Identity Theft in Business
Data Access Code Identity Theft
Businesses are especially exposed to physical and data access code identity theft. In a busy workplace, where a
lot of people work, it can be difficult to keep property and information secure if an unauthorized thief gains
access. The problem of "stair dancers", thieves who move quickly around the building using the stairs instead of
the lifts and steal in an opportunist way, is an example.
The answer for most companies is to control entry to the building, with a single supervised entry point or an
automated controlled entry system. Either way, some form of personal identification is usually required, such as a
personal identification pass or swipe card. High security facilities may use more complex solutions. To gain entry,
a thief must steal or copy an identity pass or card.
To guard against theft of a pass or swipe card, adding a PIN code to be entered when the card is swiped is a
common solution. If a card is lost the magnetic entry code and the PIN number are easily changed. With a supervised
entry, the security person or receptionist usually gets to know people, or you can use a stronger requirement for
pass inspection with photographic identity or a signing-in procedure for where there is doubt.
Data security is most effectively managed by starting with the "need to know" principle: only those who need the
information can get access. A user name and password as each person's means of identification is the most common
solution. Strong passwords should be required for important data, following good practice for setting up passwords
such as only complex character combinations and a minimum length.
By limiting the number of password entry attempts (often to 5) before a time delay before another attempt (often
15 minutes) an automated log in system would take a very long time to test the possible combinations of a strong
password. This activity would no doubt be detected by most systems, and access further denied from that computer. A
further security measure is to restrict access to a defined network or to specified internet addresses or
Programmed restrictions to certain individuals should be placed on the ability to change (or, worse, to corrupt)
a database, and to download or print sensitive commercial or personal information.
Data held on portable or laptop computers is more difficult to control and more susceptible to theft, and these
computers are at greater risk of being interfered with for a thief to load spyware.
Systems to detect and remove spyware, especially key stroke logging software, from entering a commercial
computer network is vital to guard against identity theft.