Since the early 2000’s Businesses have had an increased reliability on electronic data stores. This has been a great boost to both bottom line and operational efficiency, but is not without its flaws.
Whilst the adaptation of these technological solutions has been welcomed with open arms as a business necessity, many companies fail to stay on top of the physical and electronic security requirements for their systems as threats adapt.
Perhaps the earliest of big data breaches was in 2004 and belongs to U.S. Internet Service Provider America Online (AOL). An incredible 92,000,000 records were compromised after an employee used an onsite computer to hack their system and physically steal the records.
Similarly Verizon Communications compromised 1,500,000 records after being remotely hacked earlier this year.
As the UK/EU begins to pass legislation holding companies responsible for compromised client data, both of the examples above highlight the importance of robust physical and electronic password security.
Many data spills can be avoided, but with inbound legislation holding companies responsible for data spills, businesses that overlook security policies for their data could see big fines or exposure to unrecoverable litigation.
So what is a good Security policy?
We’ve listed five of the most important topics to cover when designing your Security Policy:
CLIENT PASSWORD AND DATA POLICY
As companies become responsible for client data breaches, it is up to the organisation to have employees agree to strict terms of client data handling to mitigate responsibility in the event of an employee assisted data leak.
A local password policy is probably the most important way to hold employees accountable for security breaches. Most often the lack of employee password responsibility can lead to foul play or internal data breaches.
E-MAIL AND INTERNET
The correct use of E-Mail and Internet services within the company should be discussed with and agreed to by employees. This can avoid the impact that scam emails and suspicious websites have on your organisation.
* 99.5% of scam emails are covered by security software. So for every 200 scam emails, one can infect the system if your employees aren’t cautious.
When large companies allow open access to their place of work, they also open themselves up to people being able to walk in off the street unchallenged. “who is that? I don’t know he’s probably one of the IT guys”
This doesn’t necessarily mean you’re using the latest AR Drone to follow your employees to the toilet, but it is important to be able to investigate employees electronically if they are responsible for data or security leaks.