informa
Announcements
Event
How to Launch a Threat Hunting Program | Webinar <REGISTER>
Event
How to Accelerate XDR Outcomes: Bridging the Gap Between Network and Endpoint | Webinar <REGISTER>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW>
PreviousNext
Risk
2 MIN READ
News

When Personal Identities Are Stolen, The Bad Guys May Get The Business

Security experts say it's time for enterprises to get more involved in protecting employees' personal data
Tim Wilson, Editor in Chief, Dark Reading
Contributor
December 17, 2010
So what role should enterprises play in protecting employees' personal information? The first step is to add personal information security training to the corporate security awareness program, experts say.

"If you don't train your people on the personal side of the threat, then they won't give a damn," Sileo says. "We're all more self-interested than we are interested in the welfare of company data. Teach your people to take care of their own data, and be aware of the consequences of losing it. If they understand those things, there's a good chance that they'll extend the knowledge and practices over to their corporate systems."

Companies should also consider offering identity theft protection services to their employees -- not as a benefit or perk driven primarily by the human resources department, but as a means of protecting business data on personal devices, driven by business managers and the IT organization, Rohrbaugh says.

Vamosi notes that many businesses currently keep identity theft protection and resolution services on retainer, so they can tap those services if data theft or other breaches occur. In fact, businesses are accounting for an increasingly larger portion of the revenues earned by identity theft protection services, he says.

"Over the last few years, the number of [individual] customers signing up for identity theft monitoring services has actually gone down," Vamosi says. "But when we talk to the services themselves, they say they are doing well. That's because businesses are making up more and more of their revenue."

In a perfect world, companies would extend their security initiatives to protect employees' personal data as well because it helps build a culture of security and makes the company a better place to work, Sileo says. "It fits well with the idea of putting a gym in the building," he says. "It makes people feel better about the company they work for."

In reality, though, most companies don't initiate personal identity theft programs until they have been hit with a security breach, Sileo concedes. "The difference between a company that cares about this level of security and one that doesn't is usually getting hit," he says. "They just don't see the havoc that [personal identity theft] can cause until it happens to them. That's why I'm out there talking about it -- maybe by hearing what happened to me, they can get a sense of what it's like and do something about it before it happens to them."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports
Editors' Choice
Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway
Jai Vijayan, Contributing Writer, Dark Reading
'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting
Nathan Eddy, Contributing Writer, Dark Reading
Dark Reading Launches Inaugural CISO Advisory Board
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading
'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs
Tara Seals, Managing Editor, News, Dark Reading
Webinars
More Webinars
Reports
More Reports
White Papers
More White Papers
Events
More Events
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports