|
|
|
Last Updated: Nov 17th, 2008 - 12:30:30 |
Computers with Feet...
So, after a long hiatus, and a little r
and r time, I'm back. And it would be nice to say that "all's quiet on
the western front" but, no, quiet is not how I'd describe it. Rather
than go into minute detail of each and every one of the breaches
(UMass, Central Connecticut State, University of Colorado, ID problems
(Chrysler Financial) and stolen computer equipment that's happened
(like at Staten Island University Hospital or bigger still,
CollegeInvests missing drive.) I thought I'd begin writing about HOW
some of this could be prevented.
We all know that hackers are
getting more and more sophisticated. So intrusion detection systems
are supposed to be keeping up. And for the most part, I suppose THEY
are. Now how about the average company??? ARE THEY? The most
sophisticated system only works if it is in place and USED. So my first
suggestion is this: Get a Security Audit. Make sure you don't have
"weak" spots, and be sure that you don't have open entryways - they'll
sink you. Use the most up to date firewalls, use the latest detection
software. Require users be trained and tested on all the security
measures. And that brings me to the next suggestion.
Know your
employees. No, not Bob's wife and kids, but know Bob's background. The
Florida car dealer whose employee stole 200 social security numbers off
of contracts might not have hired her IF they had known she had an
outstanding warrant in Georgia for ID Theft - of the same type!!
(DealersEdge magazine sent that tidbit along!) The same could be said
of the employee who stole credit account information, while working at
a bill processing group - and had been arrested for a similar crime
before. If your employees are handling personal information at all
(even in passing!) do a background check before you hire them! At the
very least, look for prior convictions or outstanding warrants.
And
then, (step 3, for those of you counting!) MONITOR them. Like the
hospital employees who peeked at Britney Spears medical files, KNOW
what they're looking at and WHY. Have multiple levels of security to
prevent more access than is necessary to get the job done. Watch what
gets printed, watch what goes in and out. Monitor email. I know, I hate
big brother as much as anyone -- but three times now, I've been
affected by this nonsense, so I'm mad!
After you do all of
those things, (step four!) Make your employees your eyes and ears. For
instance, in several of the "skimming" instances, employees did NOT
recognize the people "installing new equipment" but no one asked for
ID, checked with the regional office or any other basic check. (Would
you let someone in your home you didn't know just because they were
"here to install new equipment"??) Have a system in place that makes
employees aware of WHEN upgrades will happen and who will be
responsible for them. If a contractor is involved, make them where ID
badges. Make them have contact information, ask them questions. If you
have doubts, call someone and ASK. Vigilance goes a long way.
And,
now, dealing with equipment. LOCK IT UP. If you have flash drives, get
floor safes. Get locking cables. Lock desks, lock offices, require
keycard access. If you are dealing with lots of sensitive data, make
handprints required to access the building. (Especially weekends - many
of these computers and drives seem to disappear over weekends or late
in the night.) Laptops should be guarded. Don't leave them in a car.
And when they're at home, PAY ATTENTION. Put it away if you're leaving.
And
last, it might be time for the government to step in and make the
purchase of some of these skimming devices more complicated. For $500
bucks, anyone can buy a card duplicator off the internet, and start
capturing and duplicating credit cards. Should this really be that
easy??? Personal information is a hot commodity and people want it.
Should we not make it a little more difficult to get?? Not that I'm
asking for new laws (kind of think we're overgovernmented, but that's
another topic.) but what I am demanding is that I be protected. People
want my information, make them respect it and take care of it.
Not bad for a first blog in the new quarter eh? Those little drinks with umbrellas really do wonders for you!
© EsignPortal Website Design: Copyright 2008 by Orion Systems, Inc. All other material are or may be copyright protected by their respective owners.
Top of Page
|
|
|
|
