Blog
Partners
Events
Videos
Subscribe
Contact us
Magazine Archive
EU Member Profiles
Leaders
DIGITAL
MAGAZINE
EUcommerz.com
Web
Live Spot Rates
Growth Strategy > Adapting to change
Data Protection and Security

Employees are often unaware of the information they have at their fingertips.

Data protection is often viewed externally. Firewalls, strong passwords, secure tunnels are all part of the picture. It is becoming more and more evident as time progresses that data protection has to start from the inside and work its way out. One of the most overlooked areas of data protection within firms of all shapes and sizes is internal control.

Most breaches occur internally and are largely overlooked. The breaches can be as simple as employees having access to more information than they need and run the gamut all the way to fraud and corporate espionage.  While there are many ways to form internal control policies for an organization, consider the following information along the way.

One of the first steps in securing internal data is classifying information. Classification sounds like a simplistic task but depending on the nature and volume of data it can become tiresome. Most organizations would be surprised at the different types, sensitivities and volume of data they have on personal machines, servers, and databases. Purging the unnecessary data and organizing what remains in such a way that employees have access to the information they need, when they need it, without giving unnecessary access is key in this project.

It is important to ask the question “why?” while performing this analysis. Is there a better way to give employee X this information? Is accessing this information consistent with employee X’s job description? This is a very cost-effective way to begin understanding the nature of information and can inadvertently lead to the discovery of inefficiencies in processed information.

Another often under-valued step is “paranoia training.” Employees are often unaware of the information they have at their fingertips. They may not fully understand the responsibility that comes with such access. It is important for organizations to educate their employees on control measures, ways to protect the organization and the employee.

Password sharing is one of the most common failures in internal control. Logs are built on authentication and can therefore be misleading if it is a common practice in the firm to share logins. Educating employees about the risks of downloading unauthorized programs, connecting to wired and wireless networks, the importance of password changing/confidentiality, portable media and leaving laptops in cars or unattended often happens too little too late.

Other topics to consider when evaluating or developing internal controls for an organization:
o Completeness and accuracy of logs
o Application development and testing procedures
o Disaster recovery plans and contingency plans
o I.T. Personnel screening/monitoring/responsibility rotation
o Password changing procedures (e.g. Every 45-90 days)
o Antivirus and malware protection
o Email monitoring
o Encryption
o Testing environments
o Vendor access


Laurie Pemrick, CIO, McCrory & McDowell LLC




COMMENTS
Add your comment
Name:* Company:
E-mail:*
(Your e-mail will be not published online. We will never sell your e-mail address to anyone)
Comment:
Remember my personal information
Notify me of follow-up comments?

Please enter the word you see in the image below:



RELATED ARTICLES

SPECIAL FEATURE
Recession survival: keeping your business afloat
The steps your business can take to fight the economic downturn.
EU MEMBER FOCUS
Belgium
OUR PARTNERS
PARTNER SERVICES
MOST POPULAR