Safeguarding Against a Security Crisis
Author: Gary BarnettTJX Companies, the parent to retail stores T.J. Maxx, HomeGoods, Marshalls, and A.J. Wright, is in the midst of a security-related nightmare. The company recently disclosed that its customer information database was hacked. As a result, credit and debit card data for thousands of customers have been compromised. The hackers also nabbed customers’ drivers’ license numbers and related names and addresses.
Can you imagine dealing with a security breach of this magnitude? If your contact center has a database of customer information, it could happen to you if you aren’t vigilant against attacks and behavior that puts your information at risk.
The SANS Institute recommends that you protect your contact center by deploying five layers of technology. These five layers cannot, however, be your only solution. Research shows that up to 70 percent of all identity theft starts on the inside. While I don’t know how the theft occurred at TJX, I do know that it is imperative that companies employ clear personnel and operational guidelines, and conduct ongoing security audits that identify potential areas of vulnerability.
By honestly answering the following questions, you can determine if your operational procedures are adequate, or they require some changes:
- How are background checks of contact center agents conducted?
- How many technology defense walls are implemented?
- Are laptops used and, if so, what type of information is stored on them?
- Do contact center employees sign affidavits saying they will not access customer information for personal use?
- What systems are in place for disabling network access when employees are terminated?
- Is there a list of contact center employees who have access to sensitive information?
- How are passwords set up and how often are they required to be changed? What level of encryption is used?
- What safeguards are in place with respect to documents that leave the building with employees?
- Do you outsource any transactions? If so, how are vendors screened?
- Do you have published guidelines for information handling that specifically addresses practices such as using publicly accessible computers or downloading sensitive data and removing it from your business locations?
Following a layered approach and addressing questions and issues such as those listed above will help you keep identify thieves at bay.
Author: Gary Barnett
Catergories: Compliance/Regulatory, Contact Center Technology
(No Ratings Yet)
Loading ...
5:38 am on June 20th, 2007
I feel that big companies should try to spend some resources on adhering to standards like ISO 17799 to avoid such security breach. Enforcing these standards will help them to comply with many other regulations. A crosswalk poster between different regulations is a very useful tool for IT & compliance team member, specially when it is available at no cost. This poster is crosswalk between: ISO 17799, COBIT 4.0, HIPAA, Payment Card Industry (PCI), GLBA, NERC standards CIP and PIPEDA (Canada) http://www.compliancehome.com/symantec/
8:43 pm on September 11th, 2007
You have really provided very useful points that need to be implemented by many organizations to have a smooth running of their operations to keep away organization from any kind of unusual filch. Contingency plan templates can jump start HIPAA, Sarbanes Oxley (SOX), FISMA, ISO 17799 and many other regulations/standards contingency plan project which includes business impact analysis (BIA), business continuity plan (BCP), disaster recovery program (DRP), emergency mode operation plan (EMOP), data backup plan, testing and revision procedures and many other projects. These templates can also be used by IT departments of different companies, security consulting companies, manufacturing company, servicing companies, financial institutions, educational organizations, law firms, pharmaceuticals & biotechnology companies, telecommunication companies and others.
1:33 am on May 27th, 2009
how often should peolpe be changing there password?