Imagine finding thousands of dollars worth of charges on your credit card. Or worse – imagine not getting the bill and having the charges affect your credit rating. We could keep going with progressively worse scenarios, but the point is that data and identity theft is a serious problem.
We interviewed two data security experts on this important topic.
Part One – Dave Bull, Secure Computing
Part Two – Wasim Ahmad, Voltage Security
Second is an interview with Wasim Ahmad, VP Voltage Security
Is there really a problem with identity theft? We hear about the high profile cases in the news, but maybe there’s not much theft happening.
Wouldn’t that be great! Identity theft is the fastest growing crime in the US for the seventh year in a row. Criminals are very innovative about how they steal identities, and have shifted from trying to amass lots of credit card numbers and identities to focusing on high net worth individuals – where just one successful hit can provide a windfall.
Maybe this is only an issue for very large companies as they present big targets.
Identity thieves are profiling companies more aggressively, looking for companies with target rich data – this means that even smaller companies are targets if they hold onto customer records. Of course small businesses are also targets of identity theft themselves, as they typically do a lot of things online.
Beyond anti-virus software, firewalls (server and client), and some other security tools, is there more needed?
It is important to have multiple layers of security to make sure that the likelihood of a data breach is reduced e.g. software that restricts access to your network. However the only true defense against a data breach is to either (a) not store information like credit card numbers and social security numbers or (b) make sure that they are encrypted in such a way that a thief cannot get hold of the real numbers. Many small businesses use packaged applications or on demand hosted applications which may store customer data, but also lying around the office you will find spreadsheets, word documents, etc. that contain sensitive customer and employee data – these need to be protected too. Some people recommend encrypting the hard drive of a computer, but frankly these types of documents don’t stay on a hard drive, they get moved around, put on USB devices, emailed, the list goes on. So the best approach is really to make sure these critical documents are encrypted so that wherever they go they remain protected.
What role does simple, human vigilance play?
Having good processes is important, but there is the human factor – humans make mistakes. New legislation going into force on November 1, known as the Identity Theft Red Flags Act, requires companies (of all sizes) to put in place a proactive plan to prevent identity theft – in particular watching for things like changes to a customer address. It’s follow through on these types of plans that will make identity theft a little harder – making things harder for identity thieves makes them go away and look for easier targets.
What are some basic and then more complex solutions smaller businesses can use to protect themselves?
Use a file or document encryption solution to protect documents, use common sense safeguards for passwords – don’t write them down underneath the keyboard.
What role does the local solution provider play? Should one hire a security expert vs. a generalist?
Yes a solution provider that understands your business can help you identify the risks – once you know that you can look for reasonable ways to reduce those risks for you and your customers.