<div class="MsoNormal"><span style="" lang="EN-IE">REDUCING THE IMPACT OF PII SECURITY BREACHES<o:p></o:p></span></div> <div class="MsoNormal"><span style="" lang="EN-IE"><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></div> <div class="MsoNormal"><span style="" lang="EN-IE"><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></div> <div class="MsoNormal"><span style="" lang="EN-IE">The persistent security breaches that occur in so many organisations and institutions are no longer big news. What is worrying is that while it is expected in financial institutions, as obvious targets for their ‘monetary rewards’, it is rather unexpected in that about a third of the reported security breaches in the U.S. occur in educational institutions.<o:p></o:p></span></div> <div class="MsoNormal"><span style="" lang="EN-IE">Obviously the level of protection afforded the information (mainly Personal Identifiable
Information PII) held by<span style=""> </span>these educational institutions is much less than their financial counterparts, yet the data breaches could be just as damaging.<o:p></o:p></span></div> <div class="MsoNormal"><span style="" lang="EN-IE">What makes the PII so valuable to fraudsters? Loans, mortgages, credit cards, illegal employment could be obtained using this kind of information.<o:p></o:p></span></div> <div class="MsoNormal"><span style="" lang="EN-IE">This now rests the burden of responsibility at the feet of organisations that use PIIs as the only way to validate the identity of applicants for their services.<o:p></o:p></span></div> <div class="MsoNormal"><span style="" lang="EN-IE">Fraudsters use this information largely because it is inherently ‘low risk’ with huge returns as the risk of being physically present is eliminated by organisations relying heavily on e-commerce.<o:p></o:p></span></div> <div
class="MsoNormal"><span style="" lang="EN-IE">The question is, do the benefits of cost cutting, easing organisation’s operations by doing substantial amounts of business online outweigh the impact of not providing enough protection to customers PII by not streamlining processes and procedures to aid the security of customers PII at the risk of legislative/regulatory fines etc.<o:p></o:p></span></div> <div class="MsoNormal"><span style="" lang="EN-IE">A suggestion to revert to the stone ages is not being conceived but the emphasis on using PIIs for validations, verifications and even in some cases authentication by a lot of institutions should be reduced.<o:p></o:p></span></div> <div class="MsoNormal"><span style="" lang="EN-IE">Biometrics, token password solutions provide alternative authentication mechanisms, which organisations avoid because of costs, but in the long term an ROI might justify the investment against legislative/regulatory fines,
litigation, legal fees and loss of goodwill/reputation.<br> <o:p></o:p></span></div> <div class="MsoNormal"><span style="" lang="EN-IE"><!--[if !supportEmptyParas]--> <!--[endif]--><o:p></o:p></span></div> <BR><BR>Henry Ojo BSc HISP BS7799 Auditor<br>www.efortresses.ie<br>Cell: 00353 874182266<br>Office:+(0) 7958430094<br>Fax :+(0) 7092 0950843<p> 
<hr size=1>
The <a href="http://us.rd.yahoo.com/mail/uk/taglines/default/nowyoucan/free_from_isp/*http://us.rd.yahoo.com/evt=40565/*http://uk.docs.yahoo.com/nowyoucan.html">all-new Yahoo! Mail</a> goes wherever you go - free your email address from your Internet provider.