| |
go
to page 2 (DON'Ts)
DO:
- Understand the value of your own personally-identifiable
information. To anticipate and prevent corporate identity theft,
be aware of the information required to impersonate a company
(incorporation number, business number, bank account numbers,
corporate credit cards, etc). Always think about controlling the
risk: it’s better to be safe than sorry: Once confidential
information is compromised, it can only rarely be recovered.
- Know your rights. Canadian law requires individual
consent for collecting, sharing and managing your personal information.
It also gives you the right to access that information, correct
it and file complaints with the Privacy Commissioner of your province
if you feel you need to.
- Understand that not all attacks on your privacy
and security use technology. The most effective ones are simply
humans asking for information. This is politely called social
engineering.
- Pay closer attention when interacting with large
organizations that collect and traditionally manage large amounts
of personal and client data. Banks and financial institutions,
telecommunications firms, government offices and healthcare facilities.
- Remember that both privacy and security are entirely
dependent on the weakest link. Just because an organization has
a policy in place doesn’t mean anyone follows it or its
staff is even aware of it.
- Pay particular attention when interacting with
smaller organizations that do not visibly disclose their privacy
practices and appear to leave personal records lying around on
desks and in garbage bins.
- Ask about their systems and their incident management
procedures even if you don’t feel you’re an expert.
Explain that you are concerned about identity theft and personal
privacy. The responses to questions about privacy and security
are often interesting. If you’re told that there has never
been any security or a privacy issue, it’s a good indication
that they just don’t monitor these activities and may compromise
your data without even knowing it. Be sure to retain their privacy
officer’s contact information.
- Destroy personally identifiable records, printouts,
bank statements, credit card receipts, offers and cheques before
discarding them. Follow these best practices at work and at home;
corporate identity theft is just as popular as personal identity
theft. Always take your credit card receipts with you, never discard
them in public.
- Check your credit history report at least once
a year with any of the major Canadian credit bureaus responsible
for providing this kind of service for free. Do it all at once
or spread out the reports throughout the year.
- Remember: mail theft is a crime, discarded garbage
is not. Use a lockable mailbox to prevent the theft.
- Avoid using the same password twice. A good password
is easy for you to remember but nearly impossible for anyone else
to guess. Use a password management program if you need to keep
track of numerous passwords or require a random password generator.
Avoid easily identifiable PINs (i.e. date of birth).
- Ensure that your computer is not only free of
viruses but also spyware and key logging software designed to
steal passwords to banking, gambling, auction and other restricted
sites. Once lost, it’s difficult to find out about these
breaches until it’s too late.
- Take note of your surroundings to ensure that
no one is about to steal your belongings or is shoulder surfing
as you’re using your computer, entering codes into a bank
machine, etc. Use a privacy screen and anti-theft device with
your laptop.
- Recognize the signs that you are (or your company
is) a victim of identity theft: you’ve been informed, approved
or declined by a creditor regarding an application for credit
you know nothing about; a collection agency is collecting on an
overdue account you have nothing to do with, you’re missing
pieces of mail such as financial statements; you notice unauthorized
transactions on your bank, credit card or phone statement. Challenge
any such transactions in a timely manner.
- Keep a list of all your credit cards, credit
accounts and bank accounts in a secure place so you can quickly
call the issuers to inform them about missing or stolen cards.
Include account numbers, expiration dates and telephone numbers
of customer service and fraud departments.
 More:
|
|
 |
