Assessing the Risks of Identity Theft

Perform an Information Audit

Identity theft can occur through either indirect data network intrusion, digital theft from people directly accessing business files and physical theft of paper documents containing sensitive information.

Charlotte businesses and individuals must inventory what type of sensitive information they may have on file and where it can be accessed. Since more and more systems like POS registers and databases are being connected to the internet, business owners must also consider “backdoor” measures that access data stored on hard disks through networks. These security audits can greatly reduce the risk of identity theft in your Charlotte office.

Generally, businesses should inventory and mark down any instances of:

• Filed hard copies of documents containing sensitive information
• Stored digital files like .docx and .xlsx located on hard drives with sensitive information
• Network systems that contain digital files on servers
• Systems that have sensitive information stored on third-party network servers or “the cloud” such as POS stored payment information

Once all the categories or discrete instances of information are determined, the business should then ask questions that reveal their level of risk.

• Are the files (either physical or digital) accessible by all, or do they require a specific physical key or digital password?
• How many employees currently have access to these keys or passwords?
• Is there a way to track each instance the employee accesses the files, or can they do so unlimited times without oversight?
• How often are keys and passwords changed?
• Are digital data and files containing sensitive information encrypted? How recent are the encryption methods being used?
• Are there any third-party programs to monitor or block unwanted access to digital files?
• Does every computer system have an antivirus program installed? Is it up to date?
• Does your organization periodically delete data or destroy physical documents that contain information they no longer need?
• Are hard drives shredded when old computing equipment is sold or replaced?
• Do your third-party software vendors (POS, payment systems) have their own security measures to protect sensitive data? Are these measures up-to-date?

Answering these questions will help you determine how vulnerable your sensitive data currently is. In the most basic terms:

• Unlimited access
• Low oversight
• Out-of-date or non-existent digital security and monitoring measures
• Passwords or physical locks that are never reset
• Hoarded, unneeded sensitive information

…all lead to a greater risk of data breaches or unwanted document access. You can solicit an outside security professional to supplement your risk assessment knowledge and point out further oversights you had not considered.