Home » Data Protection » PCI and Compliance

Industry View

Business Closures and Information Loss: An Unforeseen Impact of the Economic Meltdown

As retailers shut down and liquidate their point of sale systems, guess what else they're selling?

By Todd Waskelis and Bindu Sundaresan, VeriSign

Page 3

For Consumers:
First and foremost, recognize that there is an increased risk of identity theft with the economic downturn. The emotions surrounding the personal losses in an economic downturn can negatively impact the security-conscientiousness of consumers. Consumers are being scammed in an ever-increasing variety of ways. For example, people are receiving phishing e-mails asking them to provide their bank account information so as to avoid having their bank account closed in a merger. They provide their bank information and their account balance is plundered. Be aware of what you are doing in the cyber world. Ensure that you monitor your credit reports so that you can detect any fraudulent activities. Use the shredder to dispose of any mail that contains sensitive information.

Good Information Security Practices Do Not (or at least Should Not) Change

The last thing you want as a business trying to survive the economic crunch is a security incident. To ensure you are prepared, we provide below some best practices that can be lifesavers during these tough economic times, especially for companies that are weary of capital expenditures to address security risks. Here are six tips to make those smart security investments:

Focus on Information Security: As the economy has fundamentally undergone a meltdown, it is important to focus on securing information and assets as an organization while maintaining a secure infrastructure that can enable the business.
Adopt a Risk-Based Security Program: Incorporate a risk-based approach to security, especially during times when you have to make spending decisions on security. It is always better to take a proactive approach to security than a reactive one and only through a strong risk management program can these decisions be effectively made.
Focus on Security Awareness: Security tends to stay within IT in most organizations. Take steps to propagate your organization's security strategy beyond your IT department. No better investment can be made to protect against insider threats and targeted attacks against employees which rise during times of economic downturns. Ensure that the policies and procedures that you have as part of the information security program still are being followed and working. (See also How to Build an Effective Awareness Program.)
Think About Intellectual Property (IP) Protection: The purpose of IP is to protect investment in the branding, design, technology and creative works that give one supplier and edge over his or her competitors. Your IP is your business, protect it as such.
Think of Security as a Business Enabler: Process re-engineering and optimization projects can find efficiencies in IS processes that can be turned into cost savings. Consider outsourcing non-core competencies to a Managed Security Services Provider and focus internal resources on tactical and strategic activities rather than managing technology.
Conduct Compliance Assessments Regularly: Perform health checks on your security posture and ensure that you don't go down the road of becoming non-compliant with regulations as the economy hits a rough time. Understand the ultimate goal of being compliant is to be secure and not just on paper. For every compliance dollar spent, a corresponding measure of risk should be reduced or your compliance dollars are not being effectively spent, and may even be wasted. Risk reduction should drive compliance, not the other way around.