Identity theft and fraud have long been considered consumer issues, but a series of recent high-profile intrusions is quickly shifting the focus to the corporate world. From Target to Home Depot to Neiman Marcus, the past year has certainly been a long one for several large companies that fell victim to data breaches. And make no mistake, these attacks may be carried out against a company’s infrastructure, but it’s the consumer who has to deal with the fallout of compromised information. For criminals, enterprise fraud is a high-risk, high-reward proposition. Although the level of security and threat of detection is much higher than with a single-victim attack, the successful breach of a single corporate network can provide a lifetime’s supply of sensitive information, from Social Security and Employee Identification numbers, to passwords and credit card information. The only bright side to these incidents is they provide corporations with the opportunity to learn from past mistakes and strengthen their security. Here are just few tips for avoiding the growing trend of enterprise data breaches.
- Be Proactive
- Educate Your Employees
- But Also Protect Your Employees
The common denominator among this recent string of corporate breaches is lack of preparedness. As corporate security expert Leslie K Lambert explains in an article for CMO, good enterprise security requires good monitoring practices, a clear security policy and strict enforcement of that policy. More importantly, these requirements need to be in place as close to day one as possible. A way to ensure that your company is properly managing this protocol is by having an effective IT department that is properly funded and has the tools necessary to monitor the network and enforce policies. There is a tendency in corporate culture to slowly defund IT departments simply because no major intrusion has occurred. Remember that IT was most likely what kept your networks breach-free.
Your employees are the first line of defense against large-scale security fraud, but they can also be the cause. Most enterprise fraud doesn’t involve the wholesale leak of millions of credit card numbers. The majority of cases involve individual employees who use the network for non-work-related activities and inadvertently introduce a Trojan horse or phishing malware into the system. All the security in the world can’t protect your company from an employee who accidentally answers the wrong door. What’s the solution? Make sure your employees know the network security policies and don’t hesitate to enforce them. You’d rather have one uncomfortable conversation with one person in the sales department than have to issue an apology to millions of customers.
Small- and medium-sized business owners are vulnerable to tax fraud, especially in the first year of doing business. During this time, owners are transferring personal data to several different financial institutions, contractors and suppliers, effectively increasing the chances that sensitive information falls in the wrong hands. Additionally, the increased focus on day-to-day operations can cause issues like network security or data storage to fall by the wayside. As Lifelock reported in a recent article, the majority of business-related fraud results from illegally obtained Employee Identification numbers, which are then used to file bogus W-2 forms. If this occurs, the IRS will place the burden of proof on you. Develop an organized system for storing and protecting all employment records and keep a running log for who accesses this information and when. If you think that your employee information has been compromised, be proactive. Contact the Federal Trade Commission and Internal Revenue Service immediately.