{"id":93345,"date":"2020-10-20T15:00:12","date_gmt":"2020-10-20T12:00:12","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/"},"modified":"2020-10-20T15:00:12","modified_gmt":"2020-10-20T12:00:12","slug":"identity-theft-why-companies-are-being-targeted-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/","title":{"rendered":"#Identity Theft \u2013 Why Companies Are Being Targeted \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2fcc83255ad\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2fcc83255ad\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#Breaches_Fines_and_Damages\" >Breaches, Fines, and Damages<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#PII_and_Identity_Theft\" >PII and Identity Theft<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#Why_Breaches_Happen\" >Why Breaches Happen<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#Insider_Mistakes\" >Insider Mistakes<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#Malicious_Insiders\" >Malicious Insiders<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#Outside_Attacks\" >Outside Attacks<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#Encryption_Is_Your_Friend\" >Encryption Is Your Friend<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#Deploying_Encryption\" >Deploying Encryption<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#Categorize_Your_Data\" >Categorize Your Data<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#Establish_the_Data_Expiration_Period\" >Establish the Data Expiration Period<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#Perform_Due_Diligence_and_Market_Research\" >Perform Due Diligence and Market Research<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#Set_Policies_and_Procedures\" >Set Policies and Procedures<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#Conduct_Staff_Training\" >Conduct Staff Training<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/buradabiliyorum.com\/en\/identity-theft-why-companies-are-being-targeted-cloudsavvy-it\/#Dont_Forget_the_Basics\" >Don\u2019t Forget the Basics<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#Identity Theft \u2013 Why Companies Are Being Targeted \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure id=\"attachment_7443\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"imgchk9 wp-image-7443 size-full\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/e95a1e3d5919597485b36ec590c3fd7f\/p\/uploads\/2020\/10\/54d51687.png\" alt=\"Bunch of silver keys on encrypted sheet.\" width=\"700\" height=\"300\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-photo\/bunch-silver-keys-on-sheet-encrypted-543213739\" data-credittext=\"Shutterstock\/Cousin_Avi\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/bunch-silver-keys-on-sheet-encrypted-543213739\">Shutterstock\/Cousin_Avi<\/a><\/span><\/figcaption><\/figure>\n<p>Traditionally a worry for individuals, identity theft is now a concern for businesses. It can erode the loyalty of employees and make clients think you\u2019re too risky to be associated with.<\/p>\n<h2 id=\"breaches-fines-and-damages\"><span class=\"ez-toc-section\" id=\"Breaches_Fines_and_Damages\"><\/span>Breaches, Fines, and Damages<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Breaches of personally identifiable information (PII) or the in<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ropriate use of PII can result in large fines. In Europe, the first wave of significant fines under the\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:32016R0679&amp;qid=1600605964569&amp;from=EN\">General Data Protection Protection<\/a>\u00a0act has crashed upon the unlucky businesses.\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/datenschutz-hamburg.de\/assets\/pdf\/2020-10-01-press-release-h+m-fine.pdf\">H&amp;M (Hennes &amp; Mauritz Online Shop)<\/a>\u00a0has been fined the equivalent of USD 41 million.<\/p>\n<p>And, GDPR doesn\u2019t just apply to European businesses. If you employ Europeans or trade or operate in Europe\u2014and if you have a website accessible from Europe and there\u2019s an email address on it that people can use to contact you, that counts as trading\u2014the GDPR applies to you, too. That\u2019s how Google\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.cnil.fr\/en\/cnils-restricted-committee-imposes-financial-penalty-50-million-euros-against-google-llc\">was fined USD 58.5 million<\/a>.<\/p>\n<p>Of course, the GDPR is just one regulation. In the U.S., data protection legislation is scattered throughout the United States Code in acts such as the\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/uscode.house.gov\/view.xhtml?req=granuleid:USC-prelim-title18-section2721&amp;num=0&amp;edition=prelim\">Driver\u2019s Privacy Protection Act of 1994 (DPPA)<\/a>, the\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/uscode.house.gov\/view.xhtml?path=\/prelim@title15\/chapter91&amp;edition=prelim#\">Children\u2019s Online Privacy Protection Act (COPPA)<\/a>, and the new <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/leginfo.legislature.ca.gov\/faces\/billTextClient.xhtml?bill_id=201720180SB1121\">Californian Consumer Protection Act<\/a> (CCPA).