BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

REDUCING THE IMPACT OF PII SECURITY BREACHES

From: henry ojo <henryojo () yahoo com>
Date: Tue, 18 Jul 2006 11:49:35 +0100 (BST)
    REDUCING  THE IMPACT OF PII SECURITY BREACHES
       
       
      The  persistent security breaches that occur in so many organisations and  institutions are no longer big news. 
What is worrying is that while it is  expected in financial institutions, as obvious targets for their ‘monetary  
rewards’, it is rather unexpected in that about a third of the reported  security breaches in the U.S. occur in 
educational institutions.
      Obviously  the level of protection afforded the information (mainly Personal Identifiable  Information PII) held 
by  these  educational institutions is much less than their financial counterparts, yet  the data breaches could be 
just as damaging.
      What makes  the PII so valuable to fraudsters? Loans, mortgages, credit cards, illegal  employment could be 
obtained using this kind of information.
      This now  rests the burden of responsibility at the feet of organisations that use PIIs  as the only way to 
validate the identity of applicants for their services.
      Fraudsters  use this information largely because it is inherently ‘low risk’ with huge  returns as the risk of 
being physically present is eliminated by organisations  relying heavily on e-commerce.
      The  question is, do the benefits of cost cutting, easing organisation’s operations  by doing substantial amounts 
of business online outweigh the impact of not  providing enough protection to customers PII by not streamlining 
processes and  procedures to aid the security of customers PII at the risk of  legislative/regulatory fines etc.
      A  suggestion to revert to the stone ages is not being conceived but the emphasis  on using PIIs for validations, 
verifications and even in some cases  authentication by a lot of institutions should be reduced.
      Biometrics,  token password solutions provide alternative authentication mechanisms, which  organisations avoid 
because of costs, but in the long term an ROI might justify  the investment against legislative/regulatory fines, 
litigation, legal fees and  loss of goodwill/reputation.
  
       
    

Henry Ojo BSc HISP BS7799 Auditor
www.efortresses.ie
Cell: 00353 874182266
Office:+(0) 7958430094
Fax   :+(0) 7092 0950843
                
---------------------------------
 The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/errata/dataloss/
Previous By Date Next
Previous By Thread Next

Current thread: