A March 2017 Government Accountability Office (GAO) report on the benefits of identity theft services recommends that agencies have the freedom to determine how much identity theft coverage to provide customers and constituents impacted by a data breach. Concluding that mandated coverage levels are “likely unnecessary” as well as potentially costly and misleading, the GAO report has led to a heightened focus on proactive data theft prevention.

Here are 9 steps the Federal Trade Commission (FTC) recommends private- and public-sector organizations take to improve the security of private data:

  1. Don’t collect what you don’t need. Take only the data you need, and keep it only as long as necessary. Use personal data only when absolutely essential.
  2. Control data access. Restrict access to the sensitive data you do keep, and limit administrative access. Sensitive data should always be accessed on a “need-to-know” basis only.
  3. Require secure passwords and authentication. Require employees to choose complex passwords that are unique and not used for personal accounts. Store passwords securely, and protect them against brute force attacks by locking out accounts after repeated unsuccessful login attempts. Protect the system against authentication bypass by testing for common “backdoor” vulnerabilities.
  4. Store sensitive personal information securely and protect it during transmission. Keep sensitive data secure throughout its lifecycle. Use validated, accepted methods for securing data. Ensure proper configuration to avoid man-in-the-middle attacks and other risks.
  5. Segment your network and monitor access attempts. Use firewalls to segment your network; each computer should talk only to necessary connections. Monitor activity on your network including system logs and use an intrusion detection system.
  6. Secure remote access to your network. Set secure remote access policies and stick to them. Solidify endpoint security by reinforcing “weak links” on computers with remote access. Establish sensible limits, allowing just enough access for employees to do their jobs. When necessary, grant temporary limited access or limit connections to specific IP addresses.
  7. Make sure your service providers implement reliable security measures. Disclose all of your security expectations to potential service providers and monitor their services. Put all security standards in vendor contracts and verify compliance.
  8. Develop procedures, update security and address vulnerabilities as they arise. Always update and patch third-party software. Listen to warnings about credible security threats and take action immediately. Make sure you have an incident response plan.
  9. Secure paper, physical media and devices. Store sensitive files securely. Protect any devices that process personal information and that could be vulnerable to theft or tampering. Keep safety standards in place when data is in transit, not just when it's in the office. Dispose of sensitive data securely; destroy physical data and wipe devices when you're finished with them.

Identity Theft Prevention is the Best Policy

If you would like a copy of our Free Report:  "What Every Business Owner MUST Know To Protect Against Online Identity Theft", feel free to email or call the office.  We'll be happy to provide you with your own personal copy.  When it comes to avoiding the costs and headaches of identify theft, prevention is the best approach by far. A managed security services provider, SpartanTec, Inc. has the expertise and best-of-breed technology solutions to help agencies check identify theft prevention steps off their lists. Contact us today.