Monday, April 10, 2006

ID thect and fraud - The weakest link - uneffective policy implementation!!!

There's some good news and some bad news to report concerning the fight against identity theft and cyber fraud. The good news is that financial institutions and other companies continue to batten down their information security with high-end tecnological measures such as two-stage identification and multifactor authentication. The bad news is that even the most advanced information security systems often have an Achilles heel -- usually in inadequate, or unenforced, policies covering employees and contractors. The recent spate of thefts of employee or contractor laptops thefts, resulting in the loss of sensitive information, is a perfect example. No matter how much money a company spends on fancy data security measures, these less sexy links in its security chain will continue to be vulnerable to exploitation by clever fraudsters. This doesn’t mean companies should give up on the high-end technological measures. Rather, it means companies need to pay as much attention to the more mundane, less glamorous aspects of security, like establishing and enforcing rules on the handling of sensitive data, and regularly using encryption.

© Copyright 2006 Steptoe & Johnson LLP. Steptoe & Johnson LLP

No comments: