Home Blog Page 3

Who should handle Physical Security? The Security Team? Building Operations?

0

Today we are going to briefly discuss politics. Don’t worry, I won’t ask you to show me your NRA membership card, or to discuss why the Democrats are running the country into the ground or why the Republicans only care about $ and helping the rich. Most Americans have become largely desensitized to these type of debates, as year after year, election after election, we seem to be getting the same old, same old from both sides of the aisle.

Here we will delve into the exciting world of Office Politics. Most companies, weather large or small are at least to some extent political in nature. Since the Security of a company is so important, it should come as no surprise that the Security Team, especially at the Executive or root level is also political.

Who should handle Physical Security? The Security Team? Building Operations? This is one of those areas where internal politics plays a role. Frankly from a pure security perspective it would be best, in my opinion, there are other opinions which are just as valid, for the security team to also handle physical security. If the Cyber Security Team also handles Physical Security ultimately, we will control all the security of the company so that you will have consistency in the decisions made as the management of both teams will be the same and you will have accountability at a single point.

Most if not all Security Teams I have worked on however are severely understaffed. So, in fact as a matter of practicality they will try to shift this over to the Building Operations Team to handle, as they more closely work with building facilities in terms of issuing access badges, fixing doors when they break, troubleshooting with the vendor the biometrics system, etc.

At the end of the day Information Security Professionals want what’s best for the company and any decision is fine if the role of each team is clearly defined, and it’s made clear by upper management what the responsibilities and accountabilities are for each key team member.

 

Some examples of Physical Security Controls

0

Today we will talk about specific examples of some Physical Security Controls. We will focus on Perimeter access to a facility-Preventive and Deterrent Controls, controlling access once someone is inside a facility, surveillance-Detective and Preventive Controls.

Let’s start with Perimeter Access, this is a preventive and deterrent controls. Some examples are a guard gate, someone must either swipe an access card, or in a high security facility physically present identification to a security guard, and if on an approved list allowed to enter the grounds of the facility.

It gets more exciting, you can have high powered lights at night, guards patrolling the grounds both inside and at the outside gates, guard dogs. Remember to clear any obstruction from the front of the building so that no one can sneak in unperceived to the entrance, cut all trees and remove any debris from the front of the facility. You could then have bollards 10 feet in front of the entrance of the building to prevent someone from ramming a car or truck into the building. These are Preventive and Deterrent Controls.

Preventive because they can prevent a break in or physical breach to a facility and deterrent because if someone sees all the security they will think, hopefully 10 or 20 times before trying to break in and hopefully after putting much or a little thought into the matter, it all depends on how brazen they are, they may discard the idea altogether thinking it’s too much trouble and the risk of getting caught is too high, it’s better focus on some easy pickings.

The cameras are a detective and preventive control and added an extra layer of security. They are preventive because again, a would-be assailant is going to probably think a few times over before breaking in to a facility with heavy surveillance especially if they also have all the other controls mentioned above. It’s a detective control because if someone were to break in you would know who did it and open an investigation and question and/or apprehend the culprit.

Once someone is inside a facility it gets trickier if it’s a standard corporate environment. The reason being is that once someone is physically inside they are assumed to have permitted access to the facility hence they are trustworthy. As an employee or a Security Professional though never be shy to challenge someone and ask them for their badge if your company requires employee badges. Just say something like, I have not met you before, can you please show me your badge? Especially if they are in your area of work and they are unfamiliar to you.

If you see someone casing or observing key sensitive areas like the managers or executive’s offices or the server room or acting suspiciously, especially if they don’t usually have permission to be in those places, keep an eye out or challenge them, you may say something like, John, I know that you work in accounting, is there some reason you are standing by the server room, I am just curious and I want to make sure that if you need something maybe I can help. Be polite as they are most likely fellow employees but do your job. Keep the company safe.

