Security Levels for data protection A company is liable for negligence in case it fails to maintain and implement adequate security practices and procedures to protect sensitive personal data. The security practices should be sufficient enough to prevent unauthorised access, damage, use or disclosure. The security practices should as per the agreement between the parties or as may be prescribed by the central government in case no such agreement is there. A company collecting information is supposed to have a information security policy and information security programme.In case of breach of sensitive data information, the company should be able to clearly demonstrate that it has implemented security measures as specified in its information security policy and information security programme. The international standard IS/ISO/IEC 2001 has been prescribed as one of the standards which can be used for company security policy and procedures. If a company choose to follow certain other standard, it has to clearly demonstrate that the steps are reasonable and adequate in case of breach . The SPDI rules 2011 also states that any best practices implemented by a body corporate is to be audited on a regular basis by an independent auditor and this audit should be done atlas once a year.How a business can protect itself from Business Identity theft Business owners who do not take adequate protection for protecting their business are totally venerable due to thieves who are clever and determined to exploit any weaknesses .Measures which can be taken by business owners and their employees are discussed below. A) It is important to know your bank’s policies in case of any fraud. Also it is important to know about the details of commercial banking agreementB) It is imperative to have a detailed security and authentication controls to protect against fraudulent wire transfers and electronic transactions.Sophisticated criminals can initiate money transfer out of business bank account through spyware and compromised banking credentials.It is difficult to catch a fraud money transfer as these transactions occur very quickly. Even after finding about the fraud it might be too late to stop the transfer or recoup money . It leads to loss of money from which hit takes time to recover. It it would be better to authenticate dual controls that means two parties are required for wire transfer of money. Some financial institutions also go for multi factor approval.It means not only there will be approval from multiple persons in the organisation but also multiple methods like email, fax, telephone are used before approving a transfer.C)It would be advisable to monitor your account daily so that any suspicious transaction can be found out.Banks also provide email and text alerts in case of any transaction.D) It is advisable to use a dedicated and secure computer which is updated with latest software, anti-virus and internet security software for gaining access to your bank account. No other person should have an access to your computer. Also, password used should be complex and it should be changed regularly.It is also advisable not to access your bank account using public wifi spots or on public computersE) You and employees should be wary of phishing email scams which are done in order to divulge your personal and confidential account information. All the banks and financial institutions regularly nowadays send messages regarding not providing your vital information to anybody.F) Unauthorised persons should not have access to documents regarding business information. It should always be in a safe and secure location. Also it is good to have knowledge of those persons who have access to these documents.G)It is important to shred any unnecessary or old document regarding your business details in a secure wayH) It is important to have a record of all your business accounts as well as bak accounts and details as well as important contact information so that time is not lost in contacting relevant persons in case a fraud is discovered.It is a good practice for your business clients to notify you if they are contacted by a third party on your behalf. J) It is a good practice to separate your personal and business account.K) It is important to use your business computers to only activities concerning your business. Internet surfing, social networks, online gaming, downloading programs and file sharing should not be allowed as they are security risks which can be used to breach your networkL) Use of effective anti-virus, anti spyware and internal security software programs are essential. It is advisable to not use a free anti virus programme.Also ensure that the software is updated on regular basis.M) Also installation of a firewall is absolutely necessary as it prevents unlawful access to your computer and network.N) If your business is using a wireless network, it is important to get it secured and follow strongest wireless encryption standard.O) It is important to give training to all your employees and to tell them about precautions to be taken. Also tell them how to recognise and stop any fraudulent behaviour.P) It is important to be mindful of any large or unusual order from unknown customers or comapany. It may be a sign of a fraud.It is important to know about the validity of the order.Q) Also , you should be alert if your business receives any customer notification of a fraudulent order. R) It is important to remain on alert for any suspicious activities like mis addressed business mail, unusual inquiries or telephone calls.