Improving protection of customers' personal data

Published 3 January 2008

Share |

The FBI says that hackers steal $67.2 billion worth of personal information from the data bases of U.S. companies every year, and the amount is only growing; with so much at stake, hackers will try to get some of it; here are five easy steps to bolster the security of customers’ personal data your company holds

It does not take a lot of money to defend against hackers, snoops, and data thieves. All it takes is for a company to change its security tactics. In today’s networking environment, a company customers’ data should be zealously guarded and protected. BMighty.com’s Jimmy Ray Purser writes the following are some current prices for data being sold illegally:

* Automatic teller machine (ATM) or debit card with personal identification number (PIN): $500

* Driver’s license numbers: $150

* Social security card: $100

* Credit card numbers with expiration date: $15 to $20

If your company’s database contains any of the above types of information, then you should take some of these easy steps to protect your customers’ data. Note that antivirus software and spyware protection should be mandatory without exception. Purser writes that after you have secured your devices with those items, take other security measures in a layered approach, with each action building upon the previous, to protect your valuable data.

* Use continuous data protection (CDP): If your data integrity is lost for some reason, using the previous night’s backup can restore it. CDP is different from traditional tape backups in that with CDP you do not have to specify the point in time to which you would like to recover until you are ready to perform a restore. Traditional backups can only restore data to the point at which a backup was created, but with CDP, there are no backup schedules. When data is written to disk, it is also asynchronously written to a second location, usually another computer over the network. This introduces some overhead to disk-write operations but eliminates the need for nightly scheduled backups (CDP has no time limits for restore. Any CDP solution that states you can restore in intervals of 1 hour, 30 minutes, and so on is not CDP).

* Use a VPN with two-factor authentication for remote users: Two-factor authentication refers to using two forms of identification to verify who a person is. The two factors are something that the person knows and something that the person has. For example, with an ATM account, both the PIN and the card are necessary for a transaction to be completed. The PIN cannot be used without the card, and the card cannot be used without the PIN. You should always protect your high-value user accounts with two-factor authentication.

* Have in-place at least