Cameras are good for preventing some of these types of behaviors but also challenging employees is important. Have strong locks on doors and controlled access. Don’t leave key areas unlocked or with the door opened. If it is a very sensitive area access should be registered and controlled with a badge, and if very secure have guards patrolling the area.

I once worked in a very secure facility that had all the controls mentioned and even once inside you had your bags checked upon entering, you were not permitted to bring your cell phones in certain areas, and had to present your ID and get checked in or cleared upon entering and to swipe your badge several times through multiple access points before you even arrived at your desk, and the guards were always patrolling.

Physical Security Controls are critical to protecting the cyber and other assets of your organization and they complement the cyber security technical controls. Simply put, without physical security you have no security.

Protecting your Documents

0

There are key documentation and paper work you will want to protect.  Let’s be honest, your home is not as secure as you would like to believe.  There are people that come into your home for different reasons.  There is also the possibility of natural disasters.  Time and time again, I meet people that have lost everything in a fire or flooding.  This is a painful process to go through but here is how you can be prepared.

Label your assets into 3 buckets.  What is replaceable?  What is hard to replace? What can’t I replace?  This may sound simple but it is harder than you would think once you sit down and go through it.  We will start with the simple items.

Items that fall under the “What is replaceable” bucket are things like your furniture, electronics, decorations and clothing.  This is where homeowner’s insurance comes in.  Getting coverage for your replaceable items is a good idea in some cases.  Think about how long it took you to acquire your possessions.  How much would it cost you to go out and replace them?  If you could replace everything with 1-6 months’ salary, it might not make sense to get insurance for those possessions.  If it would take longer than that, you will need to ask yourself how long will it take and look to see if it is worth it to you.  If the answer is yes, go with the insurance that does not require you to have receipts.  Chances are you will not have them to show your insurance company if you need to.

Items that will fall under “What is hard to replace” are birth certificates, social security cards and passports but they are not the easiest things to replace.  If you find yourself between jobs and you cannot find your social security card or passport, you will not be able to get the job.  I recommend placing them in a safety deposit box.  You are not going to need those items on a regular bases and you will always know where to find them.  It is a small investment in your sanity.

Here is where it gets complicated.  Items that fall under “What can’t I replace” are family pictures, jewelry passed down through the generations, things your kid’s have given you and many other items that you have some type of sentimental value.  Those irreplaceable items need to be in a safer place.  The problem with that is you will pay a lot if you are not careful.  Some people put their photos and kid’s art work in a larger safety deposit box.  I will keep them around the house as those things do not have value to thieves but I will scan them and store them in the cloud.  This way I will have a digital copy of them which is a good compromise that I can live with.  It will always come down to what you can live with.  It is best if you are prepared for what could happen.

 

Important paperwork which you want to protect, should go into your safety deposit box.  Once you are ready to throw the paperwork away, make sure you shred it with other nonessential paper for.  This will make it harder to put it all together.  Once you have it all shredded, take the large pile and divide it into 4 piles.  Place each pile in its own garbage bag.  You will throw away 1 bag a week for 4 weeks.  This way if someone is looking for something, it will take them a long time.  You can also take one bag and throw it away at work or in a friend’s garage.  This will discourage anyone who was trying to steal information from you.

What is Physical Security? Why is it so important? How does it affect Cyber security?

0

What is Physical Security? Why is it so important? How does it affect Cyber security?

Physical Security involves the protection of physical assets from a loss of Confidentiality, Integrity, Availability-the CIA Triad. It deals with the physical protection of access to assets and exposure to harm.

Let’s start with Confidentiality the 1st of the three pillars of the CIA Triad which is the goal of all Security. We have all heard in the news recently the publication of the Panama and now the Paradise Papers where the secret financial dealings of billionaires, some of them heads of states have been exposed. Obviously, these documents, millions of files in fact, were only meant to be seen by the attorney’s involved, as they were highly confidential.

