Tell a Friend09.21.09
Identity theft: Does this happen in your company?
When identity theft comes up, consumer credit card hijacking, fraudulent loans, and emptied bank accounts usually come to mind. But identity theft can -- and does -- occur not just at a personal/home level, but also in the work environment.
This type of identity theft doesn’t always directly affect employees financially, but can be just as harmful to the company and/or the employees.
Identity theft in the workplace is usually accomplished with the help of an “inside” source. Although confidential customer information is usually well protected, some employees simply have too much access to the confidential information of other employees. Home addresses and telephone numbers, birth dates, driver’s license numbers, spouse and children’s names, among other things, could all be available and stolen in the workplace.
Everyone understands what is at risk when customer information isn’t secured appropriately. But the security of employee information is commonly overlooked in internal security assessments, largely because regulatory compliance drives customer data security, but generally does not apply to internal-systems and employee data, except for, perhaps, credit card numbers.
But with the current widespread personnel cutbacks, early retirements and pay reductions, angry employees may seek retribution,or just extra money, especially those who are retained, but with reduced pay and/or benefits. Proper internal data security helps keep employees honest by removing possible points of temptation. It’s not that businesses shouldn’t afford a certain amount of trust to their employees, but proper security and monitoring helps honest people remain honest.
Although some statistics on internal identity theft are available from SEC filings and other sources, many companies aren’t bound by reporting rules, and others who are supposed to report internal violations do not. As a result, statistics are questionable. Still, estimates are that in about two-thirds of the cases of identity theft in the workplace, the source of the security breaches are unknown.
Besides traditional methods of data protection such as firewalls, technology like Security Information and Event Management (SIEM) and identity management (IdM) can minimize improper access to confidential customer and employee data.
Identity and role-management solutions can ensure that users only have access to appropriate applications and data. They also help ensure that unnecessary data and access is automatically removed upon transfer, retirement, or termination.
Some identity management solutions have separation of duty (SoD) capabilities, to ensure no one has access to too much sensitive information without approval. SIEM solutions help monitor and audit access to sensitive data, and some can even trigger defined responses to unauthorized access attempts and other questionable behaviors.
C/D/H can help you examine your systems, and provide you with the most appropriate technologies to solve your identity and security needs.