Protection. Perhaps one of the most vulnerable pieces of
information out there on the Web are what industry experts call
personally identifiable information. Chances are, if you bought
something--especially on the Web--your credit-card number and other
sensitive data are floating around on some database.
Credit-card companies themselves can help out, in order to stamp
out identity theft. They provide programs that allow vendors to protect
credit-card information. They can also offer advice as to how a company
can protect itself from those who would harm it: Go from the outside in,
says Alfredo Perez, senior vice president for support services for
Visa's Latin American and Caribbean region. Protect the
company's network first. Then the hardware and then the
applications and then the data itself. That makes a hacker or anyone
else looking to steal data break through many more levels of security to
get to the goodies.
"The more difficult you make it, they go away," Perez
says of potential hackers. "They want the low-hanging fruit."
That's not an easy task. The CIO must continue to monitor all
systems and go through routines such as changing passwords. Plus he has
to make sure the right people have access to the right information.
"Before it wasn't a big deal, but now it's a great
deal," says Perez.
So what about the employees themselves? Do they play a part?
Absolutely says Kari Perez at Visa's corporate communications
office for Latin America and the Caribbean. "We are always getting
emails from the company asking us to be compliant," says Kari
Perez. To help out, Perez attends annual training sessions focused on
keeping the data safe. It's also part of the initial training
employees go through when they begin work at Visa, where people are
taught what programs they can and cannot run on their computers.
What happens when data gets leaked? What if someone screws up an
accounting journal? Should you panic? Not really. A well-run company
should have a plan for this sort of thing, says Kevin M. Levy, a lawyer
with the Gunster Yoakley law firm in Miami who specializes in business
law and corporate finance.
A company should have a response team ready to act in case an event
were to happen. That team should include attorneys, public relations
experts and the IT team. And having that team ready is still not enough.
"You've got to test that plan over and over and over so
you've got it down pat when something happens," Levy says.
FORREST JONES * MIAMI
COPYRIGHT 2007 Freedom Magazines,
Inc. Reproduced with permission of the copyright holder. Further reproduction or distribution is prohibited without permission.
Copyright 2007 Gale, Cengage Learning. All rights
reserved. Gale Group is a Thomson Corporation Company.
NOTE: All illustrations and photos have been removed from this article.