Simple tips to beat IT fraud

SMALL businesses have been warned of the dangers posed by the irresponsible disposal of sensitive material.

A survey highlighted that 79 per cent of businesses risk corporate identify fraud as they are not destroying sensitive material before it is thrown away or recycled.

However, it is not just hard copy material that is putting small businesses at risk.

Data sorted on computers and mobile devices can also leave SMEs vulnerable to corporate ID fraud if IT security is not up to scratch.

Ross Walker, Symantec's head of small and medium business, said: "When you think of ID risk people tend to think of the risk to themselves as individuals, but the fact is that it can impact the businesses too and SMBs are the most at risk.

"Negating this risk doesn't have to be a daunting task. In many cases simply implementing good processes such as regularly updating security software, firewalls and passwords is enough. Staff don't require a deep technical knowledge however it is imperative that SMEs understand and know how to take simple steps to protect themselves and limit any potential harm."

Recommended steps for small businesses include putting in place a security solution that is designed for businesses and will keep your critical information safe wherever it is used or stored (laptops, desktops, mobile devices, servers, in email, over the network, and in storage devices).

Also, ensure you have effective and accurate anti-spam protection.

It is important to stay informed and to have a good reliable backup in place as well as keeping a spare copy in a secure place away from the office.

Matt Hampton, chief technology officer of Imerja, said: "It is concerning that despite massive media attention surrounding data losses and several Government warnings, more than a third of employees apparently still do not know whether their organization has a policy in place on handling potentially sensitive documents. In a lot of cases, the problem isn't the absence of IT security measures but the lack of staff education in implementing them.

"If guidelines aren't put into practice and properly enforced an IT security policy isn't worth the paper it is written on.

"Personally identifiable data should be password protected at a minimum. If this information is transferred outside a secure IT environment, whether on a laptop, memory stick or CD, it should be encrypted.

"Encryption technology is easy to put in place and doesn't impact on performance.

"IT security shouldn't be seen as optional. Putting in place an adequate strategy is far preferable to having to deal with the consequences of a breach."

Roger Rawlinson, managing director, assurance division, NCC Group. said: "This survey has highlighted what the IT security industry has been saying for the last couple of years, businesses are still not taking data security seriously."

 

Source - Business Network

Posted Date: 29th Apr 2010