The UK anti-fraud organisation Cifas recently released statistics highlighting that identities were being stolen at the rate of almost 500x per day! This is a truly shocking statistic and highlights how at risk we all are in today's on-line world.

The article details several steps individuals can take to protect themselves:

  • Limit the amount of personal information on social media;
  • Update your firewall, anti-virus and anti-malware programs;
  • Never share or write down passwords or PINs;
  • Use strong passwords and PINs and do not share them across accounts; and
  • Shred all financial documents before disposing of them.

This is good advice for individuals, but organisations all store vast amounts of personal data that can be used in identity crimes as well. Organisations act as a 'rich' target, as one attack can yield thousands if not millions of individuals' data, as opposed to an attack on a single person which yields only their specific data.

Therefore, in order to combat this growing "epidemic," organisations should ensure that they have appropriate cyber safeguards and processes in place including:

  • Utilising application white-listing on their systems;
  • Ensuring that systems are patched efficiently;
  • Disabling Microsoft Office macros by default;
  • Restricting administration privileges to only those who truly need them;
  • Utilising multi-factor authentication;
  • Backing-up data regularly; and
  • Actively managing applications installed on user systems.

Most importantly, businesses should not get complacent or be ignorant of the threat. A good starting point on this is to perform a holistic vulnerability assessment based on one of the well-defined frameworks that provides a benchmarked assessment of controls and readiness, as well as a path to improvement.

These risks are not going away and with regulatory oversight increasing, for example, with the upcoming GDPR, they are going to become more critical.

An epidemic needs to be addressed from multiple angles. Yes, there is a lot that you can do as an individual but there is also a lot that organisations can do and should do to protect personal information.