Mark Pribish

Employee Training Critical Data Breach Preparedness Step

By Mark Pribish
Vice President and ID Theft Practice Leader

I just returned from the Risk and Insurance Management Society (RIMS) annual conference in Philadelphia, where some of the leading insurance and risk management professionals talked about current and future data breach risk management trends and challenges.

A common theme among many of the speakers and risk managers in attendance was how poor communication, the lack of leadership and lack of board oversight were barriers to effective employee education on information security governance and data breach incident response.

For years I have spoken publicly about the need for small business owners, senior executives and board members of larger businesses to get involved in cybersecurity and data-breach risk management as employee and customer information, along with intellectual property, are targets for identity thieves and cyber criminals.

I find it difficult to understand – after all the headline news about identity theft and data breaches – that organizations ranging from small businesses to Fortune 500 companies still do not have the appropriate programs and processes in place to manage employee education and data-breach response.

While at the RIMS conference, nearly half of the risk managers I talked to said their organizations lacked regularly scheduled employee training on information security governance.

So what is information security governance?

Information security governance has many definitions but for the sake of this article it is the creation of an information security strategy within an organization’s governance framework that can support the detection, prevention of, and response to identity theft and data breach events.

A major aspect in protecting your company is ensuring your employees receive regular and up to date information about safeguarding employee and customer information along with helping keep computers and networks safe.

An organization succeeds in detection, prevention and response by proper planning. Proper planning before an incident will greatly reduce the risks of an attack and greatly increase the capabilities of a timely and effective detection and response if an attack occurs.

The best security technology in the world will not help an organization unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources. This will involve putting practices and policies in place that promote security and training employees to be able to identify and avoid risks.

Also, the goal of an awareness program is not merely to educate employees on potential security threats and what they can do to prevent them. A larger goal should be to change the culture of an organization to focus on the importance of security and get buy-in from end users to serve as an added layer of defense against security threats.

Once you have buy-in from employees, your focus can turn to ensuring they get the necessary information they need to secure your business. An effective security awareness program should include education on specific threat types, including but not limited to:

  • Social engineering
  • Phishing/Vishing/Mishing
  • Password Management
  • Malware/Trojans/Viruses

Finally, negligent and malicious insiders are considered the biggest security risks to any size organization. Small business owners and senior executives should be more concerned about the threat within, than with external risks caused by cyber criminals.

As you develop your organization’s employee education program on information security, you will also enhance your incident response plan.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


SCAM ALERT: Collection Call Cons Takes New Twist

April 07, 2017

Scam artists continue to place a new twist on cons

Some scams just don’t quit! Debt collection cons are one of the most prevalent scams, often there’s a new twist. This time, scammers are scaring victims into paying by claiming to have filed a "civil complaint" against them.

How the Scam Works:

You receive a call from someone claiming to be collecting money for an overdue payment. This "collection agent" informs you that a civil complaint was filed against you. Con artists do a great job of making this seem real. The scammer may provide specific details, such as the amount of the debt, the complaint case number and a phone number where you can follow up. As convincing as the information seems, it’s all phony.

If you call the number, another "agent" will claim that the company tried to contact you about the debt. Now, to avoid a pending lawsuit, you need to pay immediately. To do so, you need to make a wire transfer or load a prepaid debit card with the funds immediately.

Don’t do it! No matter how intimidating the threats seem, these phony collection agents don't have any legal power. In most cases, the debt doesn't even exist.

Protect Yourself from Debt Collector Cons:

To keep yourself protected against debt collector scams know your rights.

  • Just hang up: If you don't have any outstanding loans, hang up. Don't press any numbers or speak to an "agent."
  • Ask the debt collector to provide official "validation notice" of the debt: In the US and most of Canada, debt collectors are required by law to provide the information in writing. The notice must include the amount of the debt, the name of the creditor and a statement of your rights. If the self-proclaimed collector won't provide the information, hang up.
  • Ask the caller for his/her name, company, street address, and telephone number: Then, confirm that the collection agency is real.
  • Do not provide or confirm bank account, credit card or other personal information: over the phone until you have verified the call.
  • Check your credit report: In the US, check with one of the three national credit reporting companies (Equifax, TransUnion, Experian). In Canada, check with Equifax Canada. This will help you determine if you have outstanding debts or if there has been suspicious activity.
  • Place a fraud alert on your credit report: If the scammer has personal information, place a fraud alert with the three national credit reporting companies.

For More Information:

Check out this article from the Federal Trade Commission (FTC) about dealing with fake debt collectors. See other Scam Alert coverage of debt collection scams, here.

Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/

To find out more about other scams, check out BBB Scam Stopper (bbb.org/scamstopper). To report a scam, go to BBB Scam Tracker (bbb.org/scamtracker).

If you believe your identity has been stolen, call 866.SMART68 today.