irreverent, thought-provoking analysis of the industry-- with an
occasional guest columnist.
Top Ten Threats to Data Security and Privacy for
... and what to do about them.
(May 16, 2011)
(Note: myID.com is a new service by
SafetyWeb.com and cited the following threats.)
1. Data Breach Resulting From Poor
Cisco. Sun. These are enterprise-level
networking choices that are found in large IT departments around the
world. The price tags, however, price small or medium businesses out
of the market. If these businesses have networks at all, they may
use networking devices targeted at home users. Some may forgo the
use of routers at all, plugging directly into the Internet. Business
owners can block most threats by using a quality router, like a
NETGEAR or Buffalo brand router and making sure to change
the router password from the default.
2. Data Breach Resulting From Improper
Dumpster-diving identity thieves target
businesses that throw out paperwork without shredding it. Most home
shredders will suffice for small businesses in a pinch, but a
commercial shredder is a wise investment if private information is
printed and shredded daily.
3. Identity Theft Resulting From Public
Individuals, especially business owners, often
publish lots of information about themselves in public databases.
Businesses are registered with the county clerk, telephone numbers
are in the phone book, and many individuals have Facebook profiles
with their address and date of birth. Many identity thieves can use
information searchable publicly to construct a complete identity.
4. Identity Theft Resulting from Using a
Personal Name Instead of Filing a DBA
Sole-proprietors that do not take the time to
file a Doing Business As application are at a far higher risk of
identity theft due to their personal name, rather than their
business names, being published publicly.
5. Tax Records Theft Around Tax Time
Businesses must ensure that tax returns are
dropped off at the post office and refunds are collected promptly
from the mailbox. Identity thieves often steal tax returns from an
outbox or mailbox.
6. Bank Fraud Due To Gap in Protection
Business owners know that it is vital to
balance their accounts every month to ensure that checks are not
being written out of business funds by embezzlers, but many
businesses rarely, if ever, check what kind of credit accounts have
been opened under the business name. Monitoring services like
myID.com can alert business owners when new credit accounts are
7. Poor Emailing Standards
Many businesses treat emails as confidential
communications, but this is far from the case. They are available to
a number of people other than the recipient. It's more appropriate
to treat emails as postcards, rather than sealed letters.
8. Failing to Choose a Secure Password
In fact, many security experts are recommending
the use of a pass phrase, rather than a pass word. Pass phrases are
several words long, at least three, and are far more secure than
passwords. A pass phrase like "friday blue jeans" can be typed far
quicker than a complicated password, and it doesn't need to be
written down on a post-it.
9. Not Securing New Computers or Hard
Businesses that had their IT system
professionally installed may opt to upgrade a computer or two by
themselves. This is strongly discouraged on a business network, as
new computers must be professionally secured or else they pose a
serious threat and an entry point for hackers.
10. Social Engineering
Social engineers are individuals that call and
claim they are from another organization. They may even claim to be
with a firm that a business owner does business with. If someone you
do not know calls on the phone, be sure that it is the person you
think it is before revealing passwords or confidential information.