Data loss occurs everyday through various channels including current and former employees, competitors and on-site contractors. But just as devastating, if not worse, are the uncontrollable effects of civil unrest and natural disaster like earthquake, flood and fire. However, here are top 5 ways to protect your data:
- Assess Your Inventory and Risk
Conduct a comprehensive inventory of your business information. Catalog electronic data and identify type and purpose. Once cataloged, rate the risk of each based on its importance to the organization's ongoing operations. For example, Is the information essential to mission-critical business functions (such as payroll, banking or legal documentation). Once a comprehensive inventory is in place along with risk-ratings for each category, management can quickly record and assess risk at file creation.
- Implement New Policies
Implement new policies defining procedures for security breach, system failure or threat. This should include remediation and reporting strategies. All businesses should also have a confidentiality policy signed by all employees. This policy should outline employee responsibility, information use and disclosure practices.
- Access Controls and Authorization
When dealing with sensitive information, have processes in place restricting physical and/or electronic access. This might include keyed or coded entry for paper or password restriction for electronic files or folders, firewalls and program encryption. Organizations should also require employees to use shredders when destroying confidential documents.
- Ongoing Communication
Sharing information is a natural instinct among social groups and communities. This means, you should continually communicate with your employees, sub-contractors and consultants. You want to ensure all parties understand what information is confidential and what their responsibilities are in safeguarding its integrity.
- Maintain a Clear Accountability Trail
With employees aware of their responsibilities, businesses should hold them accountable for confidentiality leaks and breaches caused by their actions. This means consistent disciplinary action for all individuals violating company policy.
However, physical security is critical to protecting assets and inventory, businesses must make information security a high priority. Information security should include inventory, valuation, access controls, consistent communication and clear accountability trails. When organizations implement a comprehensive program using each of these five strategies, they're well on their way toward maximum data protection.
