PCTECH Computer Services Inc. provides onsite computer service and repair. Laptop to Servers. "Forget the Geeks,  Ignore the Nerds,  Call the Professionals ® PCTECH 604.676.9000"
   
Professional Service with a
Personal Touch.™
  NEWS  
Est. 1989

PCTECH Computer Services provides computer service and repair anywhere in the Vancouver Lower Mainland.

Reducing ID theft by 80 per cent
23 June, 2005
by Steve Wexler

While identity theft is a huge and growing problem, following five simple best practices can reduce that threat substantially, according to Jim Stickley. With over 100 successful heists to his credit, his company, TraceSecurity, performs vulnerability audits of banks. He recommends that if companies adhere to the following simple best practices, they can reduce identity theft risk by up to 80 per cent: shred bins should be conveniently located near all bank employees; confidential information and computers should not be left unattended under any circumstances; sensitive data, including computer backup tapes, should be encrypted; to prevent phishing, all e-mails should be verified for authenticity; and all bank employees must be trained on proper policies and procedures.
Many banks use paper shredders, but unless shredders are conveniently located near all branch personnel, they don't get used properly. Stickley has found that unless the shred bins are within a few feet of employees, many documents will simply find their way into the trash bin, unshredded, and ready to be discovered by Stickley's dumpster diving team.

Most banks concentrate their security at the entry to the facility or branch. Beyond the initial greeting area, Stickley finds that security becomes more lax. Bank employees, assuming that anything on their desk is safe because they are located away from the front area, often leave sensitive paperwork on their desks, or leave Post-It notes on computer monitors listing log-on IDs and passwords. This is a major mistake because visitors, maintenance, and other individuals often receive access to this area. In addition, computers should not remain logged in while employees are away at lunch or after they've gone home for the day. Unattended computers put a bank's information systems at a much higher risk.

Confidential data should be encrypted at all times when not being used. This includes information stored on workstations and laptops. There are a number of applications available that will encrypt sensitive documents on the hard drive, so if a laptop or workstation is accessed or stolen, the data that has been encrypted will be protected from identity thieves. Additionally, all backup tapes must be encrypted and stored securely off-site. There are a number of storage security appliances that encrypt the data as it is stored to the tapes. This will reduce the risks associated with tapes being lost or stolen. According to Stickley, on numerous occasions he has stolen unencrypted backup tapes that were sitting on shelves in plain view. These tapes, often as small as a pack of cigarettes, have contained account information for thousands of customers.

Banks' customers aren't the only people vulnerable to phishing attacks. Stickley and his team often use phishing tactics to extract critical information from bank employees prior to visiting a branch for an undercover social engineering audit. Employees need to understand that e-mail that appears to come from another employee or legitimate source could be forged. If a manager requests confidential information from an employee via e-mail, the employee should always contact the manager via the phone for verification.

Stickley's team will also employ e-mail spoofing and domain hijacking to trick the employee into releasing sensitive information. For example, if a bank's name is Pond Bank, and their domain name is pondbank.com, Stickley will register a fake domain name that replaces the letter "o" in Pond with the numeral "zero," and then send spoofed e-mails to bank employees asking for sensitive information. Banks should also consider adding cryptographic signatures to enable authenticated e-mail messages that can prevent forgeries.

Employee awareness training and strict policy enforcement are the most important methods to protect an organization from identity thieves. Monthly meetings should be scheduled to review security policies. For example, employees must understand that bank visitors must be accompanied at all times, and that unoccupied desks should be free of confidential information, and filing cabinets should locked when unattended. Additionally, policy management software should be an essential component of any security program to ensure that employees are contacted when policy and procedure changes occur.

 
 

Reprinted by permission of Integrated mar.com (integratedmar.com), EchannelLine © Copyright 2005 Integratedmar.com Corporation.

  
Home . About Us . Services . Products . Support . News . Testimonials . Contact Us . Online Support . Privacy . Legal . © Copyright 2009 PCTECH Computer Services Inc.

PCTECH, PC TECH, PCTECH Computer Services, "Forget the Geeks, Ignore the Nerds, Call the Professionals", "Professional Service with a Personal Touch" and company logo are Registered Trademarks of PCTECH Computer Services Inc. PC Tech provides onsite, mobile computer service and repair to virtually any make or model of laptop computer, desktop computer, network and servers in the Vancouver Lower Mainland. computer repair Downtown, computer repair Vancouver, computer repair Richmond, computer repair Surrey, computer repair White Rock, computer repair Burnaby and computer repair Coquitlam. Our services include virus & spyware removal,Virus Removal Services, hard drive data recovery, server installation and networking, laptop, printer and monitor repair. As well, telephone remote support and maintenance agreements. PCTECH voted number one in Onsite Computer Service and Onsite Computer Repair 2008 & 2009 by Consumers' Choice Award.