Friday, October 1, 2010

Securing our Confidential Information

How to protect confidential information?

Even when an organisation has state-of-the-art technology, strict security policies, and a highly skilled IT staff to manage policies, some organisations are not as secure as they could be. In fact, a recent survey conducted at Interop New York 2010 showed 40 percent of IT managers surveyed reported that their organisation had experienced at least one security breach in the last year.

Protecting confidential information plays a key part in suitability of any organization. With the proliferation of critical information in digital format, the risks of a security breach have increased, both to the company and individuals.

We've all seen media reports highlighting a leak of customer personal information like ID numbers, account data, credit-card information, addresses, customer information etc. The identity theft can be devastating to the individual and both embarrassing and costly to the company where the confidential data leak occurred.

The 2009 Australian Cost of a Data Breach study, conducted by US-based Ponemon Institute on behalf of data encryption specialist PGP, examined the actual financial losses incurred by 16 organisations from different industry sectors following a data loss, with breaches ranging from around 3300 to 65,000 lost or stolen records.

Other key findings in the study:

Ø Organized crime is now going after corporate data.

Ø Data breaches are now being caused by malware.

Ø Increased use of mobile devices is leading to increasing data security issues.

Ø Third-party mistakes with outsourced data were involved in 42% of the breaches.

Confidential information is not only restricted to customer or employee personal information, though that is important. It also applies to intellectual property that generates the tactical and strategic competitive advantage.

Employees can unknowingly pose security risks to the organisation they work for in a number of ways:

Ø Poorly designed passwords may increase the risk of network attack.

Ø Improper handling of confidential documents can lead to the loss of proprietary information.

Ø Leaving the confidential documents unattended on the desk and photo copier.

Ø Sharing the confidential information with friends, relatives and sometimes strangers knowingly or unknowingly.

Ø Falling prey to a social engineering attack may lead an employee to divulge confidential information.

How to protect confidential information?

Ø Never leave documents out even if they will only be away from your desk a short time. Just open the secure drawer and lock it. It is a habit every employee needs.

Ø If you are shipping sensitive data off-site use a secure package and a shipping method that allows you to track the package.

Ø Employees with company laptops should secure them in their car and in their home.

Ø Encourage employees to use strong passwords, the longer and more sophisticated the better.

Ø Never open an email attachment from someone you do not know. Even if they know the person employees should always be wary of attachments.

Ø A study last year found that 67% of employees use removable media such a personal USB thumb drives at work. Not only does this put our IT systems at risk from a potential virus but also increase the risk of data-leakage.

No comments: