When we think about the security requirements across our business we logically are drawn to our more tangible assets. For example our physical building, vehicles, computer hardware and of course our personnel. We take care to ensure we’ve put the necessary measures in place such as cameras and back to base alarm solutions to provide a secure framework that protects our assets from theft and vandalism.
What about those intangible assets that are created as a by-product of assets such as computers (IT) or those data assets?
These intellectual property assets, which are the IP of the company are stored on hard drives and must be protected and managed just like any other physical asset. A study complied by GO-Gulf.com, which combines the results from several surveys, shows that 39 percent of data theft from businesses comes from company insiders. Even more troublesome, 59 percent of ex-employees admit they stole data from their former employers.
This highlights the need to ensure security around these assets. Here are 5 aspects that might assist you when addressing data security:
1. Tracking identities and security protocols – Ensuring there are clear protocols around software access and functionality. Defining roles or role based security that enables access rights ensures there’s no confusion by staff. Disabling copy and export functionality might assist to curtail sensitive data from being removed outside the company. The challenge for any modern (technology enabled) organisation is where you draw the line when empowering employees to do their job.
2. BYOD has only introduced another element of risk – As businesses enable their staff to use their own devices for work, information is being more openly shared across unsecure platforms. From simple emails to sensitive documents devices are accessing information that traditionally would only be available on a secure network. Ensure there are password protocols, particularly around reporting outputs.
3. Security breach alerts – Many modern software platforms offer real-time analytics and database alerts as a method to keep IT administrators and business owners abreast of anomalies that occur within their transactional database. Take for example businesses with physical inventory. They will more than likely already be monitoring thresholds for reordering or stock taking. The same can be applied through audit tracking and business intelligence. Let’s say the system was able to trigger off an alert when staff performed questionable or abnormal activities, for example if a rep downloaded the entire CRM prospect or existing customer list to a .csv file.
4. Be proactive – What if a manager was alerted in real-time or via a weekly report sent directly to his or her mobile device when a suspicious data event or breach occurred? Now let’s assume that most activities are as a normal course of business, but should the discrepancies be potentially related to theft and fraud, managers can act rapidly and proactively. As information technology is consider cyber-crime there is likely no physical asset to reference in a crime. This mean that staff are more likely to believe they will get away with the crime. Informing staff during their induction of the company’s protocols and audit trail functionality, should be less about big brother and more about ensuring information is secure in the event they need to reference it.
5. Be strategic – Forbes has reported that necessary steps should always be taken in order to prevent loss as a result of theft and that companies should focus on areas where they are most vulnerable and address them from an individual security perspective. The cliché ‘there is no silver bullet’ can certainly be applied here. If there’s a breach of a physical asset such as the buildings rear entrance, it can be address swiftly, whereas with data theft it might go unnoticed until the result of its actions are felt. This is why it’s important to ensure that all transactions can be user, time and date stamped. This way if you want to employ alert mechanisms, the event can be properly traced.
Your IT administrator will more than likely be monitoring major external breaches and ensuring security protocols such as passwords are updated. When it comes to data theft unfortunately the issue may be an internal one and this highlights the need for companies to take any and all precautions to make sure that proprietary or confidential information doesn’t end up in the wrong hands.