Identity theft is one of the fastest-growing types of criminal activity. It is usually easy to perform, almost impossible to catch the criminals who engage in it, and penalties for stealing data are relatively light. When security breaches do occur, the organization that maintained the stolen data is responsible for notifying the victims, and the costs can be exorbitant.
Establishing adequate security procedures and following them are critical to protecting your organization from identity theft. Here are several steps to take that will enhance your data security and help prevent identity theft.
Perform a thorough security audit. It is important to have an independent firm conduct a security audit of your network and procedures. Using an independent firm will help you avoid having the results affected by opinions or needs of internal management or staff. An objective audit that focuses on improving data security is a good first step in the loss avoidance/data protection process.
Encrypt all laptop hard drives. An encrypted hard drive requires a key to access the data stored on it. If the hard drive is lost or stolen, it’s of no use to potential data thieves, because they don’t have the required key.
Adopt an acceptable use policy and provide employee training. When employees use the Internet to access websites, this can compromise your data by allowing potential access to hackers and viruses. Another area of risk is the use of personal computers on the corporate network, or attaching outside devices such as thumb drives or removable hard drives. A thorough acceptable use policy will help minimize the potential threat of these activities.
Control and restrict user access to sensitive information. A clear policy that restricts user access to sensitive data is vital to protecting your organization from data theft. A security auditor will review this policy for you and verify that there are adequate procedures in place to implement the policy.
Designate someone as Information Security Officer. Having a central point of contact for data security issues will provide your organization with accountability for taking the necessary steps to implement data security procedures. This person doesn’t necessarily need to be technically oriented, but rather is simply responsible for driving the compliance initiatives.
Maintain “layered security.” Layered security uses increasing levels of authorization to access more secure data. Users who do not have a need to see sensitive data will have the lowest level of authorization, while users who need access, such as human resources, will need higher levels of authorization. Users who do not need physical access to server equipment should not have it.
Begin asking questions about security. False assumptions are often made about security, and simply asking questions often reveals large areas of risk that are easily mitigate.
Taking these basic steps to create a more secure network will substantially reduce your organization's risk exposure and will minimize the chances you have to pay the exorbitant costs associated with identity theft and data loss.