UBP blog

02/23/2010

To prevent identity theft at work you need to know where the thieves will go

Identity thieves can steal personal information from you at work, in public, online or even from your home (a place that so many of us think is a safe haven). The first step to protecting your information in all these places is knowing where the thieves will go to get their hands on it.

Let’s start off by looking at the workplace.

Personal information in any given workplace is vulnerable to the prying eyes and hands of permanent staff, temporary and contract workers or even the after-hours custodial staff that comes in and cleans the building every night.

If there’s an identity thief lurking in and around your workplace, chances are they’ll go for one of the following.

  • Unattended Personal Belongings: This includes both unattended purses and wallets as well as easily accessible personal documents employees may either keep at work of bring with them to work.
  • Employee personnel files: Any employee with access to the personnel files that are kept in HR has easy access to employees’ Social Security Numbers and DOB’s as well as a host of other data ID thieves may use to commit fraud. 

Data in personnel files is especially vulnerable to threats from within an organization. A disgruntled employee or even a temp worker could steal employee personal information, sell it to an identity thief or use it themselves to commit fraud.

Effective monitoring is the key:

The information above goes to show that employers should carefully monitor access to all employee personal information. Certain vital details such as who has access to this information, how long they have access to it and what precise business or compliance need their access to this information will fulfill should be spelled out clearly in your Written Information Security Plan required by Massachusetts law 201 CMR 17.00 (which is enforceable the first of next month).

On top of this, employers should communicate to employees the importance of consistently monitoring all accounts they have in their name, checking for any unauthorized activity or the presence of any new accounts that they didn’t open themselves.  

Individuals who steal your identity or credit card numbers depend on you not to look too closely at your bills and ensure that every charge on them was actually yours. “Small” charges of under $100 are often less scrutinized than larger amounts and thieves know this. That’s why you should never just “excuse away” unfamiliar and unauthorized charges, just because they appear small.

Deadline for Massachusetts Identity theft law 201 CMR 17.00 is just a week away:

One week from today, all businesses that “own, license, store or maintain” personal information on any Massachusetts residents must be fully compliant with the Commonwealth’s identity theft law 201 CMR 17.00. Is your company compliance-ready, and can you prove it to the auditor who may come knocking at your door?

To help Massachusetts businesses get compliance-ready, Universal Benefit Plans has partnered with local employment law firm Foley and Foley to offer a complimentary 30 minute compliance review for qualifying companies. Call us at 617-859-1777 to learn more and see if your company qualifies.

Advertisements

02/16/2010

The Security of your Identity is only as strong as the passwords you keep—Part 2

As discussed in the previous blog post, your passwords are often your only barrier protecting personal information from the prying eyes of identity thieves. So, it goes without saying that they should be kept both strong and secret.

We’ve gone over how to make your passwords strong, here are a 4 steps that you should take to make sure they’re kept secret:

1. Don’t write your passwords down:  The safest place to store your passwords is clearly your own mind, which is why they should be relatively easy for you to remember. However, if you’re someone with a lot of different passwords to different accounts, you might need to write them down somewhere to remember which one is which.

If this is you, you’ll need to be extra careful about where you put them. Avoid keeping them in places that are easy for a thief to access, such as in your pocketbook, taped to the monitor of your keyboard or even on a sticky note on the back of your mousepad.

2. Don’t use the “remember my passwords” setting:  Whenever automatic logins and “remember my passwords” settings are enabled on your computer, anyone can sign into your computer as you and log in to all of your personal databases.

3. Don’t log into accounts containing personal information on public computers: Public computers include those in libraries, schools, universities or at an Internet café. Your passwords and usernames could be saved by the computer and used to access your accounts by someone else at a later date.

4. Don’t share your password with others: Also, as soon as anyone finds out your password, you should immediately change it (even if the person promised not to use it or tell anyone else).

Starting March 1, 2010, all businesses that “own, license, store or maintain” personal information on any Massachusetts residents must be fully compliant with the Commonwealth’s identity theft law 201 CMR 17.00. This means encryption, creation and implementation of a Written Information Security Plan and a whole host of other responsibilities must be completed by the end of this month.

Is your company compliance-ready, and can you prove it to the auditor who may come knocking at your door?

