The FTC estimates that as many as 9 million Americans have their identities stolen each year, leading to over $56.6 billion in costs. According to the Better Business Bureau, the average amount lost to fraud per case has increased from $5,249 in 2003 to $6,383 in 2006. If you are a business that extends credit to customers and do not comply with the Red Flag Rules a civil penalty ca be up to $2,500 per violation to be enforced by the FTC. The FTC will enforce the Red Flag Rules based on consumer complaints.
What you can do to comply:
- Keep customers sensitive personal information secure.
- Take stock – what personal information do you have in your files and computer.
- Clean out and throw away any outdated or personal information on customers that you no longer need – buy a shredder.
- Write a plan that is easy to follow and that will help you to respond to any security incidents.
- Require employees to log out in computer programs that have personal customer information, after they are done accessing that information.
- Use only one computer to store personal customer information and limit access to it.
- Keep up to date on alerts and vulnerabilities to your computer by visiting www.sans.org.
- Never give out any personal customer information over the phone or in emails.
- Change computer passwords frequently
- Train employees, visit www.ftc.gov/infosecurity for a tutorial or www.OnGuardOnline.gov
- If you outsource any business functions- investigate that companies data security policies and practices and compare them to yours, visit their facilities if possible.
