Kroll Inc., a global risk-consulting company, serves more than 10,000 businesses and millions of individuals on matters concerning identity theft and recovery, and warns that academic institutions are increasingly vulnerable because of their ever-growing databases of personal information on students, alumni, applicants, faculty and staff.
Kroll has developed a tip sheet for companies, governments and institutions looking to improve information security.
Sample tips:
- Look beyond technology when assessing data breach risks. For example, evaluate how the departure of fired or resigning employees who may have had access to sensitive data is handled, and evaluate safeguards on remote projects.
- Have a response plan in place to "enable decisive action and prevent operational paralysis when a data breach occurs."
ADVERTISEMENT
- Make sure employees understand the need to appropriately handle and secure sensitive data. "The continuing saga of lost and stolen laptops containing critical information illustrates that corporate policy designed to safeguard portable data only works when employees follow the rules."
- Don't collect information you don't need; a thief can't steal what you don't have. Purge sensitive data when you no longer need it.
- Encrypt sensitive data, but don't rely exclusively on encryption; it provides a false sense of security.
- Hold vendors and partners to the same security standards.
