How many of you have company privacy and security guidelines at your company? Do you really follow each and every guideline? Based on a recent article of the data breach at AT&T, it doesn’t look like that is the case. One of its employees did not follow their “strict privacy and security guidelines” and gained access to customers’ accounts without authorization. Some of this information includes Social Security numbers, driver’s license numbers and Customer Proprietary Network Information (CPNI) which specifies services purchased, including which numbers the customer has called and when.
Although this employee no longer works at AT&T, the question that everyone has when a data breach occurs is what are they doing now to mitigate the risk of future breaches? Anybody who has received a notification letter most likely will provide you with a numbers to contact for free credit monitoring, but for some companies such as this case, two, three or more breaches continue to occur.
As we all know many other companies in other industries have these same guidelines, but seem to have similar insider data breaches occur. The health care industry has been busy with these kinds of breaches, notably, Aventura Hospital and Medical Center, with as many as 82,000 patients Patient Health Information (PHI) being leaked. Then in the banking industry, two former executives at Teche Federal Bank which was acquired by IberiaBank stole several thousand customer files and provided them to competitor JD Bank.
These data breaches from insider threats have occurred as the FBI and Department of Homeland Security warned of an increase in insider threats from current and former employees.
Many companies only have such guidelines, but the only sure way to protect customers’ sensitive information is to protect the data itself. File encryption solutions such as Fasoo Enterprise DRM (Digital Rights Management) provides persistent file-based security for any business environment. This ensures organization to protect, control and trace sensitive files containing intellectual property, trade secrets, PII and more. This ultimately prevents insiders whether malicious or by accident from causing any data breaches to the organization.
No longer can privacy and security guidelines protect the confidential information of consumers, it is up to securing the data to prevent data breach cases mentioned above from happening.
Photo Credit: CucombreLibre