October 30, 2014

Trick or Treat? Don't Give Identity Thieves a Choice

All businesses, regardless of size, across all industries are targets for information thieves, and no one knows when or how they’re going to appear – or what costumes they might wear.

It may be a malicious attack online or the identity thief may show up in the office lobby pretending to be making a delivery. Insider threats or errors occur too, such as leaving documents in a taxi – and having them stolen that way.

According to the Identity Theft Resource Center, there have been a reported 4800 breaches since January 2005, and over 669 million records containing personal information have been stolen.

Attackers are mainly looking for payment and bank data, and user credentials, says the 2014 Data Breach Investigations Report by Verizon.

These breaches are costly. The 2014 Cost of Data Breach Study sponsored by IBM, showed that the average cost to a company was $3.5 million; reputation usually takes a huge hit too.   

When it comes to information security, there’s no one-size-fits-all approach. Industry experts recommend having as many asset protection strategies as possible ranging from technology that identifies malicious motives to employee work habits that help reduce data breach risk. 

Trick or treat? Here’s what identity thieves should find when they come knocking.

  • Pro-active security awareness. A serious approach to information security includes a comprehensive policy and a CISO (Chief Information Security Officer). With a corporate culture of security, a company is always on alert for suspicious activities.
  • Trained employees. Employees who understand security awareness are a company’s most important defense against information thieves. On-going security training will equip them with the skills to recognize signs of an attack and know what to do if one occurs. The Verizon report noted that hacks were discovered more often by inside employees than by outsiders. Trained employees are also more conscious of protecting confidential information in – and out – of the workplace.
  • Data protection – wherever it resides. A thorough document management process keeps track of all confidential data from creation to disposal. Employee access to information is monitored and limited to need-to-know.  
  • Network protection. Firewalls, encryption software, and other computer protection programs safeguard confidential information that is stored and transmitted on company computers. The Verizon report outlined hacking, data-exporting malware, phishing, RAM scrapers, and backdoor viruses as the top five threats. It recommends a well-configured IT environment to patch promptly too.
  • Secured devices and documents. Password protection and two-factor authentication protect all electronic devices. Paper documents and backup drives are stored in locked cabinets and in locked rooms with limited access.
  • Safe facilities. The office has physical safeguards such as employee ID badges, visitor sign-in, a Clean Desk Policy, and secure disposal. Criminals will tamper with computers or payment terminals or steal boxes of printouts, according to the Verizon report.
  • Secure document destruction. Whether documents are in paper or e-media form, shredding companies securely destroy them at the end of their lifecycle. Speak to your paper shredding service about hard drive destruction services too.

Learn more about secure document shredding and how to ensure you're business stays free from "tricks" this Halloween season.