Should You Proactively Freeze Your Credit Report?

03/08/16
T&I Information Security Office

The credit-monitoring services offered to data-breach victims and other concerned consumers do nothing to prevent identity theft; they only detect certain types of fraud after it has occurred.

That’s why some experts, including the U.S. PIRG consumer group, are advising more proactive use of the security freeze, also known as a credit freeze.  A PIRG report explains that the freeze is the only security measure that can prevent new account identity theft.

How it works
A security freeze works by preventing a consumer’s credit report from being shared with potential new creditors, such as banks or credit card companies.  Most creditors will simply not issue credit if they cannot see the applicant’s credit report or score derived from it. 

  • While it may sound odd, some experts are advising consumers to place security freezes with the three major national credit bureaus until they want to apply for credit, at which time they can unfreeze or “thaw” their reports.

  • The PIRG report does the following:

  • Explains the best steps you can take against new-account financial identity theft.

  • Outlines the process of freezing and temporarily unfreezing reports when you need new credit.

  • Warns consumers about “phishing” and social engineering schemes used by thieves trying to obtain more information from breach victims, or any consumer, to enable more complex forms of identity theft.

  • Warns of newer types of identity theft and additional harms enabled by breaches of health insurance companies (theft of medical services), the IRS (theft of tax refunds), and the Office of Personnel Management (new account identity theft and reputational harm).

    So are you a candidate for a security freeze?  Perhaps, especially if your identity has been compromised fairly recently and you fear criminals will continue to commit fraud using your personal information.

NewsBytes

Average Business Faces 9 Insider Threats Each Month
Almost 90% of organizations experience at least one insider threat each month, a new report by Skyhigh Networks says.  The report also says 56% of organizations experience unusual behavior by privileged users, such as administrators accessing data they should not, each month.  The average business experiences 9.3 insider threats each month. Slightly more than half of enterprises experience account compromises each month, the report adds.  Many business-critical cloud services support multi-factor authentication, and companies can reduce their exposure by enabling this feature.

ISIS OPSEC Manual Used to Train Recruits on Cybersecurity
Recently, many Twitter accounts were tweeting about an ISIS OPSEC manual describing the terrorist group's cybersecurity practices.  The document details various techniques recommended by the group to its new recruits.  While initially experts thought the ISIS OPSEC manual was uncovered by a recent hacking campaign, it seems that the U.S. military has known and studied the document for some time. The Combating Terrorism Center at West Point came upon the document last year, and they say that a Kuwait security firm wrote it to help journalists and political dissidents living in Gaza.

Research Shows Workers Spy on Corporate Systems if They Can
A recent study examined how one financial institution's employees behaved on the corporate network over a six-month period.  Some of that behavior included accessing sensitive company information.  Researchers found that the workers snooped where they shouldn't have. The group studied almost half a year of behavioral logs supplied by a financial institution and looked for vulnerabilities that could be exploited by spies and criminals, as well as those who could jeopardize a company through negligence.  They found that employees were able to look around where they shouldn't have.  The researchers don't say how many cases of snooping they found, but that "employees were able to access information that should have been off-limits."

The above notice is archived content and may contain information that is no longer valid. This includes URL's that were valid when originally published, but may now link to sites or pages that no longer exist.