E-mail, Internet access, and collaborative tools (whether a phone system’s conferencing capabilities, or document-sharing applications) are “must-haves” for most businesses today.
But by now many managers know that you shouldn’t stop at just implementing these tools and then going ahead, footloose and fancy-free, with using them. As with any other asset, you need to protect not just the technology that enables these tools and applications, but also the information that these tools allow users to share.
To ensure the confidentiality of private information—and help ensure compliance with regulations and internal policies—information security software is now also a “must have.”
A recent survey by Milford, Massachusetts (US)-based Enterprise Strategy Group revealed that the majority of organizations (59 percent of those that responded) do not even have a formal policy in place to define the sharing of data, particularly intellectual property.
What does this mean? Many companies “are flying by the seat of their pants and hoping not to get burned,” when it comes to data breaches, says Jon Oltsik, senior analyst with ESG.
But those who do get a little too close to the fire may find that not only the seats of their pants get scorched, but that they come close to losing the shirts off their backs too, as costly compliance violations add up. And never mind the costs that result from trying to stay on top of compliance by continually checking internal controls. And never mind the possibility of serving time in the slammer if the compliance violation is severe enough.
And, oh, never mind the damage that can be done to the reputation of your company in the face of public disclosure of your compliance violations.
It follows, then, that one of the first steps in boosting your security measures is to create a security and compliance policy. This internal policy should be a working document that clearly states your company’s security and data classification policies, (and that includes, depending on your industry or business activities, a functional definition of intellectual property).
Once that’s done, you need to make sure all employees know about those policies. One of the final steps to ensuring your assets are covered (think of it as flame-retardant for the seat of your pants) for data breach: install an up-to-date information security system that helps you enforce those policies and that helps maximize data protection.
In order to choose the right information security system, you’ll need to identify the ways that users may currently be allowing sensitive information beyond the confines of your organization. And with e-mail, Internet access, and other collaborative tools, the ways data can be leaked, manipulated, or lost are numerous.
And as for compliance—many organizations are still struggling to get their heads around the cumbersome (and potentially costly) US Sarbanes-Oxley Act (SOX) of 2002.
Which Companies Need to Be Particularly Concerned with Data Security?
Companies in any manufacturing industry that need to ensure the confidentiality or secrecy of recipes or processes
· Companies in any industry known for innovation or thought leadership
· Enterprises in any industry needing to maintain records for auditing in accordance with SOX
· Hospitals and other health care facilities dealing with thousands of pieces of confidential patient data on a daily basis.
· Companies at the end of the supply chain, involved in accepting credit card payment by phone or Internet
How Can Information Security Specifically Address Your Data Confidentiality and Compliance Needs?
· Create levels of authorized access to vulnerable data, and ensure limited access with private passwords
· Establish secure communication channels between terminals or remote offices with electronic data interchange (EDI) and virtual private networks (VPNs)
· Mitigate the risk of both internal and external data breach with firewalls and data encryption methods
· Automatically analyze potential new threats to the system, and send alerts to the appropriate administrators
· Aid in compliance with SOX, and other regulations, such as the requirements created by the Payment Card Industry (PCI) Security Standards Council, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), or in Japan, the Financial Instruments and Exchange Law (J-SOX) and the Protection of Personal Information Law
· Capture, monitor, and keep financial file logs (from financial reporting systems) for at least one year, for SOX audits
Information Security Slip Ups—or Why Chains around Your Computer Hardware Won’t Keep Your Data Safe
What an Information Security System Can Do to Tackle These Risks:
Want More Information about How to Find the Best Information Security Software for Your Needs?
Any comments, questions, or advice about Iiformation security? Let everybody know below.