In the same way, in your house, company, or place of business, you must have certain documents which are sensitive, such that only a few people or in some rare cases only 1 person should have access. If you’re smart those documents are in a safe, or in a locked file cabinet with access to the safe’s or locked cabinet’s combination or key highly controlled and only a limited number of people are allowed access. By doing this you are protecting the confidentiality of those assets.

You could have servers, the computer that hosts your QuickBooks files, the president’s computer or the computer of the IT Director, these are critical assets and must be physically protected from access. The reason being is that if someone were to be able to get in front of those servers or sensitive computers they might be able to login and see or worse yet steal privileged information. Protecting the confidentiality of assets is critical to physical security.

How does integrity come into play? Integrity is the 2nd pillar of the CIA Triad that Physical Security protects. This means that the information in that safe, file cabinet, Director’s office, Server Room is safe from alteration. The data is kept in a state of Integrity.

What does that mean? Let me provide an example, and it will be easier to understand. Let’s say someone where to have access to the accountant of finance director’s computer and they altered the files, let’s say they cooked the books or made some modifications the QuickBooks files and entered information that was inaccurate. What would be the consequences? Depending on the severity of the change and what type of company it could be devastating.

If the company was a publicly traded company the company itself including the board of directors, CEO, Senior Executives could be held personally liable including being subject to criminal charges for exposing the data and reporting false information regarding the financial status of the company (that’s if these changes were never detected and were processed as they normally are, and no other compensating controls existed should as file verification). There could be stiff fines involved.

Due to the nature of the competitiveness of business, there would be a loss of reputation, and the company would lose business as the competitors of the firm would be happy to assist in winning over customers. As the saying goes: “Who wants to do business with a tarnished name?”

The integrity of the company’s assets is critical as the data related to the organization is highly valuable. Any alteration could adversely affect the profitability of the company and its investor’s. In the worst-case scenario, the company could go out of business. For example, when it was discovered that ENRON had cooked the books or fabricated their financial statements, in this case the company itself maliciously altered the assets of the company and breached the integrity of their own information to commit fraud, ENRON went out of business and the senior executives went to jail, investors lost 100 billion dollars and the big 5 accounting firm that represented them in auditing their Financial information as having Integrity, went out of business.

Physical Security aims to protect the integrity of the physical assets of a company so that they are not altered in any way. Protection of keys assets from physical access is critical to ensuring the viability of any business. A computer is just a computer, but if that computer is the one belonging to the secretary of the owner of the company it must be protected with extra care.

What about availability? This is the 3rd pillar of the CIA Triad. For information to be useful it must be available, people must be able to access or use the data. Think about this for a moment, what were to happen if your web server which hosts your company’s important websites, and which is in the server room was unplugged? What if the accountant’s computer that host the QuickBooks files was stolen or they stole the hard drive? What if there were no backups of that machine?

What if someone broke into the server room and unplugged the fiber connection from the firewall to the core switches and this was a nonemployee? Imagine if this happened on a Monday at 10 AM in the middle of production and no-one could login to the network? What would be the consequence beside many angry users? The availability of data is critical to understanding physical security and cyber security.

How does physical security impact cyber security? I gave some good example of the relationship between physical and cybersecurity I hope but let me emphasize the point-if someone has physical access to a network they can own it. It’s fine to have perimeter security, Firewalls, IDS/IPS Systems, setup continuous monitoring, but if you don’t physically protect the building and the hard assets, servers, network equipment, key computers, sensitive documents, you are exposing yourself and your company to serious harm.

Simply put physical security and cyber security go hand in hand. You cannot have cyber security without physical security. If you don’t protect your assets physically they will be unprotected by a hacker and you could potentially face a breach.

