Personally Identifiable Information (PII) Theft On the Rise

Fortinet advises Malaysian companies to strengthen security of sensitive information to prevent reputation loss and reduce compliance penalties

MALAYSIA, July 24, 2012 – Fortinet, a world leader in high-performance network security, has urged Malaysian companies to protect its organization from Personally Identifiable Information (PII) breach. PII represents data that could be used for identity theft purposes, i.e. any unique piece of data that can be linked to a specific person, such as name, address, date of birth or telephone and social security numbers. Identity theft has become a growing problem as hackers and cybercriminals could easily access to a company’s network and steal customer’s sensitive data.

In the last few years, broader adoption of compliance regulations across Asia Pacific including financial penalties has highlighted the importance of PII protection, compelling organizations to bolster their security mechanisms. However, surveys show that identity theft incidents are still on the rise. Easy access to databases through cloud collaboration platforms and social networking, mobility and the other IT trends have pave the way for cybercriminals to pilfer users’ most personal information from the Web.“While financial penalties for non-compliance can be prohibitive, these fines can easily be exceeded by the costs of “clean-up” and remediation, should customer PII be either accidentally or maliciously exposed in an actual data breach. Such “clean up” includes physical letters to the entire database, resources to deal with customer queries and possibly manufacturing costs of new credit cards, not to mention reputation loss. These accumulated costs could be enough to take a company out of business,” said George Chang, Fortinet’s Regional Director for Southeast Asia & Hong Kong.

While data is never 100-percent secure especially when stored on Web facing servers and undergoing routine transactions on moving applications, CIOs and IT Security professionals in Malaysia are advised to adopt the following best practices to mitigate the risks of PII breach:

1. Educate Management and Employees on Risks
Management and employee education is a key factor in mitigating an organization’s risk. Employee education should also include identifying popular risky behaviours such as app installation and the use of unsanctioned software.

2. Adopt Role-Based Data Loss Prevention Solutions
Role-based data loss prevention solutions not only trigger record and alert IT administrators to such breaches, but also give security personnel the ability to react to them. Those mitigation techniques could range from archiving data transmission, to alerting management to quarantining a user or vector from further transaction until the threat was sufficiently addressed.

3. Comprehensively Assess the Location of All Risk Areas
Companies need to determine where all of their PII is stored, who has access to the information and how PII moves, both within and outside the confines of the organization. Once that information is discovered and catalogued, the responsibility will be on IT administrators to implement appropriate security policies protecting that data.