In 2017, fitness club identity theft was considered the top 10 most common identity theft complaints in the U.S. There were 4,152 specific complaints, a 43% increase compared to 2016.
According to statistics in the Consumer Sentinel Network Data Book 2017 compiled by the Federal Trade Commission, identity theft accounted for 13.7% or 371,000 of the 2.7 million consumer reports about marketplace problems received by different government agencies.
During a member sign-up, we usually collect and store a lot of personal data.
7 Risks of Identity Theft in the Auto Industry
Leaving confidential papers out on a desk or counter makes it easily accessible for anyone to simply steal the information - increasing the risk of a data breach.
Solution: A CLEAN DESK POLICY directs everyone to keep their workplace tidy and to be aware of confidential data they handle. Lock important documents inside a desk or file cabinet. Or at the end of every transaction, the contract and sales receipt should be placed in a locked drop box. Remember a drop box is only as good as it’s lock. So, it is a good idea to spend the money on a decent drop box safe which costs under $200.00 USD on sites such as eBay or Amazon.
Visual Hacking is when someone discreetly uses a smartphone to take a screenshot of confidential information or memorizes what they see. This can happen in an office when a salesperson wanders away from their desk.
Solution: Provide privacy filters for desktop monitors, laptops, tablets, and smartphones. Do not save passwords, etc., on Post-it notes. Depending on the size your fitness center, your computers should all automatically shut off after not being used or most centers are moving to tablet based system to avoid issues like this all together. At the end of the transaction the only paper that is moved is the one that comes out of a wireless printer that should sit on a desk close to the member. This way the member can grab their documents and your salesperson no longer even should have access to their information.
Risky Workspace Layout
Where are the photocopying / garbage / recycling located in the fitness center? These are typical areas where confidential papers can be left behind. And one of the first places criminals look for information. A higher end shredder should be in a specific area and the information should immediately be shredded. On Amazon Basics, for $150 – you can purchase a shredder with a one-year warranty that will take up to twenty pages at a time and turn them into confetti. The old school shredders should immediately be replaced. They are a false sense of security. If you are not turning personal information into confetti at this time you are risking everything.
Solution: Photocopiers should be in an employee-only area, and open paper recycling bins should be replaced by locked consoles. An employee-only area should have an inexpensive electronic magnet that logs people in and out.
Although Shredding companies will make you think you need them – you do not. You just need a hi-end shredder. And as mentioned previously for about $150.00 you can purchase an Amazon Basics shredder that turns up to 20 pages of paper into confetti. The shredder will work for 30 minutes until it needs to cool down for 4 hours. The next step up is about $500.00 which will do the same job a “secure shredding company” will do but without the excessive cost AND if you look at You Tube; any shredding company has many weaknesses.
Do not think that partnering with an outside shredding service that uses industrial grade cross-cut shredding equipment is any better then just buying a commercial shredder and doing it yourself. Plus, their claims of “chain of custody” have been proven completely inaccurate.
Online Phishing Scams
Phishing scams try to trick the end user into logging into a fraudulent system (or download malware.)
Solution: On-going education should teach employees about online scams and information security best practices.
Fitness Club Insiders
An auto dealership’s own employees can be one of the biggest risk factors. Employee error is a common cause of data breaches, and there’s also a fraud risk that comes with hiring unvetted employees.
Solution: Create a culture of security in the workplace including best practices reminders. The hiring process should include background checks.
Technology in the workplace dates quickly. Especially if it is stockpiled, can increase a fitness club’s vulnerability to attack.