Identity Theft in Business - Data Access Code Identity Theft

Businesses are especially exposed to physical and data access code identity theft. In a busy workplace, where a lot of people work, it can be difficult to keep property and information secure if an unauthorized thief gains access. The problem of "stair dancers", thieves who move quickly around the building using the stairs instead of the lifts and steal in an opportunist way, is an example.

The answer for most companies is to control entry to the building, with a single supervised entry point or an automated controlled entry system. Either way, some form of personal identification is usually required, such as a personal identification pass or swipe card. High security facilities may use more complex solutions. To gain entry, a thief must steal or copy an identity pass or card.

To guard against theft of a pass or swipe card, adding a PIN code to be entered when the card is swiped is a common solution. If a card is lost the magnetic entry code and the PIN number are easily changed. With a supervised entry, the security person or receptionist usually gets to know people, or you can use a stronger requirement for pass inspection with photographic identity or a signing-in procedure for where there is doubt.

Data security is most effectively managed by starting with the "need to know" principle: only those who need the information can get access. A user name and password as each person's means of identification is the most common solution. Strong passwords should be required for important data, following good practice for setting up passwords such as only complex character combinations and a minimum length.

By limiting the number of password entry attempts (often to 5) before a time delay before another attempt (often 15 minutes) an automated log in system would take a very long time to test the possible combinations of a strong password. This activity would no doubt be detected by most systems, and access further denied from that computer. A further security measure is to restrict access to a defined network or to specified internet addresses or computers.

Programmed restrictions to certain individuals should be placed on the ability to change (or, worse, to corrupt) a database, and to download or print sensitive commercial or personal information.

Data held on portable or laptop computers is more difficult to control and more susceptible to theft, and these computers are at greater risk of being interfered with for a thief to load spyware.

Systems to detect and remove spyware, especially key stroke logging software, from entering a commercial computer network is vital to guard against identity theft.