Does any company have an unlimited budget for information security? Unlikely. That’s why it’s critical that you identify your most valuable (and vulnerable) data. Once you have an understanding of what this is, and why, you can build – and budget for – a streamlined security strategy. Most businesses have four core types of information that need to be prioritised when it comes to protection solutions. These are finances, employee data, customer data, and intellectual property – the “crown jewels” of companies. We’ll take a look at each of these in more detail below.
We probably don’t need to expound on how badly things could go if these sets of data were to be stolen or otherwise compromised. Incidents like the big Sony hack of 2014 are more than unsettling; we are all aware that sensitive personal and corporate information can cripple careers and companies – and even lives – if it falls into the wrong hands.
Arguably the most important of all types of information, financial data – in the form of company and customer reports and banking details – is one of the most highly sought-after by criminals. A report released by PricewaterhouseCoopers this year ranks cyber crime as the second most reported economic crime, affecting almost one in three organisations (many of which are unsuspecting of any security breaches).
Financial data is commonly stolen through phishing and vishing, as well as malware and other methods. It’s estimated that there are over 130 million malware programs targeting financial information around the globe – an increase of a staggering 129 million from 2007. While such malware may be responsible for over 55% of cases where companies lose valuable information, just a quarter of it is detected by traditional antivirus software.
Malware is so problematic because it is polymorphic; much like a strain of bacteria that develops resistance to antibiotics, it changes shape (behaviour and attack methods) to evade destruction. While traditional forms of information security like antiviruses, regular password changes and being internet street-savvy are still important, they are not enough. More advanced security solutions are needed to ensure the integrity of company networks.
Your employees trust you to keep confidential information about their lives and work secure – in fact, they have a right to expect that you’ll take every possible step to do so. While many threats to employee data are external (hackers and the like), some are internal (employees and contractors) – which means that multiple layers of protection are necessary.
Advanced information security solutions speak to these needs, closing up security loopholes (such as one often found when downloading network information to a temporary drive or local machine) and preventing unwanted access to data. At the same time, it is important to take some offline steps in the workplace. For a start, it is useful to develop a clear confidentiality policy, which sets out what is and isn’t classified as confidential information (interpretations can vary widely). It is also a good idea for senior management and HR to know where confidential information is stored, and who has access to it – and to restrict this access. Communications can also be monitored, though there needs to be transparency about this.
Data on your customers can be analysed and used to improve customer relationship management – and through that, the overall success of your business. But that data needs to be secure from others who seek to benefit from it; data leaks can cost millions in fines, restitution and other consequences – never mind the untold losses in customer trust.
In addition to having a clearly set out privacy notice, companies need to ensure that access to databases where customer information is stored is heavily restricted and monitored. Protection mechanisms like firewalls must be well maintained, and it is a good idea to segment your network (by separating traffic) to reduce the risk of access by intruders. Information Rights Management (IRM) should also be used to limit the viewing and editing permissions of employees. Many of these techniques are integrated into the complete information security solutions on the market.
It’s a broad category that covers everything from logos and designs to corporate identity and original products and services; intellectual property (IP) is the stuff that sets your company apart from competitors. In a nutshell, it’s the key ideas that sustain a business long term. Unfortunately, copycat companies on the other side of the world are only too eager to get their hands on your IP to sustain their own success.
Even with patents, trademarks and copyright notices, IP theft can be one of the toughest crimes to prosecute; in part due to many of these companies operating under the radar and being difficult to identify, and in part due to differing laws between countries. Meanwhile, your reputation and income can suffer irreparable damage. The best form of protection here is to ensure your documentation and trade secrets stay safe. Even the smallest of businesses ought to consider leveraging information security solutions to guarantee they are protected in this area.
For the latest insights on risks to information security, give our 2017 Cybersecurity Trend Report a read.