Tips for Protecting Sensitive Data From Malicious Employees During the Holiday Season

Dr. Doug Jacobson, founder and chief technology officer of Palisade Systems, recently announced the following top ten tips for businesses to protect customers' sensitive data from malicious employees. According to analyst firm Gartner Group, over 70 percent of unauthorized access to data is committed by employees, and a 2004 CSI/FBI survey found that internal threats comprise half of security incidents and account for the largest overall losses. Furthermore, less than 5 percent of businesses currently deploy technology specifically designed to identify and eliminate the unauthorized sending of private content outside their network.

 

  • Know what data is being collected on your customers and the reasons for collecting it.
  • Understand what private customer information employees have access to.
  • Understand how employees can send customer data outside your company -- through the network, laptops, PDAs or backup transport.
  • Develop policies for the appropriate handling, use and securing of customer data, and make sure every employee understands what data is private.
  • Educate your employees on how to properly handle private data, as well as how to keep their computers free of security threats such as worms and spyware.
  • Be sure to communicate your company's procedures and processes for protecting confidential data to your clients.
  • Hire a third party to perform an annual audit of your security practices. Through penetration tests, your company will better understand how adequately protected you are with your existing network security infrastructure.
  • Adopt a multi-layered security strategy to protect private data. The strategy should include solutions to enforce access controls on information and provide private content protection.
  • Track where your customers' sensitive data is being sent. Consider purchasing technology designed to make sure sensitive data is being sent to the correct IP address by an employee.
  • Encrypt data if customer information is being transmitted or stored on a network.

    More information about how to protect consumers' sensitive data can be retrieved from the Federal Trade Commission at: www.ftc.gov/bcp/conline/pubs/buspubs/safeguards.htm.
    For more information about Dr. Jacobson or Palisade Systems, visit www.palisadesys.com.

Click here to return to the E-zine and/or close this window