Software designed to prevent identity theft

It is recommended that employees be aware of what actually lives on their systems.

Using peer-to-peer (P2P) file sharing applications on the job raises the risk that confidential data residing on a user's PC might be inadvertently exposed to a cybercriminal, says the head of a security vendor.

It's tricky to prevent employees from using P2P applications at work, and besides, imposing a corporate policy to prevent them from using these networks is not necessarily the best approach, said Todd Feinman, CEO of security technology provider Identity Finder, a division of Velosecure.

Another useful policy is for employees to be aware of what actually lives on their systems, said Feinman.

"These employees don't realize that such sensitive information exists in their files," he said, adding that if the threat doesn't stem from P2P applications then it'll surely be from another.

Feinman said the enterprise edition of the company's security software, Identity Finder, is intended to help businesses search and secure confidential data residing on user systems, like employee identifications, telephone numbers, passwords/PINs, dates of birth, and Social Insurance Numbers.

It works by automatically trolling a user's computer system in places like a Web browser's auto-complete fields, Web pages and cookies, instant messenger logs and compressed files. The software can be customized to identify certain types of data, and the process doesn't require users to enter specific information about themselves, the company, or a customer. "

Once done, the user receives a report as a means to preview the action to be applied to the identified data.

Feinman said employees can use the software on individual systems, or IT administrators can apply the tool on the back end, by way of admin privileges, to scan file systems or e-mail clients of remote network computers. "[The latter is] a good approach because having all that information in one place allows you to run a report and say, 'Here's how much we're at risk.'"

However, he cautioned the sole downside to the backend approach is the inability on the part of the IT admin to take action on identified data. In this instance, IT can use the quarantine function to move data to a central server in case it needs to be restored to the user.

More often, though, Feinman observed IT admins including it as an extra feature on builds and computer images so employees can run it on a regular basis, while IT supports it.

Feinman suggests the following security process around Identity Finder: deploy the software, push it out to employees, customize it to individual needs, set a regular schedule to run a system search, and set pop-up reminders for action to be taken on identified data.

It's necessary that security measures be holistic, encompassing software, process and behavior, said Carmi Levy, senior vice-president of strategic consulting for AR Communications "It's one thing to implement the tool, it's a quite another to make sure all employees at all levels of the organization understand all the threats that expose the organization to unnecessary risk."

Identity theft is that "big breach right now", said Levy, adding that companies should indeed consider the risks of P2P applications. However, he noted that threats have merely morphed over time: a decade ago, the same dialogue centered on instant messaging, and later it became about Web 2.0-based applications. "At any given time in the history of the IT department, there will always be a new technology that raises fears."

Levy ventured to add that at the very least, IT departments would consider Identity Finder as an addition to its security arsenal.

However, he cautioned the software is a "fairly small utility type application", and not an enterprise-class solution considering its origins as shareware. Although the tool doesn't have the scalability of Norton-based software, he added "it certainly does plug some holes at the desktop level that enterprises up till now have not been able to plug on their own".

Given industry interest in combating identity theft, Levy is encouraged by the software's entrance into the enterprise sphere nine months ago, following a lengthy presence in the consumer space. If anything, he added, the new market entrant raises awareness around identity theft and raises the issue's level of importance to that given to virus and spyware protection.

But because prevention of identity theft is very much a behavioral issue, Levy said the danger is that a short-sighted IT manager might believe this software alone has covered all the business' security bases.

Licenses for Identity Finder are based on the number of employees. According to Feinman, the tool has the scalability to support both small and large-sized businesses, adding that it has been "rolled out to tens of thousands of machines."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Kathleen Lau

ComputerWorld Canada

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?