[BreachExchange] 6 Tips to Protect Your Business from Identity Theft

Fri Dec 8 16:10:00 EST 2017

http://www.strategydriven.com/2017/12/06/6-tips-to-protect-
your-business-from-identity-theft/

Identity theft is becoming an increasing concern for people, with major
data breaches becoming a normal part of our daily news cycle. In fact, it
is safe to say that your information is probably somewhere out in the void,
just waiting for somebody to pick it up and start using it. This is not an
exaggeration, this is just the unfortunate reality we have to deal with
today.

As a business owner, you are most likely to be targeted by potential
identity thieves not as an individual, but as a source. Your databases can
be breached leaving all of your customers vulnerable, and putting your face
on the news in a way you never wanted. To help protect your business from
being targeted for identity theft, we offer six easy solutions to safeguard
your company and your customers.

Secure Your Computer Infrastructure

Having a strong firewall and running anti-virus on a regular basis will
save your company potential damage. There is an endless arms race running
between security companies and hackers every second, and patches to
anti-virus software are the only way for us to keep up. Failing to update
your anti-virus is like refusing to cancel a lost credit card: you’re just
asking for somebody to steal from you.

Change Passwords Regularly

Breaking into an account takes time, but it can be done. If you have been
using the same password for the past five years that is more than enough
time for somebody to have used brute force to figure out what it is. Adopt
a policy of changing passwords at least once every three months, and do not
use the same password in more than one place. This will foil brute force
attempts to steal information. Require the same routine of your staff as
well!

Compartmentalizing Customer Information

The information of your customers should remain on a need-to-know basis at
all times. Identity thieves will often exploit your staff to attempt to
pull customer information from them. Ensure that your staff only has the
bare minimum customer information they need to do their job: they can’t
reveal what they don’t know after all. Using identity verification
techniques that minimize the exposure of confidential information ensures
that the cause of identity theft is not somebody who works for you.
Third-party identity verification services such as Cognito can help limit
exposure to sensitive information.

Use Dedicated Devices

Do not let employees use their own devices for work related purposes. While
employees mean well, their personal devices could be compromised in ways
you cannot account for. So, make sure you have a clear distinction between
work devices and personal devices. If an employee needs to work from home,
the best option is to provide a device for them to use for work. At work,
having a dedicated terminal for sensitive functions (like banking) will
limit that terminal’s exposure to viruses and other ways to compromise it.

Educate Your Employees

The weakest link in any security arrangement is the human link. Educating
your employees on proper security protocols can help reduce your business’s
risk. Education is not perfect, but instilling a culture of good security
practices will go a long way towards safeguarding your employees and
customers from theft.

Insurance

If all else fails – making sure you have good insurance will protect your
business from the fallout. No matter how much you work to protect your
customers, a few will inevitably fall through the cracks. Having insurance
will allow you to make it right with your customers without destroying your
business.

Protect Your Customers, Protect Your Business

Remember that identity theft is, for the most part, preventable. While you
cannot do anything about other companies that fail in their obligations,
you can do something about your business. Following these steps will
protect both yourself and your customers from the perils of identity theft
and fraud.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171208/9fb33bb0/attachment.html>