For so many business owners, the line between their own identity and that of their business is, at best, blurred. So when it comes to protecting themselves from identity theft, they have twice as much to lose. And if you think shredding your credit card statements and locking your Social Security card in your home safe is doing enough, you don't know Mitnick.
Todd Davis, CEO of LifeLock, has created a successful business of his own by helping protect people from identity thieves. Former hacker Kevin Mitnick, after years spent giving people good reason to want that protection, has teamed with Davis to help consumers and business owners better understand identity theft and how to prevent it.
"The biggest challenge for business owners is that many times, they build their company's credit on the back of their own," Davis says. "People don't know the company, so typically the business owner is working off that personal credit to start out with. It's critical that they keep that good credit, and if they become a victim of identity theft personally, it can have a negative impact not just on their personal life, which is horrific enough because it can take hundreds of hours to clean up, but now you're talking about your business not being able to get the credit it needs to operate and to fund growth. In some cases, it can wipe out both the personal credit and the business and then you're really in a catastrophic state."
Davis, who's become known for freely giving out his Social Security number in his business's ads, says that small-business owners have to be vigilant on two fronts when it comes to fighting identity theft. First, they need to protect their own personal information and that of their company's key executives. Then they have to make sure to safeguard any information collected from customers or clients. He says too many consumers, rather than take steps on the front end to prevent fraud, rely on monitoring their credit through the major credit bureaus, looking for smoke when they've already been burned.
"The much better approach is to go after a preventative solution," Davis says. "At LifeLock, we go out and place these fraud alerts with the major credit bureaus. So even if your information falls into the hands of a criminal, when they go out to turn it into money, they get turned away. It's not about detection after the fact--it's about preventing the crime before it occurs."
Although he attributes a large part of modern identity theft cases to a financial system he says is broken and fails to take the necessary steps to prevent fraud, Mitnick agrees that business owners should do the best they can to protect themselves before the fact. But he also says that many people are misinformed when it comes to the steps they take.
"A lot of folks recommend you shred your credit card statements before throwing anything into the trash," he says. "That's important to do, but it's not the typical way identity thieves are getting the information. The chances of being individually targeted like that are a lot less than having a (retail store) hacked into. Most of the bad guys are interested in getting a big pool of potential victims rather than a select group of people, unless those people are very influential. At the end of the day, there are so many organizations that have our information, it's out of our control."
While technology has certainly given hackers a leg up in the identity theft battles -- they use everything from modified credit card readers to Bluetooth to steal personal information -- Mitnick insists that their favorite weapon is still manipulation of human nature. Known to hackers and social scientists alike as social engineering, it's the practice of gaining people's trust to the point where you don't have to steal their identity at all -- they give it to you.
"The system is so broken and we need to fix it," he says. "It's all knowledge-based, so the attacker just has to get this knowledge."
Davis has a reason to be pessimistic when it comes to preventing fraud altogether -- someone recently tried to buy a car in his name -- but he and Mitnick agree there are certain things business owners can do to make life at least a little harder for hackers.
1. Protect your credit card and bank statements. Mitnick explains that while most people worry more about having their credit card accounts stolen, their bank accounts are cause for more concern. Fraudulent credit card transactions are easily reversed and accounts easily canceled. He says identity thieves often send business owners a small check in the mail, and when the business owners deposit the checks without thinking twice, their canceled checks delivers their bank account numbers to the hacker on a silver platter. Other hackers will manipulate caller ID software to make potential marks believe they're receiving a call from their bank branch.
2. Don't disclose information over the telephone. Beware of anyone asking out-of-the-ordinary questions over the phone and, unless you're the one making the call, never give out sensitive information. Mitnick says hackers will often pose as credit card companies offering a fabulous -- and limited-time -- offer. "People will do more to avoid a loss than to realize a gain, so that's an influence factor a fraudster can use to get someone to cooperate."
3. Educate employees not to disclose customer information. This goes along with being careful over the phone when it comes to talking about personal information. Mitnick says identity thieves will often call businesses posing as customers and then ask for account or other sensitive information.
4. Encrypt your wireless network. It may seem obvious, but Davis says a hacker ring recently compromised 40 million people's information by driving around with laptops and hacking into businesses' wireless networks. Take the extra steps and set up a Web key to limit access.
5. Beef up your physical security. Again, it sounds simple, but all the tech savvy in the world won't help you if someone can waltz into your office and steal computers and hard-copy files. If it were so obvious, experts wouldn't have to warn against it. Is your security stringent enough?
In case this isn't scary enough, Mitnick says there are other forms of identity theft that most people never even consider, which is just as well, given that there's no way to prevent them. He says a hacker armed with people's personal information can even file false tax returns in their names and collect refunds, something he says the IRS is woefully underprepared to combat. While nothing is fool-proof, more pedestrian hackers can be repelled with a healthy dose of forethought. And, as Davis points out, it certainly beats the alternative.
"If someone breaks into your car and steals your car, they sell it one time to the chop shop, make their money and it's over," he says. "The problem with our personal information is that once they steal it, once it's been sold, it's very hard to go in and change your Social Security number. Most people don't want to change their name. You can't change your birth date. These are things we're stuck with our entire life, and if they're in the wrong hands, you've got to worry about someone 10 years from now showing up and trying to compromise you again."