The prevalence of identity theft continues to grow despite increased awareness among computer users. As fast as security experts are able to develop tools to protect information systems and users, hackers continue to discover new exploits.
The Federal Trade Commission’s annual study reported that 12.6 million Americans fell victim to identity theft in 2012. This resulted in a total loss of almost $10 billion from related fraudulent activity. Companies have a fiduciary duty to protect not only their customers’ personal information, but their employees’ personal information also. The best defense against current and future exploits is to develop strong policies that will encourage your users to take a stand against identity theft.
Implement a Strong Password Policy
One of the most important steps to preventing unauthorized access to your information systems, employee accounts, or customer information is to tighten up your password policy. Too many users have become lax in creating strong passwords; therefore, it is the administrator’s responsibility to take charge.
- At a minimum, be at least eight characters that include three of the following four requirements:
- Lower case
- Upper Case
- Special characters
- Not be obvious to others
- Never be shared
- Be changed every 30, 60, or 180 days depending upon the nature of information being protected
- Changed passwords should not match previously used passwords
Instead of using passwords, there has been a trend toward using passphrases, which can be a more interesting process for users. A passphrase can be a quote from a movie or book that can be made even more difficult to guess by substituting characters for letters or numbers and alternating uppercase and lowercase letters throughout.
Implement a Strong BYOD Policy
Today’s mobile workforce has brought challenges to many IT departments. Employees are often required to remain available through phone or email outside of the office. It seems wasteful to require them to carry two Smartphones, tablets or laptops–one for work and one for home. This is where a bring your own device or BYOD policy is beneficial.
In order to protect your company’s information, two-factor authentication is the way to go for employees on the move. This involves having a VPN connection set up on their personal device that requires a password. The second factor involves having certificate installed on that same device that is user-specific and needs to be present in order for the connection to go through.
Users should be made aware of the acceptable use of connecting to the company’s network resources from their personal devices and be required to sign off acknowledging their adherence. This policy should include restrictions on who has access to their device.
Restrict Access to Social Networking Sites
One of the fastest growing ways hackers are able to obtain personal information that can be used to commit identify fraud is through social network sites. This is not just because of instances where LinkedIn or Facebook account passwords were obtained through hacking. The problem is that we have become a nation of over-sharers.
Hackers can easily view information that people post about their personal lives. Information such as your pets or children’s names, your address, where your work, or phone numbers can be easily picked off the Web. Many users are just not aware of how to protect their information from the unscrupulous.
If your users are using your network to visit social networking sites, they may be putting your systems at risk. The best policy is to restrict access to these sites on the company network. Your users may grumble a bit, but in the long run, you may be avoiding a big headache.
These are just a few of the ways you can implement security methods to help fight identity theft in the office and at home. Protecting the personal information of your customers and employees is everyone’s responsibility from the bottom up to the top down; enlist all users in the fight.
About the author:
Katelyn has teamed up with Guardi.us Identity theft protection, an Internet security blog providing resources to help users learn how to remove toolbars and other unwanted software and plugins from their browser.