During your daily interaction over the internet you register and signup for many services. Do you ever ask yourself how many times your information flows over the internet and on how many servers it has been kept? That aside, do you ever feel safe with so many websites as an example holding your credit card information, social security number or personal Bio data. Data and information are one or the core values of any organization, company or personal business however small it is, if compromised data loss can lead to losses, bankruptcy or even breakdown and death of a reputable entity. It is of high importance to learn how to promote data security in the workplace.
EMPLOYEES AND INFORMATION SECURITY
In the U.S alone, 3% or employees admit using the same password over and over again for every time they need to sign up or register on any website. This is attributed to ease of remembrance, the smart employees, use maybe two or at most three passwords. This means if someone broke into one password. All your information on over 50 websites has been compromised and vulnerable to any kind of attack, whether malicious or not. It doesn’t matter for what cause your information shall be used. This puts you in danger personally, professionally or could harm your dignity or reputation
To an organization. Carelessness of an employee regarding its data can lead to failure of a department, great losses or even bankruptcy if financial data has been made vulnerable. How many times do you deal with an employee who accesses an authorized data, directly or indirectly? This is in case you have policies smart enough to reveal such a threat.
TOP DATA SECURITY MISTAKES
To start with all the mistakes committed by employees concerning data security can be avoided given the right briefing right from the start.
Most employees are fond of leaving their workstations open or without any security measure activated even as they go out shortly to ease or freshen up. This time may seem limited but for a smart person it is just sufficient to grab as much information as they require to bring down a great company. To add to that, sometimes due to insufficiency, more than one employee could use the same workstation for example hence could have different accounts but sometimes even share the same account, in such a scenario, the data elements of one employee is in the direct hands of another.
Another issue comes up when an employee connects a personal device, maybe a laptop, palmtop, mobile phone or tablet PC to a company or organizations network. Being a personal device unless the traffic over the network is closely monitored, chances of scooping data off the network are very high and no one is responsible for the data after it has left the company premises and resides on a personal computer in an employee’s apartment or house. This enforces Bring Your Own Device (BYOD) policies and standards
The other risk comes due to authentication information sharing for example password sharing is a common habit for close employees at the work place, this directly stirs up vulnerability of the data
THREATS BROUGHT BY SENIOR PERSONNEL
Often an employee can retire from a workplace, change job or have a contract terminated. As an organization, regarding data security, such an employee is supposed to have restrictions to the company data as soon as the phenomenon occurs, Many times this is never done
Some employees also neglect or upload sensitive information to their own accounts for example the user can occasionally interact between the company web-mail and his/ her personal email having a clear backup of company data
HOW TO PROMOTE DATA SECURITY
Levels of data relevance must be ensured. For example, a company’s accounts section wouldn’t really love to know about the employee’s driving authenticity or health related information, this way data is only available to those it is relevant to.
To avoid accidental data loss, multiple replicas can be employed for example portable hard drives, or different servers carrying the same files to ensure that alternate to one can be detected at the other. This is known as data replication and is well known for data consistency.
Apart from employees, external forces too can make data vulnerable, specifically virus and malicious software attacks, this data can be lost forever. In this case strong firewalls must be availed and additionally an updated and licensed anti-virus program installed to make sure the data is not lost due to his kind of attack.
In conclusion, it is mandatory to brief employees about security to create security conciseness, taking their consent for security policies and enforcing these policies at all times.
Info-graphic, courtesy of Peter Darmon/Business School of the University of Alabama at Birmingham