[NCLUG] Identity Theft and IT data security

John L. Bass jbass at dmsd.com
Tue Mar 20 15:51:25 MDT 2007 

Doesn't matter if company is big or small. While online access to HR files
are certainly a gold mine, email archives which include documents exchanged
between HR and employees frequently include big scores as well.

Shifting to encrypted email, and better securing HR and management email
servers is one start. This does pose another class of problems, which is
securing and logging encryption certificates so that the email can be
accessed at any time in the future, and only by those that need the data.

John


http://hr.blr.com/whitepapers.aspx?id=17714

     The problem of identity theft continues to grow in severity, both in
     terms of frequency and associated costs. With the workplace ranking
     as the number one source of identity theft, ...

     While many businesses are most fearful for the security of their client
     records, payroll records are more often what's stolen, and with increasing
     frequency. About 90 percent of business record thefts involve payroll or
     employment records; only about 10 percent involve customer lists, according
     to the FTC.


http://www.scribd.com/doc/3807/Identity-Theft-Issues-Risks-and-Solutions-for-Companies

     The bait drawing such crime to the workplace includes personnel files, benefits
     data, and payroll and tax records--all of which typically reside in the HR
     department and can be a goldmine for identity thieves. And as employers
     increasingly store personnel files electronically, the theft of that information
     is likely to increase. (See "Keeping Your Network Safe" on page 42.)

http://www.usatoday.com/money/workplace/2003-01-23-idtheft-cover_x.htm

     As the crime mounts, federal agencies are trying to ratchet up awareness.
     Victims' rights groups, irate about the lack of protection provided by
     companies, are lobbying state legislatures to pass laws protecting records.
     More hapless employees are finding their financial lives devastated by
     an ID thief, who typically got access to data because he or she worked
     on the inside.

More information about the NCLUG mailing list