Three Effective Ways to Stop Data Loss through Employees
The world’s leading security breach website, www.datalossdb.org invariably reports data theft incidents from stolen laptops, stolen USBs, or other stolen/misplaced storage devices, almost every alternate day. Every incident revolves around theft of credit card information, social security numbers, business plans, company financials, employee salary information and other vital information, for which the laptop was actually stolen.
These incidents have not only lead to major data security breach in companies but also harsh inconvenience to employees as well as clients of the companies. Much time is spent on damage minimization half of which could have been otherwise spent on continual security audit of existing policies within the organization and their subsequent improvisation. If you ponder deep into these policies of data security enforcement, the biggest threat doesn’t comes not from backdated or non-improvised security policy but from lack of awareness, discipline and sense of conviction from the employees of the organization, in the area of data security.
Employee Awareness
The first step towards minimizing these incidents is to make your employees aware about the high importance of information they handle every day, that in today’s world, information is everything – resource, business, money, power or whatever you can think of. Without Information, business is blind. If an employee thinks, he is safe from data theft, then it is the first step of making himself a target of data theft. Ignorance is never a blissful option here. In your everyday life, you have to educate your employees and keep them updated with the latest security threats that could affect anybody. An employee should know where and when to store which data. Employees should be trained on information handling just as they are trained on their core expertise.
Employee Discipline
The second step is to inculcate discipline regarding information handling. Lack of discipline, proper standard procedure and improper placement of information generally leads to data leaks. You should be twice careful to give access of particular information to a particular person without validating his information access level. They say you should treat your credit card as if it were your money. Similarly, treat your data as if it were your own money and be responsible for where it goes. Keep trace of information movement paths within the organization. If you transfer valuable information to another employee, you should hold him twice responsible as you would be. In that way, he would be more careful about it or twice careful before misusing or unknowingly leaking it.
Employee Conviction
The third step is to imbibe a sense of conviction within yourself and your fellow employees. Remember, how careful you are while doing a credit card transaction? You check for validity of the website, SSL security of the transaction, company credibility, check for keyloggers, try to use visual keyboards, take printouts of transactions, and even call up or email customer support. Why do you do so many things to ensure that everything is right? Because your sense of conviction tells you that you could end up losing a valuable asset like money. If anything goes wrong, you will end up losing something that could directly affect your life. This is exactly what needs to be applied to information as well. Business Organizations should either imbibe this sense of conviction within their employees or take steps that could affect the lives of the employees directly if they end up losing information. If an employee is found lacking discipline regarding information handling, then he should be made accountable for the data that he lost.
Leave a Reply