- Develop secure web applications: Follow best practices in web application development, as represented by the Open Web Application Security Project (OWASP).
- Check identities and backgrounds before authorizing access: The Identity Theft Assistance Center is one resource where members can quickly check application information against a database of known identity thefts.
- Institute strong authentication procedures: Strong authentication, such as a PIN token, a smart card calculator or another soft mechanism, makes fraudulent access more difficult, but not impossible.
- Monitor and compare user activity to detect suspicious behavior: Strong authentication is not sufficient to protect sensitive customer information, especially from employees and other authenticated users who may succumb to the temptation of theft or malicious conduct.
- Develop a comprehensive incident response plan: There is no absolute means by which an incident can be prevented. Therefore, it is imperative that companies develop appropriate incident response plans, including remediation and communication strategies.
Bruce Pharr is director of marketing for Covelight Systems