Protect yourself from Phishing

0

Phishing is a lot like fishing.  Fishermen will cast out a few lines with some type of bait and see what bites.  The difference is the target is people and the lure is emails.  I am sure you have seen them.  They come into your email with some type of exciting news.  You have won something or click here to get great deals on ”x” product.  Most of the time, those emails look a lot like spam which is why you should never open emails from people you do not know.  There are a few harder ones.  Just like fishermen who use lures that look like real fish, some of those emails will appear to be real as well.  Watch out for emails that claim to be from your bank, an online store, a friend, a social media website you use or even a family member.  They will look real and will expect you to click on a link within the email.  Sometimes they will seem urgent to get you to act quickly.

 

Watch out for phases like

Official email

Your “bank name” was compromised.  Click here to reset your password.

This is the police department.  We have your car spotted at a crime scene.

 

Personal/sexy emails

Hey babe, I have not heard from you in a while. Did you not like the pic I sent you 🙁

Check out my new website.  It has some really hot pics I can’t just email to anyone.

Hi, I have not seen you around in a while and it has really messed me up.

 

Email that looks like it was sent to you by mistake.

Hey Bill, you were right.  I used _____ and I made 300 dollars last night.  You truly are a good friend.

I heard you might be looking for a new job.  We are the number 1 in “whatever” and for someone with your experience we can pay top dollar.  I can wait to let my boss know you are interested.  Click “Here” to fill out the job application and then email me back so I can let him know you are ready for an interview.

 

Phishing attacks are emails that are sent to a large group of people looking for someone to bite.  The emails will look legitimate at times but if you look closely, you will see clues.  Ask yourself the following questions.

 

Was I expecting this email?  The email can appear to have come from a friend, co-worker, family member or your bank.  If you were not expecting an email, do not download any attachments or links that are associated with it.  Those emails with try to entice you to do so.  They will do their best to look as official and authentic as possible.  If you do not know, just call them.

 

It is important to remember your bank and credit card providers will not send you an email informing you about problems with you account.  They will never ask you to verify your information by clicking a link or calling a phone number on an email that you receive.  They will never have you call with a reference number.  They will suspend your account and call you.  If you get a call, you should hang-up and call the number on the back of your card.  This way you know you are talking to the right people.

Why would I get an email not intended for me?  This is one that gets a lot of people.  We all love gossip.  To get an email that looks like we got it by mistake which contains a secret, we are all going to want to read it.  The email will entice with some super secret stock, nude pictures of a girl that was trying to send it to her boyfriend, a home for sale in the neighborhood that is below market value, or whatever someone thinks will get you to read it and click on a link or open an attachment.  Simple point, if the email is not addressed to you, do not waste time on it.

Is this too good to be true?  There are emails offering you the world and depending on your current situation, your judgment may lead you astray. Phishing emails are used to start social engineering attempts.

 

 

Computer Forensic for each Person Who Needs It?

0

Computer forensic is formed and being offered to each person who need it. This is one of the most significant features of this service that is extremely significant not simply to individual people however also for diverse companies. Many populace who desire to avail computer-forensic and computer forensics are thoughts about the accessibility of the services that they present to diverse type of groups. Some are thinking that services similar to computer forensic is not accessible to populace who are just using their PC at home. This is a misconception. This kind of service is something that all populace will require in diverse times.

The future is something that you could predict. With this, it is extremely significant for you to organize yourself while it comes to situation when you require to access something from your PC and you suddenly understand that there is definite information that you could no longer find since the security is not permiting you to do so. This is somewhat that computer forensic can aid you with.

Aside from being accessible to individuals who are using PC at home, this services that computer forensic provides is most significantly given to those who have their own company. If you are looking onward to meeting the requirements in an inquiry inside the corporation, you will require the help of Computer Forensic. You might have your own workers who can do the job that your company needs however there are several tasks that could only be done by expert. This is something that you have to recognize particularly when you are dealing with investigation in your corporation. This is something that you might be facing in the future.

Computer forensic is made accessible in order to support diverse companies that are experiencing troubles regarding diverse situations that might arise owing to some problems that have something to do with convenience of info. This might become a difficulty if you are not going to look for the most excellent option in solving it. research is an expertise of computer-forensic. You can trust them while it comes to this kind of job. Their job in making certain that the service being given is at a height that will be effectual and helpful to the customers.

