Beware Charity Fraud in Wake of Katrina [more...]

Lessons in Due Diligence in Background Checks [more...]

Security Officers Could Soon Face Licensing Regulations in California [more...]

Mandatory Notification Becoming Standard in Data Breaches [more...]

"Spear Phishing:" the Latest Device of Online Criminals [more...]

Air Travel Health Tips [more...]

Even in the days following the disaster, it is apparent that the relief being provided by public and private contributors will be on a larger scale than any relief effort in history. Unfortunately, charity fraud knows no bounds and will surely attempt to take advantage of the devastation created by Hurricane Katrina. Charity fraud is the solicitation of donations by a con artist purporting to represent a real or fake charitable organization. Here are some tips to make sure that your donations support the worthwhile cause you intended them to:

• Donate to recognized charities you have given to before. Watch out for charities that have sprung up overnight. They may be well-meaning, but lack the infrastructure to provide assistance. And be wary of charities with names that sound like familiar, or nationally known organizations. Some phony charities use names that sound or look like those of respected, legitimate organizations.
• Give directly to the charity, not the solicitors for the charity. That's because solicitors take a portion of the proceeds to cover their costs, which leaves less for victim assistance.
• Do not give out personal or financial information - this includes your Social Security number or credit card and bank account numbers - to anyone who solicits a contribution from you. Scam artists use this information to commit fraud against you.
• Check out any charities before you donate. Contact the Better Business Bureau's Wise Giving Alliance at www.give.org.
• Don't give or send cash. For security and tax record purposes, contribute by check or credit card. Write the official name of the charity on your check. You can contribute safely online through national charities like www.redcross.org/donate.
• Ask for identification if you're approached in person. Many states require paid fund-raisers to identify themselves as such and to name the charity for which they're soliciting.

In August of 2005, 130 custodians in the Chicago Public School (CPS) system were terminated based on information revealed through more diligent background checks than the original checks that took place upon their hire. CPS contracted three private firms to provide their janitorial service workers and relied on those firms to conduct appropriate screening of their applicants. After CPS conducted tougher checks, it was discovered that those 130 custodians had either lied on their application or had a felony conviction they neglected to report.

Many organizations trust (and pay!) outside sources to conduct their pre-employment screening and, in fact, there are a lot of good reasons to do so. However, as the Chicago Public School system learned, some precautions must be taken to avoid the potential liability associated with negligent hiring. Employers run the risk of sabotaging their objectives in conducting background checks for prospective employees when they fail to prioritize the selection of their third party employment service.

Important things to remember when you are considering outsourcing your background screening services for employment purposes:

• Resist the Urge to Pinch Pennies: The costs associated with background screening are minimal when weighed against the potential costs associated with a negligent hiring or a failure to hire lawsuit against your organization. One bad hire can mean more than monetary losses-the organization's integrity and reputation are also at stake, potentially causing further damage to the bottom line.
• Prioritize Selection: Employers have the obligation to abide by the law with regard to all employment practices, including screening. Selecting the right service is critical. Any credible screening service will guarantee their practices (effectively yours when you contract them) are compliant with all applicable federal and state regulations. And don't forget to check out references!
• Avoid Arbitrary Investigations: Establish clear internal protocols governing which applicants you screen. It is inappropriate to "pick and choose" which applicants are screened based on arbitrary, speculative assumptions and suspicions. You might find yourself in legal trouble if your processes appear random.

Although two similar bills have been voted down in previous years, a new California bill, pending law makers' approval, could soon require security officers to meet state licensing and training requirements. If such legislation passes, California would be the first state to regulate both proprietary security officers and those employed by contract security companies. Currently, California has over 400,000 security officers. According to Jeff Flint, executive director of the California Association of Licensed Security Agencies, Guards and Associates, such regulation centers largely on public safety and particularly the distinction of legitimate security officers and those that are spurious. Flint further purports, "It raises the esteem of this profession in the minds of the public to know that anyone working in a uniform in a public safety position is not a criminal." Supporters of the bill assert security officers are looked upon by the general public as safety figures, and as such, there needs to be uniform procedures put in place to ensure that every security officer has the proper training and, furthermore, has cleared a background check.

Currently, the Bureau of Security and Investigative Services only regulates security officers employed by a third-party firm and not personnel working for a private corporation. Should the bill pass, an estimated 200,000 additional security officers working in the state would fall under this proposed law. Unlike other states, California has boosted its training requirements for security officers to 40 hours from a minimum of eight. Furthermore, California is one of only a few states that do not issue temporary licenses for new hires prior to the completion of both state and federal criminal background checks.

New York recently became the latest state to enact laws that require businesses and state government agencies to notify customers if their information has been compromised in a data security breach. As many as 20 other states have proposed similar legislation to be enacted in the next several months.

Recent high profile data security breaches, such as those at Lexis Nexis, ChoicePoint, and PayMaxx (a payroll processor that inadvertently made some of its customers' W-2 forms available on the Internet) have caused the federal government to scramble together legislation in an effort to protect victims. California became the first state to create such laws in 2003, and many states have been following suit ever since. The concept of mandatory notification creates a new thread in the ever-growing realm of compliance and regulations.

We've all received emails asking for our participation in obtaining large sums of foreign money from distant relatives, or from banks asking us to confirm our account information or PIN numbers. But when we get an email from an executive from our own company, we pay attention to it, especially if it appears legitimate. Not so fast.

Online criminals, in an attempt to stay one step ahead of online security, are now posing as executives or individuals with authority from corporations or government agencies, sending emails to unwitting employees that ask for sensitive information or passwords. Once access is gained, the "spear phishers" can install Trojan horse software or other types of malicious codes that can extract compromising information from those systems. What's more, the sources of the attacks are very difficult to trace, although many attacks seem to be originating from the Far East, according to the United Kingdom's National Infrastructure Security Co-Ordination Center.

What makes the attacks so effective is the trust that is engendered from positions of authority. If you receive an email or communication that doesn't seem right, consult with your IT department or check with the source itself - you just might be saving your organization from being "spear fished."

Ever get off the plane and been convinced that you've caught a cold? There are some things that you can do during the flight to reduce the health risks associated with flying. First of all, just getting on a plane increases your exposure to bacteria and viruses, due to the close quarters. Try to wash your hands often, try to keep a travel-size disinfectant handy, and if you're really concerned about the air you can invest in a 3M N95 mask, which sells for about a dollar and screens out 95% of airborne particles. Secondly, bring your own water. The water in the sinks and galleys of planes has been known to contain E. coli, among other things. Next, taking a decongestant can help clear your nasal passages so that pressure doesn't build up - your eardrums are already under assault from the changes in air pressure. Lastly, dress comfortably and remember to move around during the flight. Sitting in one position for too long can be harmful. Unfortunately, one apparent constant in air travel is the food we are exposed to. Our advice on airplane food: go with your gut.