- Anti-virus software is installed and up-to-date.
- Spyware and Trojan checking software is installed.
- Latest operating system and patches are installed.
- Device is approved for entry.
To minimize ID theft, security needs to start at the end point, and only when the end-point is secure should users be allowed to proceed with entering user names and passwords.
Preventing others from using your identity
A big step that organizations can do to ensure that trust is established between users and applications is to implement stronger authentication methods. The most basic authentication methods are very easy to break, even for novice hackers and password cracking tools, but enforcing strong one-factor authentication, coupled with two- or three-factor authentication can virtually guarantee ID theft is minimized due to the sensitive and unique nature of the authentication methods.
Basic authentication requires users to input a username and a password, and everything will be available to them, including sensitive and confidential information. But making the distinction on how users authenticate is a big step in stopping sensitive information being stolen. For example, an organization could set the policy that if a user uses one-factor authentication, they will only have access to the most basic information, such as e-mail, but if the user uses higher levels of authentication then more applications and data will be available to them, such as e-mail, sales systems, purchasing systems, etc.
A large percentage of stolen data comes from unhappy employees who leave backdoors open to themselves where they only need the right username and password to get access to everything, after they have left the organization. With two-factor authentication, requiring the user to own a unique possession, such as PDA, mobile phone, or hardware token (usually a password generating device issued by a third party) , would make it much harder for disgruntled employees to hack their way back into systems to cause damage.
Highly sensitive systems could even require an extra level of protection adding in bio-metric authentication, where the user needs to use a physical attribute unique to them, such as their iris or finger print.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.