Share This Page

GOOGLE
https://theprivacyadvocate.com/opms-gift-to-you-open-it/">
RSS
LinkedIn

OPM’s Gift to You – Open it for business!

December 24, 2015

Female hands in winter gloves with christmas gift box

Were your current employees once federal job applicants or clearance holders? Have they yet signed up for credit and identity monitoring that the Office of Personnel Management (OPM) has offered? OPM’s last set of data breach notification letters went out the first week of December and is practically a gift to organizations. Has your organization realized the actual value of OPM’s gift? Really, this is a gift that should have been opened and enjoyed before Christmas. Nevertheless, it’s not too late. As an organization here’s how to leverage OPM’s offer of monitoring services, and the benefit of security measures such as freezing that’s offered by credit bureaus. Make this help you build a stronger security and privacy consciousness in your people and for your organization by helping personnel meet their personal and emotional needs.

In June 2015, OPM confirmed that sensitive records related to background investigation of current, former, and prospective federal employees including contractors had been stolen by Chinese hackers from OPM’s investigation database. The stolen background investigation forms included the social security numbers, fingerprints, usernames and passwords, investigation interviews, medical and mental health information of 21.5 million individuals. Included in that number are 1.8 million relatives of the victims. Since this discovery OPM disseminated notification letters to those affected and a Resource Center equipped with OPM’s solutions including three years’ worth of enrollment in identity and credit monitoring services totaling $133 million for all 21.5 million victims.

Now, that’s generous! But before you disagree on the level of the aforementioned generosity, the purpose of this article is not to discuss OPM’s cybersecurity weaknesses, faults, incident response judgement, or perceived mis-spent $133 million. In security it’s imperative that we cry over spilled milk until we figure out vulnerabilities, threats, risks, and prevent them in the future but this is not the article or occasion. Rather, this article focuses on utilizing the benefits that OPM is offering as protective measures for victims of this year’s data breach.

What will your people get when they sign-up for identity and credit monitoring? Well, when an identity thief opens a new account in the name of the victim, the victim will be notified by the monitoring vendor (in this case, ID Expert) so that the victim can confirm if that is their genuine transaction or a criminal’s activity. Plus, if there’s any initial damage done by the identity thief, the victim will not bear the financial burden as the monitoring package insurance for up to $1 million is available through December 31, 2018. Additionally, the burden on the victim to fight the three major credit bureaus trying to exonerate themselves or clear their name will be lessened as ID Experts personnel will help the victim with necessary paperwork to make this more guided and less painful.Businessman with open hands looking at the camera against snow

Even better than identity and credit monitoring is Security Freeze that’s offered by the credit bureaus. It’s a more effective layer of identity fraud protection for your employees. Most states allow free credit freeze for victims of identity theft. Look it up at Equifax.

So far in this article you’re not spending a dime. So, if an individual is not a victim but freezes his or her credit as a proactive approach to identity protection, depending on which state they leave in, $15 or less will do the trick. You should also encourage this. As a manager or leader in your organization, you need to lead your people to this solution by making this a corporate effort. Announce it, set a goal for it, and achieve it together. If you encourage and get your people to sign-up for free freezing they’ll obtain a PIN that they can use anytime they open a new account or line of credit. This way, these victims have something unique that identity criminals do not have about them and as a result cannot open an account with stolen identifying information. With a PIN, the victim has nothing to argue with credit bureaus, no credit report to clean or scrub– because it’s frozen solid with a PIN. Just emphasize to your people that they should commit their PIN to memory and secure it.

How much will it cost your organization to pay for a few people that are not victims? Well, it depends on the size of your business and the state where you operate. This is not only an essential part of your security and privacy program, it’s the heart of your organization’s culture and consciousness. You must protect your people to protect your organization. The return-on-investment is priceless. Your initial cost benefit analysis should consider the number of hours or days your employees will take off from work to address incidents resulting from identity theft or fraud, related stress and distraction and how it will impact productivity and morale. What will that translate in your hard-earned dollars compared to any corporate effort you could use now to leverage options that are free, available, and out there? Do the math. What will it cost if you had to foot the bill that OPM is bearing? For example, if your organization’s database was hacked and records stolen. What will it cost with your own efforts to raise security consciousness amongst your people for three years? What if you had to pay for security freeze for each employee? Well, you don’t need to pay anything in this case because most of it is done for you. So if you’re hacked you don’t have to spend on credit and identity monitoring for your personnel. You can offer it but they might not need it. But don’t relax as December 31, 2018 is not forever. It’s three years.

The holiday rush and shopping will soon die down. What better time to start using the opportunity you have to refresh your people on phishing, spear-phishing, social engineering attacks, and more? Remind employees to not entertain external calls or emails that direct them to links or attachments about the OPM breach incident. OPM already made it clear in their notification letters it won’t be sending emails or making calls to victims concerning the data breach incidents. Criminals are setting-up follow-up or related attacks waiting to exploit victims of OPM’s breach.

Your people are feeling loss, anxiety, disappointment, and threat to their identities and lives. Use these emotions to their advantage and the organization’s advantage by teaching them what is happening and how to effectively respond with layers of protective measures available. Don’t let your employees fall into the temptation of opening and clicking anything ID Experts or OPM-related unless you’re doing biz directly with OPM you should set parameters for discretion on what emails to open and which ones your people should report. Don’t leave them to motivate themselves or try to deal with this alone and as result foster an environment that’s easy and vulnerable to piggy-back breaches. Talk about it, emphasize it enough, keep tally of monitoring enrollments, and set deadlines. Your people will get onboard, sign up for monitoring and credit freeze, and be more security conscious at work too. Remember, humans are the weakest link in corporate & personal security. Help minimize this.

Before, your employees couldn’t get themselves to spend $8 per month on personal identity and credit monitoring services because they saw it as just an additional bill to pay or that it won’t make any difference, then the holidays and more reasons to procrastinate set in. But now your glass is clearly half full so your organization has the opportunity to build a solid security and privacy culture whether you’re an organization of three people or 300,000 plus, public or private entity. Monitor, freeze, train, and save money. Support your employees and leverage the freebies first – it’s good for business. OPM is offering to monitor your employees’ credit and identity, and your State is willing to give them a break on additional protection, go get it!

 

 

 

 

 

 

 

 

 

2 responses to “OPM’s Gift to You – Open it for business!”

  1. It is truly a great and helpful piece of info. I’m happy that you simply shared this useful information with us. Please keep us informed like this. Thank you for sharing.

Leave a Reply

Your email address will not be published. Required fields are marked *

Share This Page

GOOGLE
https://theprivacyadvocate.com/opms-gift-to-you-open-it/">
RSS
LinkedIn
Social media & sharing icons powered by UltimatelySocial