Tips: Improve Data Security

The issues of data loss and inappropriate use of confidential data has been thrust into the spotlight due to a number of high profile incidents over the past year including Hannaford Bros. supermarket chain and Société Générale -- where the activities of an employee, Jerome Kerviel, led to the company having to write off more than $7 billion in fraudulent trades.

In late February, it was discovered that a rogue trader at MF Global Ltd. rang up $141.5 million in losses on the broker’s account. While these are the high profile cases that create the headlines, companies lose countless millions each year through both malicious and accidental behavior caused by inappropriate access points to data.

According to the Identity Theft Resource Center (ITRC), there were 446 data breaches reported totaling more than 127,000,000 compromised records. This is a staggering number with the cost of a data breach being set at between $90 and $300 per record according to Forrester Research and the United States Department of Justice. It is estimated by these groups that the average company cost per incident is $1.5 million.

To assist companies identify and shore up the areas of greatest vulnerability, Ecora Software has outlined the following steps that every company can follow towards stricter access control to data:

  • Synchronize. Approved credentials and access rights between human resources and IT rarely match. As employees move within an organization access privileges can follow them and quickly mount. Ensuring that employees only have access to the information appropriate for their position is an essential first step in avoiding the manipulation and loss of data. For example, an employee moving from an IT role to a sales position could potentially bring with them the access rights to log in and manipulate sales data bases crediting themselves with commissions they didn’t earn.
  • Passwords. Companies seem to have forgotten that passwords exist for a reason, security. In many organizations passwords have become yet another issue of inconvenience for employees. To combat this some organizations have adopted a relaxed approach to passwords in many cases sharing login information for whole departments or not requiring the changing of or implementation of complex passwords. This creates a fundamental breakdown in security practices as shared or easy to crack passwords can be quickly spread throughout an organization allowing unauthorized personnel to access critical data files.
  • Pattern Behavior. While it’s not possible to view every data transaction in a large corporate environment, Ecora does encourage companies to be cognizant of behavior. For example, if a staffer is suddenly downloading files at an aggressive rate or outside traditional business hours, this should be a red flag that further investigation is needed into the transactions.
  • Go Beyond the Audit. Due to regulations such as Sarbanes-Oxley, companies each year gear up for audits to ensure that all mandates are being met. Ecora suggests that companies strive for a constant state of data access control and not wait for audit season to ensure that they are meeting the appropriate governance standards. It is also important to remember that because a company passes an audit, doesn’t mean they are risk free. Compliance and security are not always defined the same.

Featured

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.