With the aid of computer forensic, you would be able to sit back as well as relax and just wait for the consequence. The investigation that is linked to your computer as well as gadgets can be done simply by computer forensic because this is part of their work experience. This would be a huge chance for you to make certain that everything is going to resolve in the end. You may consider that this service is not actually important, however you still have to get ready yourself by knowing who to call several problems abruptly arise. With computer forensic service, it would be extremely easy for you to be certain that everything would be in its perfect place while you require to have a forensic inquiry.

Personal Identifiable information (PII)

0

Personal identifiable information (PII) is any information that can identify you.  There is information everywhere about you.  Some information you have made publicly available while other information about you is placed out there by the government, creditors, friends and family.

The government will publicly provide information about court records criminal and civil, marriage/divorce, death, driving and many other public records.  All of this information is public and for convenience, available online.  My personal favorite is the property appraiser website.  I can look up information on anyone to find out if they own property and if so, how much they paid for it.  I can then take the address and search on any of the online map services and get satellite imagery of their home.

Creditors release information about items you are financing or failed to follow through with your obligations.  This information will help or hurt you when you are looking to buy large items you do not have the cash for or decide to finance instead for some crazy reason.  (You will ultimately have to pay for the things you bought with those plastic cards.)  Information about how much you owe and how much you make is out there and easy to get to.

Unless you are living in a rock somewhere, you will more than likely have a social media account with information about you.  Your height, eye color, hair color, hobbies, your sexual preference, your status (married, single, dating), favorite things and anything else you post about your life.  Those post will include things you feel strongly enough about to share with the rest of the world if you did not set your privacy settings.  If you do not directly participate in social media, there is a big chance that you are all over the web without even knowing about it.  The best example that comes to mind is my wedding pictures.  Without me knowing it, my proud mother in law put pictures on the web for everyone to see.  Now when anyone searches the web for my name, they will see my wedding pictures.  Your friends and family will tag you and place information about you all over the web.  Social media has made everyone a paparazzi looking for something funny, cute, embarrassing, or amazing to post on their page.

If you have kids, you are not known by your name to them. You are known as Dad, Daddy, Mom, Mommy, or some other endearing name.  To your kid’s friends, you’re known as so and so’s Dad or Mom.  Your face is all they need to identify you.  That information is not enough to identify who you are.  You could have an evil twin or someone could have made a clone of you.  Your face is not enough information for you to get a place to live, your own transportation or even a job.

The more information about you, the better chance to confirm your identity.  The amount of information has changed overtime.  At one point your name, social security, address and proof of employment may have been enough to provide proof that you are who you say you are.  That has changed to include information about your past.  You may find yourself talking to your bank and they seem to ask you some random multiple choice questions like which of the following cars have you owned, which school have you attended or which of the following places you have lived at.  This information is pulled from multiple sources to help prove you are really you.  Your potential employer will perform a background check to verify you are who you say you are.  They will also check social media sites looking for you.  They are looking to see if you have posted anything that would hurt the company’s reputation.  Through the process, they will get to know who you are.  A bad credit score could cost you the job as well.

 

What you should do

The first thing you need to do is accept the fact that there is information about you out there.  Trying to stop it is impossible but you need to be aware that it is out there.  Your information can be used against you.

