As we mentioned last month, Charles Andrews, Director of Security and Investigations at First Data Corporation, spoke at a recent Energy Corridor District Security Meeting to educate guests on identity theft. From employee access to hackers taking advantage of security gaps, corporations are, of course, at a high risk for identity theft.
Whether cloning checks against the corporate account or using customer information, thieves seek information such as employer identification numbers, transaction information and passwords. All of the information corporations collect and store is subject to theft.
In cases of corporate identity theft, 70% of hacking occurs from inside the company. When evaluating your risk level, you should consider:
- Does your company allow the use of flash drives?
- Do you allow digital audio players and digital phone cameras on site?
- Do you have a policy for unprotected/unencrypted information leaving the work place?
- Does your company have a policy to monitor your data transfer processes?
- Do you track laptops and external drives?
Ways to help protect corporate information from identity theft include:
- Educating employees on identity theft awareness and prevention
- Clearly defining operating procedures and checking for the adherence to procedures (i.e. oral and written information handling, record disposal)
- Establishing customer relations policies regarding securing or providing information over the phone
- Restricting information access to “need to know” basis only
- Securing all sensitive information
- Utilizing a secure wireless network
- Shredding all documents with customer names and contact information
For more information on protecting yourself, your corporation and your customers from identity theft, visit www.idtheftcenter.org