<\/p>\n<p>As if the fines weren\u2019t bad enough, the reputational damage that accompanies a breach or other data-related non-compliance can have a tremendous impact on a business and its relationships with customers and clients. Business relationships require attention. It takes time and effort to nurture and maintain them. But they can be broken and lost overnight by bad PR. Sometimes, there\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.phrases.org.uk\/meanings\/there-is-no-such-thing-as-bad-publicity.html\">is such a thing as bad publicity<\/a>.<\/p>\n<p>All businesses hold the PII of employees, suppliers, and customers. They need to be aware that they are responsible for the gathering, safeguarding, and legitimate use of that data. According to the 2020\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.ibm.com\/security\/digital-assets\/cost-data-breach-report\/#\/\">Cost of a Data Breach<\/a>\u00a0report by IBM, the financial impact on a business per lost PII <em>record<\/em> is USD 150.<\/p>\n<p>If the stolen PII allows a threat actor to impersonate a member of your staff so that they can communicate convincingly with a customer, supplier, the bank, or someone in your accounts department who has the authority to transfer money, the cost will be much higher.<\/p>\n<h2 id=\"pii-and-identity-theft\"><span class=\"ez-toc-section\" id=\"PII_and_Identity_Theft\"><\/span>PII and Identity Theft<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Identity theft is an umbrella term covering a variety of frauds involving credit cards, hire-purchase deals, leases, online purchases, and online banking. Identity theft is often associated with stolen or otherwise leaked PII.<\/p>\n<p>From the moment that computers became common in the mainstream business world, companies have been collecting, storing, and processing PII.\u00a0Any single piece of data about a person is PII. You don\u2019t need to store the entire digital jigsaw of data that definitively identifies someone for your data to count as PII. If you hold even one piece of the jigsaw, that snippet of data is classed as PII and must be protected just as strongly as a complete data dump of that person.<\/p>\n<p>From the threat actor\u2019s point of view, obtaining a complete data record about someone is like hitting paydirt. But little bits of information are still useful to them, just like many smaller nuggets\u2014if you find enough of them\u2014can make up a worthwhile haul. The more PII you hold, and the larger the number of people you hold data on, the more attractive a target you are.<\/p>\n<p>But that doesn\u2019t mean smaller firms are going to be ignored by the criminals. And in fact, they may be a preferred target because they are unlikely to have as rigorous a set of cybersecurity protections and controls in place as an enterprise-scale organization, nor have a dedicated body of staff to implement and oversee them.<\/p>\n<p>Gone are the days of scrabbling round in people\u2019s bins or a company\u2019s dumpsters looking for paper-based information to build a viable identity theft persona. This type of fraud has become high-tech and highly valuable. Inevitably, it has caught the attention of organized crime. The data thieves are either operating for organized crime groups, who will use the stolen PII to perpetrate frauds, or they are smaller cybercriminal operations who will sell the data on the Dark Web.<\/p>\n<p>Some stolen PII provides a short window of opportunity to the threat actors. Soon after the information is used by the threat actors, it is noticed by the victim. The victim alerts the service provider\u2014such as the bank, credit card company, online shopping, or <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Social<\/a> Security\u2014and the account is frozen, or whatever other action needs to be taken. But sometimes the fraudulent actions are not detected for quite some time.<\/p>\n<h2 id=\"why-breaches-happen\"><span class=\"ez-toc-section\" id=\"Why_Breaches_Happen\"><\/span>Why Breaches Happen<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h4 id=\"insider-mistakes\"><span class=\"ez-toc-section\" id=\"Insider_Mistakes\"><\/span>Insider Mistakes<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Accidents happen, such as leaving a laptop on a train or emailing a spreadsheet to the wrong person. Some accidents happen because policies and procedures are not followed\u2014often in times of pressure or stress\u2014and mandated practices are ignored or corners are cut.<\/p>\n<p><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Phishing\">Phishing<\/a> and <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Phishing#Spear_phishing\">spear-phishing<\/a> attacks are used by the threat actors to coerce staff members into inadvertently installing malware, such as <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Rootkit\">rootkits<\/a> and <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Remote_desktop_software#RAT\">remote access trojans<\/a> (RATs).