UBP blog

08/25/2009

Three ways to prevent a large scale identity breach at your company

On Monday August 17, three men (one American and two Russians) were charged with stealing personal data from more than 130 million credit and/or debit cards.  Data was stolen from customers of Heartland Payment Systems, 7-Eleven, the Hannaford Brothers supermarket chain and two other unnamed corporate entities.

 The men are charged with conspiring to hack into computer networks and stealing data as far back as October 2006. This hacking and identity theft case is believed to be the largest one the US Department of Justice has ever prosecuted.

 

 How the breach was executed:

 To tap into the retailers’ networks, the three hackers used a very sophisticated technique known as a SQL Injection Attack. This technique enabled them to maneuver around the Firewalls on computer networks containing credit and debit card data.

 The hackers then installed “sniffers” on the victims’ computer systems to intercept credit and debit card data as transactions are processed.

 How to prevent this from happening at your company:

Although hackers are always looking for new and innovative ways to access and compromise personal information, there are still things companies can do to help prevent a  data breach.

1. Encrypt your networks

This is especially important if your company has a wireless network. According to a recent PC World article, both the TJX and Lowes data breaches were made possible because of non-existent wireless network security. That’s why you should secure your wireless network with encryption. Also, a form of authentication should be required for anyone to access the wireless network.

 2. Stay on top of things

Make sure to consistently monitor all computer systems containing personal information. This frequent exposure will help sensitize you to the earliest signs of compromise or suspicious activity. That way, you’ll be alert and ready to take action before any major damage is done (or any major funds are lost).

 3.  Go above and beyond

This means that you should do more than the bare minimum at your company to pass a security audit. As much as we like to think lawmakers enact security laws because they have nothing better to do with their time, they really do have our best interest at heart. 

Data security laws are there to protect your sensitive data on your computer networks. If you’re only doing the bare minimum that the lawmakers want, you might not be reaping the full benefit of these laws in the end.

Massachusetts’ Identity Theft Law:

In response to the huge, costly problem of identity theft, Massachusetts Governor Deval Patrick signed identity protection law 201 CMR 17.00. Effective March 1, 2010, this law is the toughest one any US state has passed to date.

To prepare businesses for compliance with this law, Universal Benefit Plans conducts free 30-minute educational webinars twice per-month. To sign up for a webinar, please visit www.universalbenefitplans.com and check out our events calendar.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: