Monday, January 5, 2009

Report: Data breaches up in 2008

In a report out today from the ID Theft Resource Center (ITRC), the number of data breaches increased 46% in 2008 over the previous year.

Of the five categories monitored by ITRC, only Educational and Military showed a decrease in the last year. Up were Business (reporting the most with 36% of the breaches), Health, Financial services (reporting the least at only 11%).

To prevent data loss, the ITRC issued the following guidelines:

Based on the breach reports from the past 3 years, the ITRC strongly advises all agencies and companies to:
1. Minimize personal with access to personal identifying information.
2. Require all mobile data storage devices that contain identifying information encrypt sensitive data.
3. Limit the number of people who may take information out of the workplace, and set into policy safe procedures for storage and transport.
4. When sending data or back-up records from one location to another, encrypt all data before it leaves the sender and create secure methods for storage of the information, whether electronic or paper.
5. Properly destroy all paper documents prior to disposal. If they are in a storage unit that is relinquished, ensure that all documents are removed.
6. Verify that your server and/or any PC with sensitive information is secure at all times. In addition to physical security, you must update anti-virus, spyware and malware software at least once a week and allow your software to update as necessary in between regular maintenance dates.
7. Train employees on safe information handling until it becomes second nature.

For more information, see the ITRC 2008 Breach List

No comments:

Post a Comment