Comprehensive Identity Theft Protection

Our corporate solutions include multiple layers:
 

Business Governance Policy
The Federal Trade Commission (FTC) is the governing agency responsible for compliance for federal laws relating to the protection of non-public information. This includes the disclosure of the information even if formal identity theft has not taken place. In early May 2007, over 100 law suits were filed based upon one of these laws (FACTA) where the potential liability exceeds billions of dollars for corporate actions without any necessary damage proven to individuals.

The FTC has given initial guidance and continues to make recommendations to businesses, among which is the establishment of a formal focus on issuance of a corporate policy and compliance by all employees to relevant laws and business practices.

The first step, and simplest requirement, is to follow FTC guidelines for business governance and to educate all employees on the policy and their roles. IEM has baseline templates for your review with your legal counsel and can help with employee training and implementation.
 

Most companies are choosing to offer minimal benefits to employees or customers after an incident has occurred. While better than nothing, these token efforts are usually for one year while identity theft can occur years after initial disclosure.

Once an incident occurs, the risk for litigation does not go away. Customers may leave or contact lawyers. Employees may not seek litigation but morale will be impacted and those victimized will take company time and expense to try to resolve identity theft issues. Employers may be impacted even if the theft occurred outside the company.

In tight labor markets, employers of choice offer many benefits to employees. These benefits can improve morale and competitively set apart the companies offering them. In many cases these benefits are voluntary. The employee and their family decides what is best for them. Employees also pay for the benefits they select. This is a win-win for employees, families, and companies.

The same is true with benefits related to identity theft and family legal services (70% of identity theft requires legal assistance). These benefits can be leveraged with group pricing. Tied in with governance policy, employees are helped while companies have shown affirmative defense initial by increasing employee awareness and reduce legal exposure.

IEM Identity Theft Solutions has identified benefit solutions that we believe are the best available in the marketplace. We often combine corporate governance training with employee benefit training.

Contact us for more information at 678-485-1687 or sales@iemcorp.com
 

No products, services, or solutions on the market can eliminate identity theft. Most identity theft is caused by either intentional or unintentional human actions. These products are designed to utilize current technology to reduce the risk.

The rapid increase in technology works both ways. Some technologies
Increase risk. Other technologies reduce risk. Due to the rapid change in technology, we will not have all the answers. We will offer those products which we believe might be of interest. The choice is yours.

These products will often help in other risk categories, productivity, and even total cost savings.

Mobile Systems Protection

Typically the least protected, security applications are necessary to protect users of mobile devices from viruses, data compromise, the effects of device theft, and unauthorized data access.

The Wall Street Journal suggested that TJX’s massive loss of more than 47.5 million began with unprotected wireless devices. On June 21, 2007, NBC’s Today Show showed how snooper products enable third parties to take over your cell phone, watch you through your camera, listen to you through your microphone (even when turned off), and listen to your calls.

Mobile systems are often the weakest link for loss of customer data, sales activity, trade secrets, identities, and other sensitive information.

Solutions, by the leader in this field, include:

• Protection from viruses and malware, with enhanced filtering capabilities
• Text message filtering, preventing unwanted messages from interrupting the user
• Data filtering
• Enterprise management, protection against harmful data on open networks
• Secure data and password protection on files

Secure and Encrypted Unified Global Communication Platform

For PCs and Laptops, we recommend a product which which includes encrypted:

• Instant messaging
• Voice-over-IP
• Video conferencing
• Desktop sharing
• Remote PC control
• Pod and Video Casting
• File Sharing
• Group Chat

Benefits are security, enhanced capabilities, greater innovation, productivity, collaboration, real time situational awareness, and cost savings.

Multi-layer Secure Document Encryption, Management and Delivery

Provides single point or enterprise benefits, including:

• Intuitive, easy-to-use email, document, and data security interface
• Multi-layered security with 256-bit encryption
• Protect any electronic file type, including Office products
• Encrypt for a specific recipient or specific PC and/or add authentication
• Transparent decryption process
• Encrypt files and folders in place
• Time-lock documents for “auto-shredding” capabilities
• Securely store data and files on desktop, laptop, CE-ROM, USB drives
• Seamlessly integrated with Microsoft Outlook to encrypt both email body and attachments
• Encrypt and send functionality supports major email systems, including free web email systems
• Easy to implement

Contact us for more information at 678-485-1687 or sales@iEMcorp.com
 

Why assessments? Most companies do not have the understanding of identity theft to know where and how to look for risk factors. Risk assessments are designed to identify exposures and to recommend appropriate remediation actions.