To help Massachusetts businesses get compliance-ready, Universal Benefit Plans has partnered with local employment law firm Foley and Foley to offer a complimentary 30 minute compliance review for qualifying companies. Call us at 617-859-1777 to learn more and see if your company qualifies.

02/11/2010

Do you know what the five costliest health conditions are?

As an employer, when asked what the five costliest health conditions are what do you think would top your list, cancer and heart disease, correct? It depends on what factors you look at to determine cost.

The Journal of Occupational and Environmental Medicine (JOEM) recently published a study revealing that employers who focus solely on employees’ direct medical and pharmacy costs in creating cost-containment strategies are missing a major component of the picture. These findings were based on data from over 51,000 employees and 1.13 million medical and pharmacy claims.

Where employers could be missing the point:

Employers who just consider direct medical costs are missing out on “presenteeism” costs. These costs are incurred when workers have health conditions that aren’t severe enough to keep them home. They come into work, cannot perform their jobs at full tilt and cause a drain on company productivity. 

In fact, for every dollar spent on employees’ direct medical and pharmacy costs, employers can expect roughly $2.30 in productivity related costs.

The  JOEM study found that when considering direct medical and drug costs alone, the top 5 conditions driving health care costs up are:

  • Cancer (other than skin cancer)
  • Back/neck pain
  • Coronary heart disease
  • Chronic pain
  • High cholesterol

This means that those of you who guessed cancer and heart disease got numbers 1 and 3 on this list.

But, when they factor health-related productivity costs, the top 5 conditions driving health care costs are:

  • Depression
  • Obesity
  • Arthritis
  • Back/neck pain
  • Anxiety

In light of these findings, what’s one major step employers can take to improve productivity and bottom-line results?

When developing your overall employee health strategies and disease management programs, make certain to first recognize and prioritize these conditions. That way you can create targeted solutions that address them head on and save health care dollars in the long run.

These solutions are just a small component of Benefit Plan Optimization (BPO™). So many employers out there are paying too much for their benefits and getting far too little in return. They’re definitely not getting the most out of their benefits and our 13 point diagnostic test could be just what the doctor ordered.

Call us now at 617-859-1777 to schedule yours or visit our website www.universalbenefitplans.com and fill out one of our contact forms letting us know your biggest benefits problem. We’ll certainly get in touch with you ASAP to discuss possible solutions.

02/08/2010

The security of your identity is only as strong as the passwords you keep—Part 1

If you lived during the Middle Ages and had a castle, you’d want to prevent invaders from breaking in, destroying your property, kidnapping your loved ones, etc. So what would you do? Build a moat, correct?

Now most, if not all of you, would pull out all the stops to create the deepest, most crocodile-filled moat imaginable. After all, it would be your only barrier for keeping invaders out. When creating passwords for your personal information you should use this exact same logic.

That’s because just like a moat is the only barrier keeping invaders out of a castle, your passwords are often your only barrier standing between personal information and identity thieves.

All passwords you use to access personal information (both online and off) should be both strong and secret. This blog post will educate you on how to keep them strong.

What is a strong password?

A strong password is one that includes:

  • 6 or more characters
  • Letters numbers and symbols
  • At least one case change

When creating your passwords, make sure that they are both easy for you to remember and difficult for others to guess.  If your password contains two distinct words or proper names, make sure they are unrelated to one another. 

One strategy you can use to create a strong, memorable password is to use the first letter of every word in a popular saying (making at least one of the letters uppercase) and add a number plus a symbol to the end. For example, a strong password using the popular saying “Speak softly and carry a big stick” might be Ss&cabs13.

Once you’ve set a strong password, you should also take the following precautions:

  • Never use the same password for more than one of your main accounts: If you do, it could take just one security breach to compromise everything in all of your accounts.
  • Change your passwords regularly: The Commonwealth of Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) recommends that individuals change their passwords for access to personal information at least every 6 months.  A helpful tip for reminding yourself to do this is to use a recurring event such as a time to change your password (i.e. change your password every daylight savings time).

For any entity that employs and/or does business with Massachusetts residents, OCABR has passed our nation’s toughest ID theft law to date—Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 17.00).

