Bruce Pharr is director of marketing for Covelight Systems

- Develop secure web applications: Follow best practices in web application development, as represented by the Open Web Application Security Project (OWASP).
- Check identities and backgrounds before authorizing access: The Identity Theft Assistance Center is one resource where members can quickly check application information against a database of known identity thefts.
- Institute strong authentication procedures: Strong authentication, such as a PIN token, a smart card calculator or another soft mechanism, makes fraudulent access more difficult, but not impossible.
- Monitor and compare user activity to detect suspicious behavior: Strong authentication is not sufficient to protect sensitive customer information, especially from employees and other authenticated users who may succumb to the temptation of theft or malicious conduct.
- Develop a comprehensive incident response plan: There is no absolute means by which an incident can be prevented. Therefore, it is imperative that companies develop appropriate incident response plans, including remediation and communication strategies.