Updated: Apr 22, 2021
Most businesses and individuals think their information is secure when it is not taking consideration of insider threats and potential adversaries.
Information stored whether in hard copy, IT system, digital media, in the cloud or communication.
There have been cases studies where employees and ex-employees walk away with information which later on passed on to competitors which leave businesses exposed.
What are the threats?
The internet has increased the risks of information being compromised unless proper security measures are implemented.
Insider threats and contractors pose a great risk of stealing information.
Lack of policies and procedures to secure propriety information.
Personal devices connected to office computers.
Not having on-site IT expert to monitor information online.
Not carrying regular risk analysis.
Businesses not carrying out regular to staff the protection of information.
Not classifying information.
Businesses must ensure that there trademarks, patents and copyright are protected and secured to minimise risks of espionage and other criminal activities by potential adversaries.
Businesses must ensure that staff are familiar with the legislation relating to data protection and policies are set in conjunction with the legislation.
What are the security measures to secure information?
Identify the type of information to secure.
Classify the information.
Conduct regular risk analysis on information.
Perform a regular backup on your data store in your IT system.
Conduct awareness training on your staff for familiarisation.
Provide access to staff who only need to know basis.
Ensure you have a two-way authenticator for accessing sensitive information online.
Develop monitoring measures online for staff.
Ensure staff are signing non-disclosures agreement.
Review and ensure that all policies and procedures adhere accordingly.
Implement HR policies that deal with employee socialization programmes.
Have a clear desktop policy.
Appropriate physical security measures.
Installation of a firewall.
Ensure all devices are encrypted.
Introducing a whistleblowing line for the report of all information breach.
What to do if you suspect there has been a breach?
Unless you have an internal investigation, you can assign an independent investigator to conduct the investigation.
The investigation will need to determine whether the information has been leaked or taken and whether the control measures have failed.
The investigator must consider the legal obligations and liaise with HR and compliance department.
Always remember to protect your information to minimise the risks of others stealing your information for their advantage.