Preventing Fraud and Identity Theft - Part Three
A sound data security plan to prevent fraud and identity theft is built on 5 key guidelines. Last month, we shared the second guideline and steps to ensuring the security of your client's and employee's information. This month, we present the next guideline you need for ensuring the security of your client's and employee's information. Smith Office Solutions wants you and your customers to be protected from these costly issues.
Guideline three: Protect the information that you keep - Electronic Security
Computer security isn't just the responsibility of your IT staff. Make sure you understand the vulnerabilities of your computer system, and follow the advice of experts in the field.
General Network Security
- Identify the computers or servers, where sensitive personal information is stored, and the connections to them, such as the Internet and wireless devices.
- Assess the vulnerability of each connection to commonly known or reasonably foreseeable attacks by running security software or having an independent professional conduct a full-scale security audit.
- It is a good idea not to store sensitive consumer data on any computer with an Internet connection unless it is necessary for conducting your business.
- Encrypt sensitive information that you send over the Internet. Consider encrypting sensitive information that is stored by the company, and e-mails that contain personally identifying information. Caution employees against transmitting sensitive personally identifying data such as Social Security numbers, passwords, or account information, via e-mail. Unencrypted email is not a secure way to transmit any information.
- Regularly run up-to-date anti-virus and anti-spyware programs on individual computers and on servers on your network.
- Consider restricting your employees' ability to download software. Software downloaded to devices that connect to your network (computers, smartphones, and tablets) could be used to distribute malware.
- Check the computers in your company to identify the operating system and services. If you find services that you don't need, disable them to prevent potential security problems. For example, if e-mail service or an Internet connection is not necessary on a certain computer, consider disabling those services on that computer to prevent unauthorized access.
- When you receive or transmit credit card information or other sensitive financial data, use Secure Sockets Layer (SSL) or another secure connection that protects the information in transit.
- Pay particular attention to the security of your web applications-the software used to give information to visitors to your website and to retrieve information from them. Web applications may be particularly vulnerable to a variety of hack attacks. Relatively simple defenses against these attacks are available from a variety of sources.
- Require employees to use "strong" passwords. Experts say the longer and more complex the password, the better. Because simple passwords can be guessed easily, employees should choose passwords with a mix of letters, numbers, and special characters. An employee's user name and password should be different, and require passwords to be changed frequently.
- Make it company policy to prohibit the sharing of passwords or posting them near their workstations.
- Use password-activated screen savers to lock employee computers after a period of inactivity.
- Lock out users who don't enter the correct password within a designated number of log-on attempts.
- Let employees know that IT will never call asking them to reveal their passwords, and these attempts are always fraudulent.
- When installing any new software, immediately change vendor-supplied default passwords to a more secure strong password.
- A firewall is software or hardware designed to block hackers from accessing your computer. Use a firewall to protect your computer while it is connected to the Internet. A properly configured firewall makes it tougher for hackers to locate your computer and get into your programs and files.
- Use settings to allow only trusted employees with a legitimate business need to access the network. Since the protection a firewall provides is only as effective as its access controls, review them periodically.
- If only some of the computers on your network store sensitive information, consider using additional firewalls to protect the computers with sensitive information.