 

Years ago when I refinanced my home, I received a letter in the mail with my mortgage company’s name on the letterhead.  It looked just like what I would expect to see from them.  The letter contained information about my rate, monthly payment, terms of the loan and my address.  It also had a breakdown of how much money I am wasting if I do not take advantage of the weekly mortgage payment.  It looked so real that I called the number but when I called, I noticed the computerized greeting did not include the name of my bank.  Every time you call your bank, you will hear “Thank you for calling bank name.”  I hung up and I called the bank from the number off of their website.  Once I got a representative on the phone, they confirmed my suspicion.  It was a scam.  My bank does not offer a weekly or bi-weekly payment option.  They also made sure I know payment is made through their website directly.  I was shocked at how much information they had about me but none of that information is harmful.  Think of your favorite movie star, singer or comedian.  Think about how much information you can find out about them.  You can easily get their name, address, names of their children and so much more.  Think about the information you have collected and ask yourself, what can you do with it?  There is key information missing to build an identity but it’s a start.  When someone is looking for information, they will look to get it from the point of least resistance.

Make sure your social media profiles are set to private.  This will help keep your information within the group of people you have accepted as friends.  This is important because if you do not, anyone can follow your movements and learn things about you.

 

Never save your social security number, credit card or debit card
numbers to a file and store it on your computer, USB drive, cloud storage, email or any other media.  This makes it too easy to get out there.  If you have to write down some numbers to help you remember how many cards you have, then you have too many.

What Is PC Forensic Service?

0

Computer forensic services are accessible all over the place in the United States. This is owing to the fact that the require for this kind of service has by now become a big thing of the contemporary earth. This is not something that has by now been there for a long phase of time. This is somewhat that is not actually present a long time before when there are no computer yet.

the most secure computer forensics are measured as main parts of forensic actions. This is centered in provide services that are ideal for people plus companies that wish to get info from computers. Yes, that is it; this service is in fact centered in getting info that is extremely significant from computers as well as devices. The most safe computer forensics services is given out to get evidences. This is the similar with the usual forensics actions where the main focus is to search for evidence that could be used in trial and court proceeding. The main thing that you would surely notice with this is the detail that it is done in a more dependable and in an easier way.

When do you require a computer forensic service? There are diverse instances while computers cannot be used or else when info and particulars cannot be simply taken from it. This happens while there is a crime of hack that just happen. In some instance, this as well happens when there is a difficulty that is cause by passwords as well as other things that are locking away one individual from accessing files. With this, the most significant thing that must be measured is how to save the files that are required. This procedure is not that easy as well as there are diverse steps that must be done.

Using digital forensics could discover all kind of crimes so as to make the world safer.With this, you have to belief the people who have been training for this. The simple fact that you know how to use a PC and you know how to fix one will not actually qualify you for this. There is training as well as there are various knowledge that must be considered for this. So if you are going to search for someone who can give the service for this, you have to make certain that you will be capable to get the ideal one.

There are a lot of Federal Courts that are admiting the evidences that are taken with the aid of computer forensics. This is the cause why there are by now a lot of companies that are giving out this kind of service. But of course, you as well have to rate the service in order for you to make certain that you will be capable to get the ideal one. The most significant thing that you require to learn from this article is that the significance for a service like this must not be underestimated since there might come a time while you will require it.

 

Computer Forensic analysis Help Track Criminal

0

These days it is very important to take assistance of computer science study to solve a extensive array of criminal cases. Digital forensic services aid organizations protect their IT resources.

Solving criminal case is no kid’s play. Gathering proof is a vital part of court events. Scientific process have enabled company to solve very important cases. A lot of company these days take aid of computer technology study is lot many matter of concern. It is significant that the corporation which you appoint for digital forensic service is reliable. Such companies are essentially instrumental in guard your IT resource. They can examine data which could be in the means of phone call from the phone of the blamed. Digital forensic study helps in a wide variety of issues for example drug sales, trafficking, computer hacking, email abuse, wrong use of accessible information, IP theft, et cetera. Digital forensics is in fact changing the means we deal with offense of any sort. Even the populace working in a corporation are conscious that if they do something incorrect, they would be caught up simply. Most of the corporate firm now take aid of computer forensic study to find about diverse activities for example improper utilize of firm laptop, wrong email communiqué, illegal data duplication and so several other deceitful practice.

