This article can also be found in the Premium Editorial Download "Information Security magazine: Security survivor all stars explain their worst data breaches."
Download it now to read this article plus other related content.
Security Survivor All-Stars
8 tips to ensure Your customers' personally identifiable Information stays safe.
Plan for one layer of your security controls to be bypassed: A stolen employee password should not provide the keys to the castle.
Review and understand data retention rules. Do not retain personal information longer than required; ensure your practices are safe and within policy.
Conduct annual third-party security audits: Audits help you understand gaps and reduce risk. Implement suggested changes. If an audit sounds scary, your security is inadequate.
Employ need-to-know access: Allow access to data on a need-to-know basis; record and audit that access.
More information from SearchSecurity.com
Larry Ponemon, of The Ponemon Institute, explores why companies who ignore data breaches are also ignoring risk management.
Learn how to avoid making headlines due to a privacy breach.
Review the important elements of a data protection strategy.
Protect from the inside out: Often, the same controls that prevent employees from acting beyond their privilege will also prevent an attacker from gaining elevated access.
Prioritize risks: Classify data as sensitive and critical to the organization. Secure the database where it lives.
Encrypt backups: One of the most common losses of data results from missing backups.
Verify partner security standards: Ensure that service providers maintain security best practices in line with industry and organizational standards.
Sources: Jon Orbeton, Check Point Software Technologies, Zone Labs division; Adrian Lane, IPLocks
This was first published in April 2006