Insider identity theft can be most damaging

• Tweet

November 6th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Company networks are like candy bars, hard on the outside, soft and chewy on the inside.

Earlier this week, an IT employee was indicted for stealing the identities of 150 of his coworkers at Bank of New York Mellon, to the tune of 1.1 million bucks. He bilked almost $140,000 a year over an eight year period by compromising the online bank accounts of numerous employees and wiring money to fraudulent accounts outside the bank.

This is a classic case of the fox watching the hen house. This guy was an insider terrorist, looking his colleagues straight in the eye and lying to them. I rank him with pedophiles and serial killers.

As much as 70% of all identity theft is committed by someone with inside access to organizations such as corporations, banks, or government agencies, or by someone who has an existing relationship with the victim. People with access to sensitive personal data are most likely to commit identity theft. For many, it's just too easy not to.

An identity thief begins by acquiring a target's personal identifying information: name, Social Security number, birth date and address, account information etc. If the thief has regular access to a database, this data is right there for the taking. Many credit applications and online accounts request current and previous addresses. So the thief fills out the victim's current address as "previous" and plugs in a new address, usually a P.O. box or the thief's own address, where the new credit card or statement will be sent. I'm amazed that a lender or credit card company can be careless enough to send a new credit card to a relatively anonymous P.O. box. The lender just checks the victim's credit and, since everything matches, no red flags pop up. The card is issued, the account is opened and the fun begins.

In the Bank of New York Mellon case, investigators found dozens of bank and credit statements in the names of the victims at the thief's home address.

Think for a moment about your house or apartment, and how you might break in if you lost your keys. If a burglar knew what you know about where you hide and store your stuff, how much damage could he do? Insiders pose the same problem. They know the ins and outs of all systems in place, and can wreak havoc on your operation as long as they are employed, and sometimes even after they are let go.

The problems begin when we are forced to trust people with complete access in order to allow them to perform their required duties. Ultimately, this is a people problem and needs to be addressed as such.

It is human nature to trust each other. We are raised to be civil towards one another and to respect those in authoritative positions. It takes a significant amount of trust in your fellow human beings to drive down the street while cars are heading toward you, separated only by a thin painted line. Without trust, we couldn't get out of bed in the morning.

To protect your business and your data, limit sources as much as possible. Minimize the personnel with access to essential systems. Supervise the supervisors. Even your good apples can eventually go bad, so limit access, even for those who are in a trusted position. And require checks and balances, with multiple layers of authorization. If one person is always watching over another person's shoulder, bad apples can't hide or execute scams. Perform due diligence. In the information age, our lives are an open book. Background checks from information brokers are crucial. Failing to do background checks increases your liability. Someone who has been previously convicted of a crime just might do it again. And if a breach of trust does occur, prosecute the guilty. Make an example that other's won't forget. Public hangings are a strong deterrent.

When it comes to protecting your own identity, get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses identity theft on Fox News.

[youtube]http://www.youtube.com/watch?v=ZIC57kbD_W8[/youtube]

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.