Tips to Help Prevent Identity and Data Theft

By Mark Burnette, LBMC Director of Security and Risk Services

Information security is a 24-7, year-round job. Failing to properly monitor and respond to threats in real time exposes organizations, clients, and business partners to risks that could do significant harm to their companies.
 
Following are three tips to help companies reduce the risk of data theft and to keep their IT systems and sensitive information from being compromised: 
 
1. First, companies should determine WHAT sensitive data they have. To do this, take the time to identify and catalog sensitive data within your organization. Once you have a list of the types of sensitive data and where it is stored, processed, and transmitted within the company, you can determine the threats to that data and make sure you have the controls and protections in place to help secure it. 
 
2. Once organizations have identified what data to protect, they need to determine HOW susceptible it is to compromise. A penetration test can help you determine the technical vulnerability of your IT environment (and sensitive data). This type of test helps to validate the security measures that your company may already have in place and to identify the remaining holes that could lead to data compromise.
 
3. Make sure that company personnel understand their responsibility to protect sensitive information. Many compromises occur because a well-meaning employee sends sensitive data via unencrypted e-mail or clicks on a link in a phishing scam. Take a few minutes this month to send a companywide e-mail to remind employees to be vigilant when receiving unexpected messages and inquiries, and to be aware of the company's policies regarding the handling of sensitive data when their job duties require them to store, process, or transmit such information. Also, be sure that your company's internal training includes a module on protecting sensitive data and complying with security policies. Once training has occurred, companies should periodically evaluate the effectiveness of the training by performing "social engineering tests" to assess the awareness and vigilance of personnel, and then adjust training programs based on the results of the tests.
 
Most organizations have a limited amount of money and people resources to dedicate to information security and data protection. Before you spend a dollar of your organization's money on security tools or products, make sure they will address the areas that present the highest risk. This approach ensures that all money spent on security is justifiable and appropriate. 
 
LBMC Security & Risk Services, a division Lattimore Black Morgan & Cain, PC, has experienced tremendous growth during the past few years, as it has helped companies combat the increasing threat of data and identity theft. LBMC's risk services team can help you assess your risks and ensure that your security efforts produce the greatest benefit and have the most effective impact. For more information, visit www.lbmcsecurity.com.
 

You may like these other stories...

Cybersecurity is no longer the domain of an organization's IT staff. It's moved to the boardroom, and in a big way. Accountants and financial managers may have been thinking it's just the province of the tech...
You probably don't want to think about how many times you access the File menu in Excel 2010 or 2013. Personally I think Excel 2010 has the best possible File menu arrangement, other than having Print Preview grafted...
Following other recent high-profile hacking events, investigators discovered yesterday that hackers broke into the draft work paper files of several famous CPA firms. Revealing images of the scantily clad documents have been...

Already a member? log in here.

Upcoming CPE Webinars

Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 21
Kristen Rampe will share how to speak and write more effectively by understanding your own and your audience's communication style.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.