I recently wrote an article for Corporate Compliance Insights that focused on the importance of organizations taking proactive steps to safeguard high-value corporate data from internal and external vulnerabilities. High value information such as trade secrets, product designs, financial data and customer data can change hands often within an organization, including among people who may not need access to this confidential material. It is the sole responsibility of that organization to protect the data from employee error in the greater effort to protect the data from external malicious actors.
As our Ponemon study, “Risky Business: How Company Insiders Put High Value Information at Risk,” taught us, employees, particularly those in the sales department, C-level executives, and finance and human resources, pose the biggest security risk to their companies. The IT security practitioners at these companies admittedly do not have the resources to prevent data leaking by employees. Not a calming thought for those who trust their information to be safe.
I offered four steps that make a significant impact in securing this information:
- Encryption – documents and files that have sensitive data should always be encrypted, since it is the best line of defense. If an employee were to share one of these files, opening it up to external vulnerabilities, and it landed in the wrong hands, it would be rendered useless to that individual because of the encryption.
- Employee access control – implementing rules, regulations, protocols and enforcing all of the above is key to minimizing human error. Employees should be fully aware of their access rights and what they are allowed to do with any high valued information they access. Regular training held by the organization can further support this effort.
- Data-centric approach – while traditional security software can protect information inside an organization’s network, it cannot help if the information has been extracted from this environment. Placing a focus on protecting the data itself, and not just the network or systems that contain the data, will offer better security.
- Data security framework – implementing a data security framework enables organizations to be the “big brother” of sensitive information. The framework can identify where the information is stored, control permissions for those accessing it, and monitor how they use the data.
Implementing these tactics will ensure better protection for all that an organization holds dear while boosting their employees’ ability to act as a stronger line of defense in the face of an attempted security breach.
Photo credit Kirsty Pitkin
