April 23, 2009, Oklahoma Department of Human Services
(Oklahoma City, OK): Information on a computer stolen from an agency employee may have included names, Social Security numbers and dates of birth for people who receive DHS services. Number of records affected: 500,000
April 22, 2009, New York State Tax Department: A former New York state tax department worker was accused of stealing the identities of thousands of taxpayers and running up more than $200,000 in fraudulent charges. Number of records affected: 2,000
April 20, 2009, Fairpoint Communications, Inc: a worker’s failure to abide by security precautions caused a portable data-storage device containing employee information to disappear. The device contained information for all current FairPoint employees and some former employees, or about 4,400 individuals in total.
Merilll Lynch, Pepsi Bottling Group, Library of Congress, CheckFree Corp, Honeybaked Ham, the list goes on*. And it's not just large corporations being affected. Any company can be targeted and you would only know it after it's too late.
Unauthorized access and theft can come from outside as well as inside your company – how prepared are you?
Many states have enacted their own laws on top of federal agencies requirements that a business protect its sensitive data. You could face penalties if you experience a breach.
It’s up to each company to set up their own policies and procedures on how to best protect their sensitive data. Daunting?
Physical Security Tips To Protect Your Business& Your Customers (excerpt from the BBB Free Security and Privacy Guide)
- Shred or cross-shred papers with personally- identifiable customer or business data before throwing them away, or use a document disposal company to destroy the papers for you.
- Send and receive business mail from a secured mailbox or a post office box.
- Conduct regular software audits of computers.
- Train employees to watch for suspicious activity among other employees, customers, or people coming to your business premises.
- Consider telling your customers how they can spot phishing efforts, and how they should verify that it's your communication before releasing any personal information.
- Verify the identity of a customer before discussing or providing any customer account information by telephone or e-mail. Then take appropriate steps to provide it in a manner that is secure.
- Secure your physical space with locks and alarms.
- Secure your business, customer and employee records in locked cabinets.
Check out our Resources which will give you some good advice of how to get started. And if the task is indeed daunting, then give us a call at 866-400-0922 or email inquiry@wacconsultinggroup.com to get expert advice on the best methods to protect your company.
* Source: Privacy Rights Clearinghouse
