Why Your Business Requires Security

The States and Federal Identity Theft and Privacy Protection Laws now require businesses, agencies and organizations of all sizes to protect all personal information they store, and report to all their customers whenever a breach occurs. The financial ramifications after having a data breach can be very substantial to both present and future business. In some many cases a company never does recover from a breach and is forced to close down. Currently, the average cost on a company is $3.7M per incident.

Archive for Employee Security

Jan
14

Preventing Physical Identity Theft

Posted by: | Comments Comments Off on Preventing Physical Identity Theft

Source: Online Identity Theft Protection for Dummies by Dovell Bonnett

“Online Identity Theft Protection for Dummies” was written by Access Smart’s CEO Dovell Bonnett to teach companies and individuals best practices for protection against online identity theft. Physical identity theft occurs when thieves come in close contact with their victims or the information they’re stealing. for example, Thieves may engage in dumpster diving, where they look through garbage, or literally dumpsters. to find papers with account numbers, addresses, name of family members, Social Security Numbers, drivers license numbers, or anything else that identified an individual.

Are you sure you shredded last year’s bank statements? How about all that junk mail you tossed – no credit card offers in there, where there? If you are responsible for a corporate or small company, how likely is your administrative staff to shred or archive – NOT toss – sensitive documents?

Thieves will steal outgoing or incoming mail from your mailbox. They may also call you on the phone and pose as a company representative who needs to update their company’s files. If this happens, insist on returning their call and see how quickly they hang up on you!

You don’t even have to be the thief’s direct target when it comes to them trying to get to your information. They may go to a neighbor, friend, spouse, child, employer, or even pose as another company to get the information they seek.

The following is a list of other ways to for someone to physically steal your identity:

  • Card skimming. Using a storage device to record your credit card or ATM magnetic stripe. When you hand your credit card to someone (think waiters) who then takes it away to process, it has now left your control and you have no idea what is actually being done with it while it is out of your possession.
  • Computer theft. Stealing laptop or desktop computers with unprotected files has been active in the news, especially for companies and medical professionals. Individuals also store unprotected bank records, old electronic tax returns, stock portfolios, and other account information on their computers’ hard drives.
  • Desktop snooping. The thief literally sits at your desk and rummages around looking for notes, sticky notes, pieces of paper, books, or anywhere you may have jotted down your passwords. So what is under your desk pad? Or on that sticky note in your top drawer?
  • Dumpster diving. A person goes through another person’s or company’s trash looking for documents, cancelled checks, bank statements, employee records, addresses, pre-approved credit card applications and so much more.
  • Fake ATM’s. What looks like an actual ATM machine is in reality a computer that record your PIN, copy all your magnetic stripe material, and then give the card back stating that the network is busy or out of service. The user then takes his/her card back and thanks nothing of it as he travels down the road looking for a working ATM.
  • Filing a “Change of Address: form. The thief contacts a bank, post office, or utility company to put n a change of address request. This diverts your mail or statements to a new address that allows the thief access to your personal informaition until you actually realize that you are not getting your statements.
  • Home/office burglary. Thieves break into a house or office to steal important papers, files and computers along with the easy to sell electronics, cash and jewelry. By making it look like a normal burglary, the identity thieves are obscuring the true purpose of the break-in, which is to obtain your personal identifying information.
  • Postal mail theft. Stealing outgoing or incoming mail from a street-side mailbox. That red flat sticking up signaling that mail is in the box is not just letting your postal carrier know that there is mail in there. You are also letting thieve know that you are probably paying bills and they now have access to account numbers and your checking info if you are paying by check.
  • Over-the-shoulder-surfing. Someone you know looks over your should while you type a password. This can be coworkers, friends and family members.
  • Phone pretexting. Someone will call pretending to be from a legitimate company claiming that they need to update their records. Most people, recognizing that they do indeed do business with this company will give out their personal information without hesitation. Again, insist on calling them back.
  • Purse and wallet theft. Pick pockets and purse snatchers are as active as ever due to all the important personal information that we keep in our wallets and purses. It is a very BAD idea to keep your Social Security card in your wallet!
  • Social engineering attacks. Posing as a landlord, employer, or someone else who has legal, authorized access to your personal information. People all to often give out personal information to someone who looks authoritative and legitimate.

People are becoming increasingly aware of how physical identify theft occurs and are taking precautions such as shredding bills and other documents, renting post office box rather than leaving their mail at the curb and refusing to engage with telemarketers.  As a result, identity thieves are looking for, and finding, other ways to obtain your personal information.  The targets now are your computer, zip drives and of course, the internet.

For more information about how to safeguard your critical information, please order your FREE copy of Online Identity Theft Protection for Dummies.

Comments Comments Off on Preventing Physical Identity Theft
Jan
12

Corporate Network Security Technology Comparison

Posted by: | Comments Comments Off on Corporate Network Security Technology Comparison

A few years ago, many of us had only a few passwords to remember. Today, we have dozens. Corporate networks have become virtually impossible to use today without passwords. On top of this, “IT’s best security practice” requires that employees change passwords frequently and use long, complex passwords. Unfortunately, this has encouraged poor password management habits that lead to security breaches, privacy violations and huge fines.

IT managers have a host of secure, authentication technologies available to safeguard corporate networks. Alongside Smartcard-based Password Managers are One-Time Password (OTP), Certificate-based Logon (PKI), and server-based Single Sign-On (SSO) all targeted to solve the “password problems”. Read More→

Comments Comments Off on Corporate Network Security Technology Comparison
Jan
11

2012 – The Year of Cyber Espionage?

Posted by: | Comments Comments Off on 2012 – The Year of Cyber Espionage?

Lucian Constantin’s recent article “Expect more cyber-espionage, sophisticated malware in ’12, experts say” states that cyber-attacks in 2012 will increase with more sophisticated malware. Certainly companies like MicroTrend, Symantec and others have their work cut out for them to eradicate these attacks once they are launched. But taking a step back, the question arises as to how malware is first getting into the networks.

Answer: employee’s carelessness.

Using social engineering attacks are still the best and cheapest way to distribute malware. Spam emails, phishing, spearfishing, etc., all utilize attachments that can hide the malware. It still is amazing that such an and old and simple method is still the most effective. An according to some experts, educating the employees about information security is a waste of time. I disagree since even if one person is helping by being educated and aware it is better than having none. But education alone is not the solution.

Technology applications, networks and operating systems have to incorporate security as one of their key design components. Stop the patching and all the backward compatibility design concerns and start create an entirely new OS from scratch. We don’t run DOS and Windows 98 anymore.

Software applications also need to incorporate high security standards like integration with multi-factor credentials. Using a smartcard that first authenticates the user to the card, then the card to the computer, then authenticates the card and server to each other, and finishes up with the user to the application can greatly improve a company’s security.

Public cloud services are still scary at best. Do you really know how and where your data is being stored? Plus, when some of the biggest public cloud companies are “sidestepping security” with protection clauses in their contracts should tell you something. Private clouds can have more security safeguards but it requires knowledgeable people to build and manage.

Security is only as strong as the weakest link and that link is the employee. I would wager that majority of the employee caused breaches are done through carelessness. Employees have to get their jobs done and will often circumvent security protocols so as to increase convenience and efficiencies. That is why any security plan has to take into account the user. Otherwise, corporate officers are lulled into a false sense of security. A 25-character random password that has to be changed every 7 days is super security but don’t be surprised when there is an increase in Post-it Note supplies because these passwords simply cannot be memorized by most employees.

Power LogOn® by Access Smart® has been delivering multi-factor authentication, smartcard-based password management solutions for years. Users are able to store multiple passwords on a single smart card, no passwords are ever stored with in a computer that others can access our hack, and when the card is removed from the computer no critical logon data is left behind on the computer. If the card is lost or stolen all the passwords are protect because the card authentication includes a limited number of false entries before it is locked and needs IT assistance. From the users perspective a lost card is easily recoverable without having to change all your passwords.

Power LogOn – The Password Manager Solution  by Access Smart

Users passwords need to be de-centralized and always in the possession of the user. Power LogOn is being used by individuals, small businesses, and large enterprises. So don’t wait for Windows 8 to think you can securely manage your passwords. Implement today and protect your data. Complex passwords are recognized as the way to secure accounts. Power LogOn allows businesses to securely manage all those passwords and for IT to be put back in control of logon security.

Comments Comments Off on 2012 – The Year of Cyber Espionage?
Jan
10

Protect Your Physical Data From Thieves

Posted by: | Comments Comments Off on Protect Your Physical Data From Thieves

How to Protect Your Physical Data From Thieves by Dovell BonnettWe are constantly hearing about cyber threats to our online security, and I think it is a sure bet that we can expect it to continue to happen. And while it is VERY important to be as educated about online security as possible (consider this an ongoing education, by the way!), you should also be very aware of how thieves can gain access to your physical data.

The theft of sensitive information from companies can happen in two ways: physical data breaches or online breaches of security. Physical identity theft refers to cases where the identity thief needs to get in close to their targets or to the information they are trying to obtain. Read More→

Comments Comments Off on Protect Your Physical Data From Thieves
Jan
05

How To Create Strong Passwords

Posted by: | Comments Comments Off on How To Create Strong Passwords

Passwords are the foundation for computer, network and SaaS (Cloud) authentication. One has to create strong passwords to be the vanguard. The more complex you make your passwords, the safer your data becomes. Unfortunately, complex passwords and a frequent change policy are often met with resistance, causing employees to circumvent good security policy for convenience. Every organization needs a secure Password Manager. Microsoft Gold Certified Partner Uniblue recently posted the following article on password security. Read More→

Comments Comments Off on How To Create Strong Passwords
FLEXCAP
SiteLock