Businesses must be fully compliant with the law by March 1, 2010. Is all your company’s personal information on Massachusetts residents encrypted and/or protected? Do you have a Written Information Security Plan in place?

These are just a few of the 201 CMR 17.00 requirements that must be met. Attend our  free webinar February 11th at 2 pm and in just 30 minutes you’ll know the answers to these questions plus so much more.

02/03/2010

New report from Attorney General sheds light on main health care cost driver in Massachusetts

Just last Friday, Massachusetts Attorney General Martha Coakley released a report pinpointing the main driver of the Commonwealth’s rapidly spiraling health care costs—the market clout of highest paid providers. Simply stated, Massachusetts insurance companies are paying certain doctors and hospitals significantly more than others for the same patient care.

Coakley’s year-long investigation leading up to this report revealed that a small group of roughly 10 hospitals statewide commanded anywhere from 10 to 100 percent higher payments than their competitors for similar work.

The study also found no evidence that this higher pay was due to better quality of patient care or treatment of more complex cases. In fact, the study revealed that:

  • Eight in 10 of the best paid hospitals in one insurer’s network were community hospitals. These hospitals tend to have less complex cases than teaching hospitals and also do not have the added cost of training future doctors.
  • One major teaching hospital that treats some of the Commonwealth’s sickest patients is paid significantly less than dozens of other hospitals that treat healthier patients.

Coakley’s team did discover that the hospitals commanding higher payments were able to do so because of market leverage from factors such as brand-name recognition and geographic isolation.

What the investigation has done:

At the end of the day, Coakley’s investigation had one major accomplishment. It shed light on the true cause of Massachusetts’ health care cost increases.  Over the past several years, it was revealed that provider rate increases, not higher patient utilization rates, were the main contributors to higher health care costs.

The Attorney General’s office will release the above as well as other related findings in a series of reports over the next several weeks.  From March 16 through the 31st, hearings will be held on the issue and state officials will ask hospitals, physicians, insurers, employers and consumer groups to testify on factors contributing to health care cost increases and what could be done to make health care affordable.

As the reports are released and hearings go under way, we’ll make certain to keep you up-to-date on all findings and developments you’ll need to know.

02/01/2010

What Identity Thieves Want

Identity theft is a huge and costly problem. In fact, it has recently surpassed drug trafficking as the number one crime in the nation and claims one new victim every 3 seconds.

Identity theft can happen to anyone and its results are devastating: stolen funds, a tarnished credit rating and obligations to pay off debt that isn’t even your own.

To keep from becoming victims of identity theft, all individuals should:

  • Keep sensitive personal information under wraps
  • Learn to recognize and put a stop to common identity theft strategies
  • Act quickly to limit damage

This blog post will focus on keeping sensitive personal information under wraps, and knowing what identity thieves want is a logical first step to keeping personal information safe. That’s because when you know what identity theft criminals want from you (and what they’d do with it) you’ll know exactly what personal details to keep safe and secure.

The following table shows you what common pieces of personal information identity theft criminals want and why they want it.

Type of Information Why ID theft criminals want it
Social Security Number (SSN) Your social security number uniquely identifies you for employment and credit purposes and serves as the gateway to all your financial information
Date of Birth Your date of birth (especially if used alongside your SSN) can be used by an ID theft criminal to verify your identity
Financial Account Numbers This includes bank account numbers and credit card numbers. ID theft criminals can use them to take money out of your accounts or make payments both over the phone and online.
Mother’s maiden name ID theft criminals want this information because it’s often used to verify an individual’s identity and authorize access to their financial information.
PIN numbers and passwords These allow access to banking, credit card and online accounts
Driver’s license number This number can be used by ID theft criminals to obtain a fraudulent ID

 

Starting March 1, 2010 The Commonwealth of Massachusetts Attorney General’s office will begin enforcing Regulation 201 CMR 17.00. The Regulation is designed to prevent identity theft and it’s the toughest identity theft law for businesses in our nation to date.

Is your company up to speed with compliance? Can you afford not to be?

Register to attend our free webinar February 11th at 2 pm and in just 30 minutes we’ll walk you through the necessary steps to get compliant and stay compliant.

 

Blog at WordPress.com.