Tips: Improve Data Security
The issues of data loss and inappropriate use of confidential data has been thrust into the spotlight due to a number of high profile incidents over the past year including Hannaford Bros. supermarket chain and Société Générale -- where the activities of an employee, Jerome Kerviel, led to the company having to write off more than $7 billion in fraudulent trades.
In late February, it was discovered that a rogue trader at MF Global Ltd. rang up $141.5 million in losses on the broker’s account. While these are the high profile cases that create the headlines, companies lose countless millions each year through both malicious and accidental behavior caused by inappropriate access points to data.
According to the Identity Theft Resource Center (ITRC), there were 446 data breaches reported totaling more than 127,000,000 compromised records. This is a staggering number with the cost of a data breach being set at between $90 and $300 per record according to Forrester Research and the United States Department of Justice. It is estimated by these groups that the average company cost per incident is $1.5 million.
To assist companies identify and shore up the areas of greatest vulnerability, Ecora Software has outlined the following steps that every company can follow towards stricter access control to data:
- Synchronize. Approved credentials and access rights between human resources and IT rarely match. As employees move within an organization access privileges can follow them and quickly mount. Ensuring that employees only have access to the information appropriate for their position is an essential first step in avoiding the manipulation and loss of data. For example, an employee moving from an IT role to a sales position could potentially bring with them the access rights to log in and manipulate sales data bases crediting themselves with commissions they didn’t earn.
- Passwords. Companies seem to have forgotten that passwords exist for a reason, security. In many organizations passwords have become yet another issue of inconvenience for employees. To combat this some organizations have adopted a relaxed approach to passwords in many cases sharing login information for whole departments or not requiring the changing of or implementation of complex passwords. This creates a fundamental breakdown in security practices as shared or easy to crack passwords can be quickly spread throughout an organization allowing unauthorized personnel to access critical data files.
- Pattern Behavior. While it’s not possible to view every data transaction in a large corporate environment, Ecora does encourage companies to be cognizant of behavior. For example, if a staffer is suddenly downloading files at an aggressive rate or outside traditional business hours, this should be a red flag that further investigation is needed into the transactions.
- Go Beyond the Audit. Due to regulations such as Sarbanes-Oxley, companies each year gear up for audits to ensure that all mandates are being met. Ecora suggests that companies strive for a constant state of data access control and not wait for audit season to ensure that they are meeting the appropriate governance standards. It is also important to remember that because a company passes an audit, doesn’t mean they are risk free. Compliance and security are not always defined the same.