In the past year, confidential client data has been stolen or illegally accessed at several Santa Cruz County businesses and health care provider offices, highlighting the need for businesses to play a heightened role in protecting data, according to data security specialists and local law enforcement officers.
In addition to personal data theft cases, which are reported daily to the Santa Cruz County Sheriff’s Office, recent cases include data theft at Safe Harbor Med Evaluations, the Santa Cruz County chapter of the American Red Cross and the offices of local accountants.
“There have been a number of cases in the last 12 months,” said Jim Hart, investigations commander at the county Sheriff’s Office. “We’re seeing CPA’s offices being burglarized and confidential client information being stolen. They’re not random break-ins. You can imagine, on tax documents, everything about you is on those documents.”
Technology-savvy thieves have been using pocket-size data scanners that steal information from establishments using credit cards and wireless systems that can poach data from a distance. Even the Sheriff’s Office was the victim of identity theft not that long ago, noted Sgt. Dan Campos, recalling the 2006 arrest of a convicted felon who, upon his release from jail was issued a check for the cash in his possession at the time his original arrest. The man went on to lift data from the county-issued check he received and made himself a set of new checks on the county’s account. He was subsequently arrested, along with several others.
“If somebody wants to commit check fraud they can,” Campos said. “It’s not that complicated to commit identity theft.”
There are so many ways to steal the growing amounts of private data being used in everyday transactions that it is impossible to completely protect oneself or one’s business, but there are simple things businesses can do, according to Tracy Lund, a data security specialist in Aptos, who helps businesses assess, implement and document security measures.
“About 85 percent of small businesses that suffer data breaches suffer from things that were easy things to fix,” Lund said. Most of the time, businesses suffer data loss related to lost or stolen laptops or problems with employees — either malfeasance or incompetence, Lund said. Simple things — such as training employees to spot red flags, like a new customer address or a sudden change in how a regular customer pays for things — can make a big difference.
Many companies still don’t have core elements in place ,such as an Internet firewall or a secure wireless network, said Gary Herman, president of Jabico Enterprises in Santa Cruz.
“They’re just not aware of how great a risk they’re taking by not being compliant with PCI payment card industry standard requirements and no one is monitoring the Internet traffic going in and out and looking for potential problems,” he said.
If businesses wait until they discover a problem and are found to not have been meeting industry standards, they may be held liable for losses incurred and end up paying far more in the end, he said.
Alan Smith, a Scotts Valley-based business consultant who specializes in identity theft risk management, knows intimately the challenge of repairing credit damage caused by identity theft. About six years ago, he discovered someone had drained about $1,600 from a bank account, opened several store credit accounts and gave him a new wife named Brandy Summers before he figured out what had happened.
“Apparently these crooks went into a Southern California branch and proved they were me,” he said. “The bank gave them an ATM card. I think they added a wife. There’s a Brandy Summers on my credit report. That’s not my wife’s name.”
Santa Cruz County Sheriff Detective Sgt. Frank Gombos is the guest speaker at “Protecting Your Business Against the Single Greatest Threat of the 21st Century,” a workshop sponsored by Tracy Lund and Alan Smith on identity theft and data security. The workshop will be held at 7 p.m. July 29 at the Satellite Telework Center, 6265 Highway 9, Felton.
Is your company keeping information secure?
Are you taking steps to protect personal information? Safeguarding sensitive data in your files and on your computers is just plain good business. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft. A sound data security plan is built on five key principles:
•Take stock. Know what personal information you have in your files and on your computers.
•Scale down. Keep only what you need for your business.
•Lock it. Protect the information in your care.
•Pitch it. Properly dispose of what you no longer need.
•Plan ahead. Create a plan to respond to security incidents.
Source: From the Federal Trade Commission Website for Business Security: http://www.ftc.gov/infosecurity
This article first appeared here.