auto Industry:
One of the reasons that more criminals are using the synthetic identity scam is because lenders have gotten better at protecting against traditional identity theft, which often involves using stolen data about real consumers. When bypassing actual consumers, scammers send fewer “red flags.”
How a “Phantom Borrower” is Born:
Synthetic identity fraud exploits a weakness in America’s consumer-credit system. Lenders often consider a loan applicant legitimate if the applicant has a credit report at one of the three credit bureaus. But a new “credit file”— essentially a precursor to a credit report—often gets created when someone simply applies, even if the loan gets denied. If one lender approves a loan for the fictitious individual, that information can make the file a full-fledged credit report.
TransUnion and Experian say it is difficult to distinguish between a “phantom borrower” and a real borrower who’s applying for credit for the first time and has identifying information that isn’t on file.
The Real Cost of Synthetic ID Fraud to Dealers:
Synthetic identity fraud can cost a dealership greatly. Synthetic identity enables people who normally wouldn’t qualify for credit to purchase a car, which results in the dealership writing off the fraudulent amount and suffering operational expenses on the backend with the creditor. The balance of auto loans generated by suspected synthetic identities was more than $504 million in the fourth quarter of 2017.
In the event of a breach, the dealer’s “good” customers are also at risk since their information becomes prey to synthetic identity fraudsters. In fact, 33% of consumers lack confidence in the security of their personal and financial data when buying a vehicle at a dealership.
What Auto Dealers Can Do to Reduce Their Risk:
Dealers need processes and programs that protect themselves and help keep their customers safe from the fraudsters that are waiting for opportunities to attack.Synthetic identity can cost a dealership thousands of dollars and numerous unrecoverable hours. Protecting your dealership from becoming a victim of synthetic identity fraud and/or breach requires strong security and recovery programs.
Having greater cybersecurity preparedness needs to be the top priority for auto dealers. This will help dealerships avoid becoming victims of synthetic identity fraud, as well as will create the basis for the ultimate response to any data breach or identity theft when it happens.
"The New ID Theft: Thousands of Credit Applicants Who Don’t Exist”WSJ, 6 March. 2018, https://www.wsj.com/articles/the-new-id-theft-thousands-of-credit-applicants-who-dont-exist-1520350404.
“Balance of auto loans linked to synthetic fraud soars” Automotive News, 7 May 2018, http://www.autonews.com/article/20180307/FINANCE_AND_INSURANCE/180309580/balance-of-auto-loans-linked-to-synthetic-fraud-soars
“Dealers vulnerable to hackers, survey warns” Automotive News, 20 June 2016 http://www.autonews.com/article/20160620/OEM06/306209973/dealers-vulnerable-to-hackers-survey-warns
In light of last September’s Equifax data breach event – along with new proposed cybersecurity legislation – the document destruction business sector has an opportunity to enhance their cybersecurity best practices and create new, recurring revenue by offering breach response services to its business accounts.
Here are four lessons learned from the Equifax breach that can support your document destruction clients:
Lesson #1 “the Equifax Affect,” where a company such as Equifax, with more financial and IT resources than most companies in the US, cannot prevent a data breach event from ever happening.
In Equifax's case, their data breach event affected 145 million U.S. consumers where information breached included names, Social Security numbers, birth dates, addresses and, in some instances, driver's licenses numbers.
Lesson #2 “response and recovery,” where Equifax failed in multiple ways to respond in a timely and responsible manner. First, and with irony, the Equifax breach happened because the company failed to fix a software flaw that federal officials had warned about months before. But to make matters worse, Equifax waited nearly six weeks to notify the public after learning of the hacking event.
When this crisis happened, Equifax’s failed management response resulted in its chief information officer and chief security officer “stepping down” and its CEO “retiring.”
Lesson #3 “the future of cybersecurity laws” could include the potential for criminal action for officers and board members of any size organization. CSOonline.com released an article titled The year ahead in cybersecurity law, where CSO states that “major legal cases and proposed state and federal legislation will shape how companies respond to and attempt to mitigate cybersecurity and data privacy risks.”
Lesson #4 “industry best practices should include response and recovery” as Risk and Insurance Magazine highlights in this article titled Cyber Threat Will Get More Difficult, where General Michael Hayden, former head of the Central Intelligence Agency and National Security Agency, and current principal at the security consultant the Chertoff Group, stated that “companies should focus on response, resiliency and recovery when it comes to cyber risks.”
According to Hayden, “companies are focusing on the vulnerability aspect, and responding by building high walls and deep moats to keep attackers out.” He said “If you do that successfully, it will prevent 80 percent of the attackers.”
“But that still leaves 20 percent vulnerability, so companies need to focus on the consequences: It’s about response, resiliency and recovery,” said Hayden.
In an era of growing data breaches, businesses that partner to offer data breach response services, can differentiate themselves, helping to attract and retain customers, while incrementally growing revenue.
All businesses need strong document management policies - and strong document destruction companies need strong data breach response partners to support their business clients.
Request a WebEx by Vero to learn about unique solutions to enhance your cybersecurity best practices and create new, recurring revenue by offering breach response services to your business accounts.
Jim McCabe is the SVP, Identity Theft Solutions for Vero, LLC. He has developed his subject matter expertise in ID theft & data breach solutions and has contributed to industry publications and blog sites, while consistently speaking for conferences and webinars to foster awareness and education of best practices.