Protecting sensitive corporate and customer data means more than just having a good password policy.

The TK Maxx/TJ Maxx data loss in 2007 and the Cotton Traders data loss in 2008, and now the Heartland Payment Systems loss all illustrate how weak network access controls ultimately lead to sensitive customer data being compromised.

Networks – both wired and wireless – must be as secure as current technology allows and inactive ‘zombie’ users should have their IT access deactivated, to avoid disgruntled former workers accessing systems, as well as reducing the number of entry points a criminal could use to gain access to back-office systems.

In addition, limiting user access to just the applications and repositories they actually need is an important tool to combat unauthorised and malicious data access. By limiting user access privileges, a compromised login will pose less of a threat to the business and limit the damage to mission-critical systems.

Stuart Hodkinson, UK general manager for Courion (http://www.courion.com)