As the online security protocol of every company constantly evolves, hackers have proven time and again that they are always one step ahead. In the recent past, Sony, Citigroup, NASA, Fox broadcast network, FBI, European space agency and PBS have been some of the notable victims of massive security breaches in 2011.
We are only about 15 days into the New Year and already 45 incidents of security breaches have been reported to the DataLossDB project. One of the biggest ones so far has been the recent theft of about 24 million customer records from Amazon owned e-commerce firm zappos.com.
This goes to show that size is immaterial and for that matter being a physical or a virtual location doesn’t matter much either. Just like any home robbery or car robbery, any organization is vulnerable for security breach or theft. In an earlier article this month, we discussed the need for setting your own safety parameters. We highlighted some of the best practices that individuals can follow to ensure that the data they handle is secure.
There are a few preventives that you could add to your checklist as well to secure your physical and digital records.
- Curb accumulation of unnecessary data: Collect sensitive customer information only if it is very relevant. Lesser the information you possess, lesser the vulnerability to theft. If you don’t essentially need customer’s date of birth or what position he / she holds in which company, then avoid collecting such information.
- Lockdown on sensitive information: Password protect all the digital data and securely lock any physical records that are considered to be sensitive. The Federal Trade Commission strongly advices businesses to setup boot passwords for digital data and screensavers should be activated within 20 minutes of inactivity.
- Educate all within the company: Security policy training should be imparted to all employees especially to the non-IT employees as they seek convenience than security. Remind them often about physical and digital security policies through internal emails and conduct in-house training programs as required. New hires should be mandated to take up a course on security policies of the organization and some form of assessment should be put in place to ensure that they are aware of it.
- Physical surveillance: Surveillance cameras should be installed in areas where sensitive data is stored like entry and exit of data centers and mainframe processors.
- Conduct regular audits: Audit various departments at least once in a quarter to ensure the security policies are followed properly by the employees. This includes checking the log data of employee badges in sensitive areas, physical inspection of data centers etc.
- Maintain directory of information: Compile information about all the data the organization possesses. Such compilation not only helps classify sensitive data, but also helps efficiently run the business.
- Be prepared: Have a contingency plan in place so that you are prepared for the worst. An action plan to investigate a breach, notify customers and remediate secure vulnerabilities will help quick action during a security breach.
Image Courtesy : http://www.caremicro.co.uk