|
Identity Theft is UnavoidableI’m often asked if risks in general including identity theft are unavoidable and whether companies can avoid losing consumer and employee personal information. My opinion on managing risks is very clear which I have stressed many times that risks in life can never be completely and one hundred percent eliminated and thus are unavoidable. It would be unrealistically optimistic to expect and believe that identity theft is avoidable and that we have full control over what happens to us in life. Some things in life are unavoidable and although I’m a big fan of the law of attraction theory, what I say here is the opposite of what the law of attraction suggests which is if we really focus in, believe in and expect the outcome of an event, whether positive or negative, the outcome will materialize itself no matter how unrealistic it may be to us. Identity theft and confidential data breaches are risks just like any other risks in life. Contracting deadly diseases, car accidents, flat tires, lay offs, early and unpredictable death and other risky events are among a long list of risks we face each and every day. Even being called in to a jury duty is an event that might be considered as a risk to some people. When risks are introduced, they appear in varying levels (high, medium , low) to people who face them. Some of these risks in most cases are unavoidable, however, as a society and individuals, we can reduce their probability of occurrence and level of their impact in some cases by taking certain measures to reduce the occurrence, and preparing ourselves for their immediate identification and containment when and not if they happen. To suggest that some risks including identity theft risks are unavoidable as I do here, sounds depressing and against the theories that whatever happens to us is within our control or that somehow we caused them to occur. However, many things happen to us not because we fail to do or not to do something but because of the actions of other people and companies or even God. Things happen to us either by us, by others or by a combination of both when certain actions are taken or not taken depending on the situation. For example, if we smoke, we increase our chance of getting lung cancer (action taken) and if we don’t pay our rent or mortgage on time, we face eviction and foreclosure (action not taken). Now, let’s analyze the three scenarios I just described on how risky events may get introduced to us. What’s an example of a risky event that we might cause for ourselves? I got one. We toast a bread while watching TV and somehow we forget to properly set the timer which causes the toaster to start a fire. We’re lucky enough to survive the fire but we lose the house. This is an example of an undesirable event that we brought to ourselves and one which we could have avoided. The best solution in this case would be to properly set the timer and even stand by the toaster and check the bread fro time to time. OK. What’s an example of an undesirable event caused by others? A while back, I read in the news that some kids were arrested for throwing stones from a bridge on the driving cars on the highway below. This action actually caused some cars to have broken windshields and get into accidents, injuries and even deaths. Now every time I drive on the freeways and pass underneath a bridge, I think of the risk that someone might throw a stone at me or even shoot at me from a distance (do you remember the random sniper shootings a while back?). This is a risk that I have to take since there is no way around avoiding freeways. Natural disasters are also good examples of events created by the nature over which we have no control at all. A good example that comes to mind describing an event that is caused by both others and us is putting on excess weight. We get overweight by overeating but since most foods are processed or even chemically and hormone treated, they contribute to our excess weight. We can control what we eat, when we eat and how much we eat to maintain a healthy weight and reduce the risk of being overweight with undesirable consequences but the man made foods don’t help us to push the risks further down. Another example is when reckless drivers cause accidents while we also increase the risk of death and injury by not wearing a seat belt. The same scenarios apply to identity theft and identity fraud. People collect all the credit cards in the world and wonder how or why they become victims of identity theft or how they can avoid identity theft. On the other hand, we might take all the precautions to avoid identity theft like throwing away all our credit cards, shredding all our personal documents, removing our mails from our mailboxes frequently and timely, reading all the corporate privacy policies and do all the other right things, but still face identity fraud because someone posted our social security number on the Internet, or certain employee stored our personal information on the laptop and took it home to be stolen from the driveway the same day. How do we control other people’s actions that might affect us? As a society, we are so dependent on each other that either we all fail in the fight against identity theft or defeat identity theft with collective efforts. Companies develop and implement information security policies and privacy controls but all we need is a reckless, disgruntled or criminal employee to violate the corporate policies and create identity theft nightmare for thousands of citizens. Do we have control over the actions of others? Not really. Can others’ actions lead to our identity theft? Absolutely yes. Can we do any thing to reduce the risk? Yes. We can only control our own actions and as such we can reduce the risks that we might face in life and plan for the unavoidable when it occurs. To start planning for a case of unavoidable identity theft, we must first accept that like most risks, identity theft is unavoidable and can occur for which we must and can prepare. Such preparations include monitoring our identity components such as credit reports and bank statements in order to detect identity fraud on a timely basis. Once fraud is detected, damage controls and actions such as closing accounts, placing credit report freezes, and changing phone numbers must be implemented to stop fraud expansion into other areas and prevent it from becoming a bigger issue. The fraud prevention, detection, recovery and containment controls will depend largely on the scope and nature of the identity components and events we are trying to manage, therefore, our action plans will be different according to the confidential information or the events. Now, list all the possible risks you might face in life including identity theft. Write down every thing that can go wrong. Then ask yourself, how can I prevent this? How would I know if it ever happens? What should I do when it happens? Write down your answers and voila, you have a plan to address your risks in life and once you do this, you can better sleep at night. This plan is not supposed to be static and must be reviewed and revised frequently as things change in your life and the environment. This is a very simplistic version of a risk assessment performed by the biggest companies but it could also be applied to smaller companies and individuals. No one is immune to risks in life including the biggest companies in the world. However, the ones that plan for the unavoidable risks have a better chance of survival, growth and happiness.
|
