Opinion: Current levels of identity theft are inexcusable

Powered by SC Magazine
 

Any IT chief worth their salt knows how to combat data theft, so why is it still so common, asks Ian Schenkel.

With all the noise about the PCI DSS payment card security standard and the importance of protecting data, you might think the situation is under control or at least being addressed seriously.

But potentially hundreds of thousands of records containing personally identifiable information (PII) are still at risk, stored unencrypted and unprotected in databases not subject to PCI DSS compliance. HR databases are a perfect example.

It is ridiculous that PII is being exposed time after time. We know how to solve this problem ­ education combined with good data protection policies and processes.

One of the positive steps a company can take is to institute security awareness training. Ensure that everyone understands how to identify confidential information, the importance of protecting data, how to choose and use passwords, acceptable use of system resources, email, and the firm’s security policies and procedures. Enforce policies with role-based access and auditing.

Security policies should evolve with the times. Consider instituting a weekly meeting with senior managers to talk about data security and regulatory concerns. Look at the data security tools firms use, what threats are out there, and consider what policies the company may need to enact to deal with these issues. Risk analysis should be performed to determine which assets need the most stringent security. And employees’ PII data should be included in security policies.

Data security regulations tend to deal with specific issues rather than addressing the entire network and applications. A system can pass a regulatory audit and still harbour security problems. Work towards comprehensive security rather than simple compliance with regulations.

Data storage guidelines are vague at best and often overlooked or ignored. Data security regulations need to be tightened and strictly enforced if we have any hope of stamping out identity theft.

Ian Schenkel is a BCS contributor, and vice president at Protegrity.

Copyright © 2010 Computing


Opinion: Current levels of identity theft are inexcusable
 
 
 
Top Stories
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
A call for timely reporting
[Blog post] Businesses need incentives to keep customer data secure.
 
Doubts cast on Queensland's ICT Dashboard
Opposition, former Govt CIO say it can't be trusted.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  26%
 
Application integration concerns
  3%
 
Security and compliance concerns
  29%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  23%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 837

Vote