Data company uses lessons learned for increased security practices | 06.13.2007 | 09:31:30 | Views: 5961 | ID: June 13 '07: Two years ago in 2005, ChoicePoint had more than 163,000 consumer records' hacked by criminals who were posing as legitimate customers. Now, the CIO of the company has told PC World that the company has used the lessons-learned to provide best practices for other similar companies. CIO and Vice President of Shared Services Darryl Lemecha told PC World that simple precautions taken by companies are the best way to help prevent security breaches. "Encrypt all your laptops," he said. "Because they're going to get lost, they're going to get stolen. And make sure all your handheld devices have passwords on them and you have the ability to do a remote wipe [of data]." After the security breach, ChoicePoint "agreed to pay $10 million in civil penalties and $5 million for consumer redress," PC World reported. The company also went through all of its customers' information to confirm it was correct. Since the breach, and 80 external audits later, the company is now considered to be a leading model for security best practices according Avivah Litan from Gartner Consulting who spoke to USA Today earlier this year. Among the steps companies can take to help reduce the threat of having vital information stolen from them include clear governance of company policies; to define expected behavior among employees; to have in place clear security guidelines and response plans; to perform background checks on all employees; and to help spread information about experiences and best practices learned to other companies. In a similar story, Government Executive reported that a new series of recommended guidelines have been issued by the National Institute for Standards and Technology to help "protect federal agencies from data breaches." The guidelines' report "lists the different security measures and explains how to test them," GovExec reported. "For example, for continuity of operation requirements, the report outlines how to determine if an agency really has developed a plan, if people understand it and if it has been distributed to the right people within the organization." Lamecha told PC World that having clear security guidelines, response protocols and simple, common sense security measures in place go a long way: "If you want to do something really simple, take a look at your organization, figure out where all the security functions occur, and lay out an accountability and responsibility chart, just a simple diagram."
Copyright ©2007 TheBreakingNews.com. All Rights Reserved. No reproduction in part or full without prior written permission.
|