Foundation to Building a Strong Data-Security Centre

Every organisation must assume a multidisciplinary strategy and bank on dynamic collaboration across the organisation for proficient information security and document, data and asset protection.

2. All data within the organisation as well as every piece of information must be treated and protected as business assets.

Like every business leader in most organisations, one recognises the value of structured information within transactional systems in an organisation, such as CRM or ERP. But, what most fail to acknowledge is the importance of unstructured information that is generally contained in words documents, PDF files, spreadsheets etc. This is a grave mistake. 

Any piece of information within a word document or PDF file that may contain strategic investment plans, confidential client information, data pertaining to product design or plans and forecasts can greatly damage the reputation of the company and its prospects, if it is leaked or stolen. The brand sabotage and competitive advantage ensuing from the resulting loss could lead to the cessation of the company. Digital assets must be treated with great importance just as tangible assets are secured. 

Every piece of information within a company must be defined based on strategic or financial value and must be safeguarded with robust data security systems. A vibrant information security aware culture must be ingrained within the organisation and among the employees, so as to not leave it solely up to the IT department.

3. Safeguard all substantial information on mobile devices and removable media.

One of the greatest risks to any company these days is the ability of storing colossal amounts of information on portable hard drives, mobile devices, USB sticks and memory cards. 

In most cases, large volumes of data are easily rapidly accessed from mobile devices without permission that could lead to pilferage of information. Since most storage devices are small and tiny, the possibility of accidental loss dealing classified data is a real and present danger given that these can be easily misplaced or stolen. 

It is important to implement access control technologies and assess the business value in monitoring accessibility to removable media. Every organisation must ensure that classified information on removable media is securely encrypted.

4. Knowing the location of the organisation’s significant digital assets.

Effective information security protection cannot be made possible, without an enterprise wide awareness of how and where sensitive information and data exist across the company. The organisation’s IT infrastructure contains data and information that can be easily retrieved and distinguished. But, these data can be hived away anywhere. Hence, for fundamental digital assets an enterprise wide classification must be instituted. Furthermore, uninterrupted authenticity can be ascertained by creating a maintenance and surveillance capability.

5. To be conscious of the fact that not every data breach takes place because of external hacking or cyber terrorists; intentional or inadvertent data breaches can be caused internally too.

A worldwide survey of companies across 25 nations found that more than one third of data breaches took place due to erroneous acts of employees. This points out to the lack of internal information security controls within organisations in ensuring data protection. Enterprise wide guidelines, techniques and technologies must be specified and enforced by robust programs and training sessions that are granular enough to aim on effort where required. A separate funding must be assigned in every department’s budget in order to warrant that efficient and continuing data security awareness and monitoring culture is maintained.

The article is published on behalf of Locklizard, a document security management provider. They provide DRM solutions to enterprises and governments. Visit website for more information.