- Don’t run out and buy an expensive system just to feel like you’re doing something. Do research, and pick something that will last more than a few months in the field.
- Separate identity information theft from access theft and work on the two problems separately. The two have gotten mixed up in a lot of people’s minds, but they’re different. Protecting social security numbers, names, and addresses is a different problem than protecting against access theft. They’re related only in that access theft often allows an attacker to get personal information. Securing access helps protect data.
- Use solutions that are realistic for real-world customers to adopt. Not all employees are the same, and not all have the same risk. Staff members accessing social security numbers, salaries, and other information need stronger security than a receptionist looking up phone numbers for callers. You have a range of users, so look for something that can provide a range of solutions.
- Don’t get caught up in vendor hype. Phishing, identity theft, Sarbanes-Oxley — they’re all “hot” topics. But there is no silver bullet. Take vendor claims with a grain of salt; get solid security for the money.
- Deploy flexible solutions to protect against future attacks. Most systems out there are “one trick ponies” that do one type of authentication and do it for everything, all the time. With today’s Internet, attacks are changing constantly, and no one can predict what’s coming next. Find authentication solutions that allow you to migrate users to stronger credentials without ripping out the infrastructure. It takes too long, and you don’t have the money to do that every six months anyway.
Recognizing the increased risk that comes with holding more information on employees and potential criminals can maintain the trust of travelers, improve overall security, and protect their employees and customers.
Security specialist shares what the feds, industry groups are doing
The company tests its blood vessel authentication unit at San Juan airport.