Friday, November 6, 2009

Seven Ways to Avoid a Corporate Data Breach


Data breaches are bleeding companies and governments by about $843,000 per year, a 97 per cent increase over last year (Vancouver Sun, "Corporate security breaches booming: study").

Clearly, both private and public organizations are still cutting corners when it comes to IT security.

As usual, we've got some tips about how to improve security for your organization, partners and customers, this time courtesy of the Office of the Privacy Commissioner of Canada.

1. Get a security system, not just a security product. Almost half of closed data breach incidents resulted from inadequate or absent security systems.

A system means a range of corporate security tools and services such as firewalls, antivirus and antispyware, network and web application scans that makes sense for your unique business setup.

There's not one catch-all security product out there that will protect from all vulnerabilities, so you'll need to have your IT security experts take the lead on investigating and recommending the best combination of security improvements.

2. Implement employee security awareness training. About half of all data breaches are partly a result of inadequate knowledge by employees about how to protect customer privacy.

3. Trust (your employees), but verify. "Rogue employees" in the company or third-party service provider processing customer information were active in 31 per cent of reported data privacy violations.

4. Develop administrative procedures with security in mind. Data breaches often resulted from basic office tasks such as mailing, emailing, faxing and database maintenance.

5. Ask your third-party service provider how they provide security for your data. About a third of the time, the breach happens while the data is in their hands.

6. Set rules on what data employees can take with them outside the office and enforce those rules.Employees working remotely, from a home-based network or while traveling were involved in 18 per cent of data breach incidents.

7. Destroy the data irrevocably when you don't need it anymore. Almost 10 per cent of incidents resulted in part from inadequate or incomplete data destruction procedures.

This will likely require close cooperation by the IT department and management to ensure rational and business-appropriate policies are in place.

Data breaches often involve a combination of causal factors like those cited above. Make sure you cover all your bases and get expert help if your need it.

No comments:

Post a Comment