Protect Your Data from Fraud and Theft with More Than Just Passwords

David Anderson is principal of David Anderson & Associates, a Philadelphia forensic accounting firm that provides a full range of fraud investigation, fraud deterrence, litigation support and expert witness testimony services in Philadelphia and the Delaware Valley.

In last week’s blog, Certified Fraud Examiner David Anderson discussed how using secure passwords can help protect the data of your company or organization from fraud and theft. Passwords alone, he advises this week, will not keep your data secure; you need to address other issues that can potentially compromise your data.

These other issues include:

  • Access by former employees, former contractors and/or “guests” – Does your company remove ALL access capabilities (including both internal and external access) of employees or contractors who leave? How about guests who are granted temporary system access (such as temporary employees or visitors)? Some companies retain certain accounts for reuse by new employees, contractors, and/or guests. This allows a former employee, contractor, and/or guest to potentially access the company’s data.
  • Physical access – As with system access, does your company require and track the return of keys, keycards, and other access to your physical facilities? Are their access codes removed from the system? Even if you have done so, do you have policies and procedures in place (as well as training and enforcement) that prevent your employees and/or contractors from allowing someone else to simply walk into your facility with them? If not, your company could be at risk.
  • Secure backup – If you backup sensitive data files offsite, how secure is the physical facility or the service that you are using? If the offsite backup service or facility is not secure, your data could be at risk.
  • Software security updates – Do you have policies and procedures in place to ensure that all software updates – particularly those that are security-related – are installed as soon as they are received? If not, security exploits could be used against your systems.
  • Limitation on offsite use of data – Do you allow employees to store data offsite on laptops, tablets, and/or smartphones? If so, you are at risk of the devices being stolen and the data being compromised. (Every month, there are new reports of some major company or government agency suffering from the theft of a laptop, tablet, or cellphone that contained sensitive data.)
  • Locked file cabinets or rooms – Do you still maintain certain sensitive data in paper files? Is access to those files restricted by storage in locked file cabinets or rooms? If not, employees, contractors, and others could gain access to such sensitive data. Even worse, if such paper files are the only source of certain data, your company could be at risk of the data being removed or damaged (as by a fire or severe storm).
  • Socially engineered attacks – Even if you have implemented secure passwords as well as addressed all the issues above, a well-planned socially engineered attack can render these other safeguards useless. Is your staff well-trained in understanding what a socially engineered attack is and how to react to it? Have they been taught to watch out for suspicious phone calls and/or e-mails that seemingly have come from corporate executives or the IT department? If not, your company could be at risk.

Protecting your data from fraud or theft takes more than just changing passwords. It also requires analyzing other areas at risk, and implementing policies, procedures, and training to protect against those risks. If you feel you need assistance in these areas, contact a Certified Fraud Examiner from an experienced firm that provides forensic accounting services in Philadelphia and the Delaware Valley to conduct a computer security analysis and recommend a comprehensive fraud deterrence program.

If you require forensic accounting services in Philadelphia and the Delaware Valley, please contact the Philadelphia forensic accounting firm of David Anderson & Associates by calling David Anderson at 267-207-3597 or emailing him at

About David Anderson & Associates

David Anderson & Associates is a Philadelphia forensic accounting firm that provides a full range of forensic accounting services in Philadelphia and the Delaware Valley. The experienced professionals at David Anderson & Associates provide forensic accounting, business valuation, fraud investigation, fraud deterrence, litigation support, economic damage analysis, business consulting and outsourced CFO services. Company principal David Anderson has more than 30 years of experience in financial and operational leadership positions and is a Certified Public Accountant, a Certified Fraud Examiner and a Certified Valuation Analyst.