According to Governer Duval Patrick’s report on the source of information resulting in identity theft, 75% of stolen data was not encrypted and/or not password protected. This finding is one of the main reasons for the Commonwealth’s new Identify Theft Prevention Regulations I’ve been blogging about in recent months. Even though the date has been pushed out till May, 2009, many of our clients have begun initiatives to achieve compliance well ahead of the deadline.

By starting your password protection and encryption project now, you’ll have more time to completely evaluate where password protection is insufficient, and where data encryption will be necessary. Once data is collected about what information exists where, and who has access to it, stategic decisions can be made that will minimize the negative effects poorly implemented security initiatives have on an organization.

As an alternative to conducting a detailed analysis of what data exists where and who needs access to it (though Centrend believes this is a good business practice even for all data sets, not just those covered by this regulation) it is also possible to encrypt and password protect everything. You will still need to practice due dillegence to take care that users have access only to the information that they need, but it does save the some work if all data everywhere is password protected or encrypted.

Some of the negative consequences of poorly implemented security you’ll want to avoid are:

1. Users are too constricted in what they can get to
2. It’s difficult or even impossible to recover from lost passwords
3. Encryption deployed on weak platforms can slow the flow of information to a crawl
4. Data that should be protected by passwords and/or encryption is missed while data that is not considered PI (private information) is not secured

The result of these negative consequences is quite severe. At best, users will experience lower productivity because of “password roadblocks” and at worst, confidential information becoming exposed in the form of a data security breach. When a data protection initiative is ineffective or incomplete, not only is your data still vulnerable, but the poor strategy makes it harder for everyone to get their jobs done.

The consequences of a bad implementation of security best practices is severe and does not have to be your experience. Contact me for a free consultation on how Centrend can help you protect your company’s private information without crippling your team’s ability to get their job done.