\u00a0Job pressure comes into play here, too. Harassed and struggling staff are less likely to stop and run through a mental checklist to determine whether an email or its attachment is real or malicious.<\/p>\n<h4 id=\"malicious-insiders\"><span class=\"ez-toc-section\" id=\"Malicious_Insiders\"><\/span>Malicious Insiders<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Disgruntled employees can engineer PII data breaches to enact what they see as vengeful justice against the company. Others might steal PII to try to benefit financially. They might be plants that managed to get a job with your company, but really they are working for a competitor and they are conducting industrial espionage.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>The Disgruntled Employee and the Damage They Can Do<\/em><\/strong><\/p>\n<h4 id=\"outside-attacks\"><span class=\"ez-toc-section\" id=\"Outside_Attacks\"><\/span>Outside Attacks<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>The majority of PII data breaches are due to external threat actors. Because identity theft has become a lucrative (criminal) business and organized crime has taken an interest, the attacks are coordinated and sophisticated. They may mount phishing attacks, exploit vulnerabilities, or use dictionary attacks to work out what passwords are in use.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>How to Protect Your Organization Against Password Dictionary Attacks<\/em><\/strong><\/p>\n<h2 id=\"encryption-is-your-friend\"><span class=\"ez-toc-section\" id=\"Encryption_Is_Your_Friend\"><\/span>Encryption Is Your Friend<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure id=\"attachment_6821\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"imgchk9 wp-image-6821 size-full\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/36f883fe2570b7b73040a9547e923569\/p\/uploads\/2019\/07\/5999c4af.png\" alt=\"Locked and unlocked files.\" width=\"700\" height=\"300\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-illustration\/lock-full-collection-icons-like-that-82383217\" data-credittext=\"Shutterstock\/Pavel Ignatov\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-illustration\/lock-full-collection-icons-like-that-82383217\">Shutterstock\/Pavel Ignatov<\/a><\/span><\/figcaption><\/figure>\n<p>Encryption is your friend, but it is not a universal cybersecurity panacea. You still need to use the appropriate technological defenses, robust IT governance with policies and procedures, and staff training in cybersecurity awareness to try to protect your systems.<\/p>\n<p>Data should be encrypted on storage devices, such as hard drives, external drives, and backup systems. Both off-site and local backups should be encrypted. All mobile devices including laptops, smartphones, tablets, memory sticks, and CD-ROMs should be encrypted.<\/p>\n<p>Encryption won\u2019t stop the theft of the data. Hopefully, your other defensive measures will. But encrypting the data should prevent cybercriminals from benefiting from having it. It\u2019s like using a\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Dye_pack\">dye pack with paper money<\/a>. If the safe is stolen, the dye pack explodes, indelibly staining the money and rendering it useless. The dye pack won\u2019t stop a safe from being stolen and blown open, but there is no payoff for the criminals.<\/p>\n<p>Also, a\u00a0breach of encrypted data is a far less pernicious misdemeanor in the eyes of data protection legislation than the loss of plain-text PII.<\/p>\n<p>Encryption <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> is available for businesses in a variety of products today. Often, it is an integral part of a product offering, such as\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"http:\/\/redirect.viglink.com?u=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fmicrosoft-365%2Fbusiness%2Fcompare-all-microsoft-365-business-products-b&amp;key=204a528a336ede4177fff0d84a044482\">Microsoft 365<\/a>\u00a0email.<\/p>\n<p>Products are available to allow you to encrypt your on-premises systems, too. Be aware that after you choose and deploy an encryption product, you must still periodically review the various encryption products. Even a best-of-breed encryption program could be shown to have a flaw in its algorithms that leave its encryption vulnerable to exploit. So, don\u2019t make your product choice and forget about it. Make sure your product decision is still valid today.<\/p>\n<p>Encryption brings its own governance and maintenance overheads. Encryption routines use <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Key_(cryptography)\">encryption keys<\/a>. These are strings of seemingly random characters and symbols that are used with the algorithm to encode and decode the data. And like all important keys, they must be safeguarded and access to them governed and controlled. You need to address these topics when planning to deploy wide-scale encryption across your company.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Deploying_Encryption\"><\/span>Deploying Encryption<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you don\u2019t have a data asset registry, perform a data audit and create one. As a minimum, you need to know what data you hold, where it is stored, who needs to access it, and how sensitive or critical it is. Local legislation\u2014such as GDPR\u2014may require you to be much more granular than this.