Human Resource Managers as well as Internal Security agency are prime user of forensic specialist services. At times individuals as well need to appoint computer forensic services. This is mainly in cases connected to spouse cheating, or else inappropriate use of internet by any family member. These PC technology services are fairly costly. This is the cause why populace hire such expert only in case of severe need. But then in case you desire to hire such an specialist ascertain the reliability as well as the height of services which he or she present. Of late, Computer science are yet taught as a subject in most of the principal colleges and universities.

Pick up a company which presents an widespread range of computer forensic services. The corporation which you choose should be dependable as well as capable so that the information collected could be easily used in a court of justice. The computer forensic expert have actually help to grab criminal in cases like child pornography, customer cheating, financial fraud, corporate spying etc. With the increase in international crime PC forensic investigation is at all time high. This means that company needing the services of capable Digital Forensics expert are yet higher.

Nevertheless, using a PC system forensics tool could be quite a hard task unless of course particular help is involved. A laptop forensic device is indeed a sensitive program instrument and therefore demands alert dealing with. so as to derive output from pc forensics software program, you’ll require personnel with laptop or else computer forensics degree.These personnel are often well-trained computer system forensic authorities with experience whilst in the use of computer system forensic systems.

Protecting your Social Security Number

0

For some reason, social security numbers became an easy way to identify individuals. I believe this is because it is a unique number that most people would have memorized. There are legitimate reasons to give out your social security number but those lines are blurred. The only reason social security numbers are given out in the first place is to track the earnings of the workers. With this number, the government will track how much you make and tax you accordingly. In fact, there is nothing special about the number other than it was assigned to you. The numbers go in order. For example, let’s say your social security number is 001-01-0001. If I was the next person in line, I would be 001-01-0002. You can take you current social security number and add a one to it and you have new social security number. This should paint a clear picture of how easy it is to generate a social security number. The use of the number evolved into something unexpected but yet logical. We give it out to so many different situations. I recall being asked to provide it get a library card, as my user ID to log into my university’s website and as a login to clock my hours at work.
Bottom line, don’t give out your social security number unless you absolutely have to. Don’t give it out over the phone, especially to a stranger for any reason whatsoever. If you know the person or they have identified themselves and it’s absolutely necessary for you to provide it, make sure no one is around. Do not give your social over the phone while at your favorite coffee shop, out shopping or on speaker phone.

Your social security number is yours but a simple typo could tie someone else’s name to it. I applied for a credit card to save 20% off a large purchase only to receive the card with my name miss spelled on it. I still see it pop up as an alias when I buy a home or refinance. It could also be deliberate. When I was in high school, I had friends that were illegal. They were good people that wanted to work to help their families get by. I wanted to help my friends so I made photocopies of my social security card and with a little work (and a copy of a copy of a copy) I was able to replace my name with theirs on the photocopy. I then took a photocopy of the photocopy. I repeated this a few times for each of my friends. They used to photocopy to get work. Back then, I just wanted to help a few friends but when I look back, I realize just how easy it was to create an identity. I also realize I should have changed the number and not just the name. The reason that this number is so special is it’s unique and you can’t change it. If your password gets stolen or you forget it, you can always change it or request a new one. If your social security number is stolen there is very little you can do. Preventive security is the best approach.

What you should do
Your social security is out there and it comes in contact with more people than you would want but do not worry too much about it. Technology is improving. Identity thieves need more than just your social security to steal your identity but that does not mean you shouldn’t be careful with it. Do not carry your social security card with you. There are very few times you will be asked for it. The card is valuable because it provides a valid record. With the card, anyone with the same name as you can simply use it to get work which makes the card an easy sale to someone who is just trying to feed their family in the new world. Keep it in a safe place. I would recommend a safety deposit box or a safe at home.

 

Top Story

HOT NEWS

Moogle Corp: Company you might be working for

Happy Sunday from Software Expand! In this week's edition of Feedback Loop, we talk about the future of Windows Phone, whether it makes sense...