There are three types of business assessments recommended. The first is a review of the company’s risk insurance coverage. The second is a review of your technology risks. The third is a review of your key exposure points in daily operational process touch points.

IEM Identity Theft Solution partners can help.

Prices vary depending upon company size.

Risk Insurance Assessment
Identity Theft is covered in some policies. However, there are significant areas of concern:

Is the amount of coverage sufficient? If you have $25,000, $100,000, or $1,000,000 and your exposure is tens of millions to billions, there is a gap.

Is the coverage broad in describing all types of identity theft? Or, does it define account fraud, credit fraud, check fraud, or insurance fraud as not included in identity theft or identity fraud?

Are there exclusions or limitations?

What is the balance of insurance coverage and cost versus investing in internal operational changes to reduce your risk profile?

The cost for the review is low. The value is high. We recommend the risk insurance assessment as a quick baseline to help prioritize other decisions.
 

Technology Risk Assessment
Many companies may have already begun addressing security from a HIPPA or corporate security audit perspective. The IEM Technology Risk Assessment is designed to focus on areas often missed in earlier reviews and to provide a complete scope of analysis. Examples of project scope for the assessment include:

Security and architecture
Threat and vulnerability
E-Commerce site security
End-to-end network design
Encryption protocols between 3rd party providers
Technology Policy and Procedure review
Current environmental infrastructure specifications

Additional Options
Attack and penetration analysis
Network security monitoring

Process Risk Assessment
While technology assessments point out technology exposures, a process assessment looks at the business requirements, human issues, and exposure touch points. A process risk assessment is usually combined with a technology assessment.

Typical project scope includes:

Client exposures – data requirements, data access, protection, and disposal, security, and contract terms

Partner and supplier exposures – data requirements, data access, protection, disposal, security, contract terms, and facility access

Internal exposures – hiring procedures, segregation of duties, internal policies and access controls, awareness and education, escalation protocols, and a response plan

 

Layer Five: Remediation Projects

Once assessments are completed, recommendations are included along with proposed next step consulting recommendations. This allows companies an opportunity to review their exposures and related cost to reduce their risk. Some actions may require postponement to future years due to budgets and capital expenditures. Other actions may be recommended but not addressable immediately such as areas dependent upon supplier or client cooperation. An example would be an ERP supplier fix that may not be available until a future patch or level release.

Remediation is driven by customized consulting engagement projects.

It is at this point that we recommend a legal review by inside or outside counsel.

We are developing additional programs such as employee seminars designed to educate internal awareness and awareness of steps to take outside the office.

Additional resources will be available on this website in our Knowledge Center. We will be gradually populating this area with newsletters, articles, pod casts, ebooks, resource books, and related links.
 

Risks, laws, and legal precedents are evolving. We recommend you consult with your inside or outside counsel at a minimum of four levels.

First, we recommend you internally review templates, like ours, to determine what policy guidelines can be followed operationally without disrupting your business or risking systemic employee non-compliance. Then we recommend you consult with legal counsel to finalize the policy. For some companies, their initial policy may be less robust than optimal for legal protection but can be enhanced in following years as internal processes and cultural changes allow.

Second, we recommend you have legal counsel involved in reviewing the assessment results to help prioritize remediation steps based upon budgets and legal exposure.

Third, we recommend legal counsel be involved to review remediation changes involving customer, employee, and supplier contracts and related legal exposures, such as hiring practice changes.

Fourth, we recommend legal counsel to be available for annual reviews and incident responses.

Since we are not attorneys, we do not provide legal counsel. However, we will be developing a list of attorneys who indicate a commitment to this area of law. This may be helpful for those who do not have attorneys or desire a second opinion. This listing is not a legal endorsement or guarantee