<\/p>\n<h4 id=\"categorize-your-data\"><span class=\"ez-toc-section\" id=\"Categorize_Your_Data\"><\/span>Categorize Your Data<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Categorize the data into bands, such as:<\/p>\n<ul>\n<li><strong>Restricted data:<\/strong> Breaches of this category data will cause significant damage to the company, one way or another. The highest levels of control and protection must be applied to this data.<\/li>\n<li><strong>Private data:<\/strong> All company data that is not restricted and not public is considered to be private. Unauthorized access to private data carries a moderate risk to the company. A reasonable level of control and protection must be applied to this data.<\/li>\n<li><strong>Public data:<\/strong> Requires little or no control and protection.<\/li>\n<\/ul>\n<h4 id=\"establish-the-data-expiration-period\"><span class=\"ez-toc-section\" id=\"Establish_the_Data_Expiration_Period\"><\/span>Establish the Data Expiration Period<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>If the data has a date after which it is unlikely to be useful, and you know your encryption cannot be defeated within that time period, your data can be considered safe.<\/p>\n<p>Some data, such as credit cards, have a clear expiry date. If someone obtains the credit card number and the\u00a0<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Card_security_code\">Card Verification Value<\/a>\u00a0(CVV) code they only have up to the card expiry date to use them.<\/p>\n<p>Other data, such as elements of PII, will have a period within which it is reasonable to expect a victim of identity-related fraud to notice something is amiss, such as strange entries on a bank statement.<\/p>\n<h4 id=\"perform-due-diligence-and-market-research\"><span class=\"ez-toc-section\" id=\"Perform_Due_Diligence_and_Market_Research\"><\/span>Perform Due Diligence and Market Research<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Guided by the foregoing steps and your data asset register\u2014and budget, of course\u2014review the encryption tools that are available and select the best match for your needs.<\/p>\n<h4 id=\"set-policies-and-procedures.\"><span class=\"ez-toc-section\" id=\"Set_Policies_and_Procedures\"><\/span>Set Policies and Procedures<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Create or refresh existing policies and procedures to provide control and guidance in the use of the encryption tool and the control and safeguarding of the encryption keys.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"Conduct_Staff_Training\"><\/span>Conduct Staff Training<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Provide training sessions for your staff so that they understand the reasons behind the changes, what the new methods of working are, and what is expected from them. Make it clear that these measures are designed to protect them and their data.<\/p>\n<p>Include this type of briefing as part of the induction process for new employees.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>What Are the Three Pillars of Cybersecurity?<\/em><\/strong><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Dont_Forget_the_Basics\"><\/span>Don\u2019t Forget the Basics<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Remote connections to your business or to cloud-based resources must be made using secure and encrypted protocols, and all applications and operating systems must be patched with the latest upgrades and security patches.<\/p>\n<p>Remember that encryption protects stolen data\u2014it won\u2019t stop data from being stolen.<\/p>\n<p>\u00a0\n<\/p><\/div>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener noreferrer\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/7410\/identity-theft-why-companies-are-being-targeted\/\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Identity Theft \u2013 Why Companies Are Being Targeted \u2013 CloudSavvy IT&#8221; Shutterstock\/Cousin_Avi Traditionally a worry for individuals, identity theft is now a concern for businesses. It can erode the loyalty of employees and make clients think you\u2019re too risky to be associated with. Breaches, Fines, and Damages Breaches of personally identifiable information (PII) or the&#8230;<\/p>\n","protected":false},"author":1,"featured_media":93346,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2020\/10\/54d51687.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-93345","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/93345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=93345"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/93345\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/93346"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=93345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=93345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=93345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}