Datasouth › NewsAre your Critical Information Assets really secure?

News

Are your Critical Information Assets really secure?

Wednesday, 25 March 2009

In today’s business environment, we have an expectation that our critical information assets including intellectual property and sensitive company data will be readily available when required, protected against technology threats such as hardware failures and malware attacks, and secured against loss due to events such as fire or earthquake.

In general terms, organisations spend relatively large proportions of their ICT budgets in implementing technology remedies that protect against these known types of events, even though there is no certainty of these occurring.

The investment in these remedies is obviously common business sense and provides insurance to the business that they have the ability to get back up and running with their information assets intact should one of these events occur.

Therefore it is somewhat surprising that while most companies have policy and technology solutions to safeguard their critical information assets against technology or environmental disaster type events, these same companies provide very little or no protection to these assets from the actions of their employees.

As technology evolves, we continue to provide our employees with new technical solutions that provide assistance in their daily tasks. Company email and instant messaging is provided to assist in the improvement of communication between colleagues and clients. Internet access is provided for B2B engagements, and peripheral devices that connect via USB are now prolific within the work place whether these be mobile phones, MP3 players or USB storage devices.

These solutions, designed to improve productivity and enhance an organisations bottom line, are also being used by employees against the organisation with detrimental effects. Employees stealing, illegally modifying, or destroying data is not a new phenomenon in the business world, however what is new are the methods being used by employees to do this.

To determine and validate the risks that organisations face in protecting their critical information assets, McAfee recently commissioned a survey of 1,000 global senior IT decision makers. The findings of this survey were startling. Companies surveyed estimated that they lost an average of $4.6 million worth of intellectual property in 2008. Forty-two percent said laid-off employees were the single biggest threat to their intellectual property.

In a separate survey published in February 2009 by Ponemon Institute and sponsored by Symantec, the findings showed that of 945 individuals who were laid off, fired or had quit their jobs in the past 12 months, 59% admitted to stealing company data and 67% used their former company's confidential information to leverage a new job. The most common methods used for the theft of the data reported by these respondents was the removal of paper documents from company premises, sending documents as attachments from personal email accounts, or transferring data onto optical disks or USB memory sticks.

So how do you protect your company from employees stealing critical information assets?

While there is no ‘one solution fits all’ type remedy for this threat, there are a number of steps that an organisation can undertake to assist in the mitigation of data theft. These include;

  1. Having an appropriate compliance regime in place. Make sure that employment contracts include appropriate clauses in regards to the use and ownership of intellectual property and critical information assets, and that there are clear guidelines on the responsibility of the employee and employer on the termination of the employment. Review your internet policies and ensure that these clearly define between acceptable and non-acceptable use
  2. Undertake regular audits of network usage to ensure employees are utilising these resources as per company guidelines
  3. Implement technology solutions that provide protection against intellectual property and critical data assets leaving the company

In the current global economic environment, the risk to businesses critical information assets has never been higher with numerous employees being retrenched as companies restructure into survival mode. Datasouth can assist in the mitigation of these threats.

Datasouth specialises in the provision of technology solutions that assist in the protection of data leaks and the theft of critical information assets. As an organisation that has been providing advice to government and corporate clients for over fifteen years, we can advise, design and implement solutions that provide a fully multi-tiered security solution that protects against data theft.

To better understand the current threats and how you can mitigate these risks to your business, please contact Datasouth to discuss your specific requirements.