“People are running scared with their hair on fire,” said Troy Allen, a risk consultant and CEO of security firm Kroll’s Fraud Solutions unit.
When Pennsylvania’s Geisinger Health Systems learned personal data of some of its patients might be exposed as a result of a laptop theft, it offered ID theft protection from American Insurance Group (AIG). Begun in 2006, the policy covers businesses, providing up to $25 million in coverage for companies facing costs, including legal, regulatory and other.
“Password protection only is very weak,” Yankee Group’s Sal Capizzi said.
Boeing had a policy requiring data downloaded be encrypted, but an employee skipped encryption.
Allen predicts firms will also restrict or ban downloading data to CD or USB flash drives. “Employers will begin insisting that more information exchange takes place via secure online transfer,” Allen said in a statement.
Kroll is advising data minimization, a concept counter to the prevailing belief that customer information is an advantage.
For Allen, excuses that a stolen laptop was only a “smash and grab” where thieves aren’t interested in the data stored there doesn’t hold water.
Not satisfied with a few hundred or thousand data files, criminals will turn to social engineering to gain access to data, according to Allen.
http://www.internetnews.com/bus-news/article.php/3654211