As I have said many times in this column I rarely write about specific instances of data theft or hacking into large servers at big organizations. The reason is simple, these incidents are so ubiquitous that they lose their impact. Recently U.C. Berkeley revealed that they have been hacked for a number of months to the tune of about 160,000 records. As stunning a revelation as that is I’m not going to comment on that at length. If you want to learn more about that go to http://www.mercurynews.com/.
What I think is more relevant to businesses today is this story.
NetworkWorld brings us inside the data leakage audit of a Boston-based pharmaceutical firm. During the 15-day review, auditors examined outbound e-mail, FTP and Web communications, revealing 11,000 potential leaks, more than 700 critical information leaks and violations of Payment Card Industry and other security standards. Among the "worst leaks:" confidential zip files and attachments sent by e-mail to an outside vendor; unencrypted e-mailing of a clinical study to an outside vendor; the mailing of employee compensation data to an outside company. "We thought we were in good shape..." said the company's CIO. "This just goes to show you can do all that and it's just not enough."
It is this kind of thing that business owners and executives need to read regarding identity theft compliance issues. I have never visited a business regardless of the industry they serve that does not need improvements in the way they handle sensitive documents, or personally indentifiable information of employees or customers. Even the best among companies who believe they are doing everything possible are at increased risk. As long as data has value it will be stolen or used for illicit purposes. Illegal data sale and identity theft are two very profitable kinds of crime with little chance of prosecution. I’ve mentioned before that the U.S. Secret Service, the agency charged with investigating identity theft crimes has gone on record saying that identity theft has surpassed the international drug trade as the most profitable crime in the world.
Every business no matter how large or small needs to accept that risk exists and initiate an identity theft compliance program appropriate to their business. It will only serve to increase the security of information in the company, and to lower the risk of a data leak or worse, identity theft resulting from personal information taken from the company.