The Latest Developments In Corporate Data Security

The Latest Developments In Corporate Data Security

Corporate data security is defined as the processes by which sensitive information is accessed only by authorized individuals and then destroyed when it is no longer needed. Proactive measures, including software purchases, third-party services, and internal company policies, offer data security solutions that would prevent most types of data loss and mitigate the effect of any breach.

Data Classification

While it sounds like a common sense policy, some corporations are only beginning to implement formal data classification policies. The policy includes classifying data as confidential, meant only for use within the company or meant for release to the public. Every employee and manager should understand the classification system and their role in data distribution and protection. An acceptable use policy is vital to ensure employees know what they can and cannot do with the data they will access.

Mobile Device Management Products

With discrete mobile device management tools (MDM), corporations can control the devices that their employees use for remote access. Employees cannot access their devices without a pin, in case the device is lost or stolen. MDM products also limit the device to specific WiFi Access points. A staggering 46 percent of employees admit to accessing confidential company data on a public WiFi connection.

Refusing to allow employees remote access would solve the problem; nevertheless, remote access increases productivity and allows key employees the ability to make real-time decisions.

Mobile Application Management

Mobile application management (MAM), which enables provisioning of apps, is the next step beyond device-centric tools. Employee’s personal and business applications can coexist, but containerization prevents mingling since the business apps are secured with a pin and password protected.

Online Data Shredding

Companies routinely hire outside services to come in, shred papers with sensitive information that is no longer needed and then remove the shreds. Today, online file shredding services remove any trace of confidential information from a storage device or a hard drive. While enterprise-level corporations realize the importance of data destruction, mid-level corporations, who lack the resources for a CISO, may believe that overriding the data is enough to destroy it.

Mitigating the Cost Of Data Loss Incidents

In 2016, data breaches from malicious outsiders rose 286 percent over 2015's volume. Breaches comprise a corporation's customers by exposing them to potential identity theft and financial losses, and compromise the corporation itself by the loss of the public's trust in their brand, not to mention penalties and restitution costs.

The fallout from data loss incidents would be minimized if companies would use software, tested and validated to the FIPS 140-2 standard, to encrypt customer data at rest, not just in transit. Since breaches do happen, even with the most up-to-date security measures, encrypting data at least leaves cyber criminals with useless data.

Software to Protect from Insider Threats

Employees represent a significant data security threat; however, data loss prevention software stops employees from exposing sensitive data by giving an administrator control the over data transfers.

Training should prevent accidental exposure incidents, such as an employee sending sensitive files to a vendor; nevertheless, new employees can easily slip through the cracks and gain access to confidential data before receiving data classification training. The software would prevent the transfer since the employee may not realize what he or she is doing is wrong.

Loss prevention software also helps prevent malicious data breaches, such as a disgruntled employee forwarding private emails to the press or employees uploading customer information to their personal cloud account to use after they leave their current employer.

Normally, an organization's chief information security officer (CISO) would implement these developments, except only 49 percent of companies have a CISO as part of their c-level staff.

Follow Me

Carol M. Evenson

Data Security Consultant at Evenson Corporate Consulting
Carol Evenson is a data security consultant specializing in cloud management and process analysis. She currently assists organizations within the continental US and UK.
Follow Me
About Carol M. Evenson

Carol Evenson is a data security consultant specializing in cloud management and process analysis. She currently assists organizations within the continental US and UK.

Leave a Reply