The United States Department of Justice announced today the arrest of Albert Gonzalez, a 28-year old Miami man, in the largest identity theft prosecution on record.

While the Department of Justice should be commended for the successful investigation and indictment of Gonzalez, the arrest will not ‘un-breach' accounts that are already compromised and available on the black market. In an ideal world the arrest would deter future identity theft, but it is unlikely. It is still an almost entirely anonymous crime capable of generating significant revenue and would-be ID thieves are more likely to just consider themselves smarter and better than Gonzalez. He made mistakes, but *they* won't get caught.

Here are three tips to help you protect your data and make sure you don't become the next Heartland Payment Systems.

1. Wireless security. Wireless networks should be segregated from the primary network to provide an extra layer of protection. The wireless connection should be secured with WPA or WPA2 encryption at a minimum. It is even better if some other form of authentication is used to access the wireless network. There should also be a policy against setting up unauthorized wireless networks and period scanning to ensure rogue networks don't exist.

2. Compliance. By virtue of accepting, processing, transmitting, or storing credit card transaction data the organizations that were compromised in these attacks fall under the Payment Card Industry Data Security Standards (PCI DSS) requirements. PCI DSS was developed by the credit card industry to provide baseline security requirements for businesses that handle sensitive credit card information.

3. Diligence. This is the big one. Security is a 24/7/365 full-time job. Locking down the wireless network and developing a policy prohibiting rogue networks is great, but what if someone violates the policy and deploys a rogue wireless network next week? Passing a PCI DSS compliance audit is great, but employees come and go, computer systems are provisioned and decommissioned, and new technologies are introduced to the network. Just because the network was compliant at the time of the audit doesn't mean it will still be compliant a month later.

This article is available in full from PC World.