Lexis-Nexis Bolsters Customers' Data Defenses

By CIOinsight  |  Posted 09-05-2005
As part of its effort to shore up the defenses of its 4.5 million customers' networks, LexisNexis Group has made some quick changes to its access policy. In addition, the company is looking into working with antivirus and antispyware vendors to provide discounted versions of their products to LexisNexis customers. The four-part Customer Security Program is outlined below.

Part 1
Password Protocols and User ID Suspensions
New password security protocols require system administrators and users to have alphanumeric passwords and to change those passwords at designated times. This helps prevent unauthorized use as well as attempts to compromise customer passwords. In addition to stronger passwords, LexisNexis will begin suspending user IDs after 90 days of inactivity and after five unsuccessful login attempts for all users. All reactivated users will then be required to change their password upon their next login.

Part 2
Monthly User Verification
Monthly user verification requires system administrators to verify, every month, that all user ID holders are current employees with a continued need for the LexisNexis services. Customers will need to appoint a qualified system administrator. A tool for the user verification process is under development.

Part 3
IP Address Restriction and Multifactor Authentication
IP address restrictions will be required wherever possible. This security measure will help identify users who try to enter systems from locations not authorized by the customer, such as home IP addresses or consumer-oriented ISPs (e.g., AOL). Lexis-Nexis is also developing multifactor authentication, using tokens for customers where IP address restrictions cannot be implemented.

Part 4
Removing Qualified Access from LexisNexis Research Software
Users that access the LexisNexis services via the desktop research software interface will see truncated Social Security numbers and masked driver's license numbers in their results. Users that access from the Web interface will see full results.

Source: LexisNexis Group