Whatever...

By Flora Haslam

Having just moved house and inherited an apparently endless supply of the former occupants' utility bills and bank statements (in among the deluge of offers for credit, insurance and the best curry in South London), I've started thinking more about the problems of ID theft. 

There's plenty of scare stories about people who've found - often too late - that their identities have been stolen and thousands of pounds of debt racked up - for example, in the UK, we're currently in the midst of National Identity Fraud Prevention Week, yet another initiative telling us we should all be shredding our bills and locking up our important documents.  And that's before we've even thought about what we need to do to protect our identities online (though I'm still amazed by the number of people who click on phishing emails to update bank details for organisations they've never even banked with).

But it’s not just consumers.  Tackling ID fraud, and simply managing identities, is also becoming a big problem in the business world.  A recent survey from the Institute of Directors revealed that ID theft cost UK businesses an estimated £50million last year alone and if companies fail to take action, this figure is set to increase to £700m by 2020.

Traditional processes for managing people and identities in the office environment are becoming obsolete as new platforms, systems, databases and applications are continually added.  Just remembering to delete ex-employees from the system and change passwords regularly can seem like a mammoth task.  With the growing number of web users in so many organisations, it has become increasingly difficult for IT staff to keep track of who should have access to what - and when. 

Just as with corporate email usage, organisations should have formal policies in place to ensure that both staff and the company as a whole are following best ID protection practice.  For example, documents are stored and disposed of appropriately, users only have access to the information they need, and everybody is following safe computing rules to minimise the risk of key-logging Trojans infiltrating the corporate network. 

The ingenuity displayed by data thieves means that identity management is never going to be easy - but the financial implications for companies that don't take it seriously can be huge, so it's vital that this issue is seriously addressed now.