Five Ways To Protect Your Data
Mar 1, 2008 12:00 PM, BY TIM RHODES
We lock our businesses, our homes and our cars to restrict wrongful entry and burglary. We invest heavily in security systems to deter and prevent loss. But how can we similarly protect intellectual property?
A recent “Trends in Proprietary Information Loss Survey Report,” sponsored by Pricewaterhouse Coopers, revealed that the U.S. Chamber of Commerce and the ASIS International Foundation found that both Fortune 1,000 and small- to mid-sized businesses, were likely to experience proprietary information and intellectual property losses ranging from $53 and $59 billion. These losses involved:
research and development (49 percent);
customer lists and related data (36 percent); and
financial data (27 percent)
How would your organization react, and what would it lose, given this type of exposure?
Remember, no company is 100 percent safe, whether storing information electronically or in paper file cabinets.
Data loss occurs every day through various channels, including current and former employees, competitors and on-site contractors. But just as devastating, if not worse, are the uncontrollable effects of civil unrest and natural disaster such as earthquake, flood and fire. While there's no way to stop the sharing of information in business, just as it's not feasible or realistic to lock physical doors and windows of your business establishment round-the-clock, there are measures you can take to minimize your risk. Here are five strategies.
- Assess your inventory and risk
Conduct a comprehensive inventory of your business information. Catalog electronic data and identify type and purpose. Once cataloged, rate the risk of each based on its importance to the organization's ongoing operations.
For example: Is the information essential to mission-critical business functions (such as payroll, banking or legal documentation)? Is the information required for business continuity but not detrimental should systems falter for a brief period of time (such as e-mail), or deferrable should systems falter for an extended period of time (such as past employee or past customer archives)? Is the data sensitive or unrestricted?
- Implement new policies
Implement new policies defining procedures for a security breach, system failure or threat. This should include remediation and reporting strategies. All businesses should also have a confidentiality policy signed by all employees. This policy should outline employee responsibility, information use and disclosure practices.
- Access controls and authorization
When dealing with sensitive information, have processes in place restricting physical and/or electronic access. This might include keyed or coded entry for paper or password restriction for electronic files or folders, firewalls and program encryption. Organizations should also require employees to use shredders when destroying confidential documents.
- Ongoing communication
Sharing information is a natural instinct among social groups and communities. This means that you should continually communicate with your employees, sub-contractors and consultants. You want to ensure all parties understand what information is confidential and what their responsibilities are in safeguarding its integrity.
- Maintain a clear accountability trail
With employees aware of their responsibilities, businesses should hold them accountable for confidentiality leaks and breaches caused by their actions. This means enacting consistent disciplinary action for all individuals violating company policy.
Data Protection Expert Tim Rhodes helps companies protect their most valuable asset - data - online. Take his free Risk Assessment Quiz at http://www.webargos.com/quiz.
Want to use this article? Click here for options!
© 2014 Penton Media Inc.
Today's New Product
In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.