Once upon a time there lived Prince William who was a source of pride for his grandmother, Her Majesty Queen Elizabeth II, and all the Royal Family. One day the prince was photographed with his brother soldiers, posted photos on his website, and everything would be fine but one of the pictures had captured the usernames and passwords of the internal system of the UK Ministry of Defence. The situation is rather funny but at the same time is serious: it reflects the issue of data protection in modern companies, with the only difference that in this case serious consequences were avoided. Moreover, this incident served as a good lesson for those who underestimated the importance of the human factor: after all, if you put a large sum of money into an armored case and forget to close it with a key or leave it on a bench in a park, how big is the chance that the money will be safe?
Financial aspect is only one side of the coin. A company where confidential data leaked can pay the bills, but what about reputation? It cannot be restored easily. A striking example is the situation in the banking sector. According to statistics, after a leak of data on average 10% of clients refuse from the services of the institution and move to the side of competitors.
Experts of the analytical department in Falcongaze Company, which is a developer of the SecureTower information security system, basing on the practical experience of their customers, as well as media reports devoted to data leaks, compiled a list of reasons why it is better to pay attention to information protection.
When employees lose vigilance, or Protection against negligence
According to statistics for 2013, approximately 57 % of all confidential information leaks were due to the fault of the companies’ employees. How many cases were and will be there when an accountant distracted by a conversation with a colleague sends confidential financial documents to the wrong interlocutor via Skype or when a salesperson via email transfers a client database to a colleague and enters the wrong address? What happens next is not hard to imagine: the employees who have committed mistake, usually not in a hurry to report about the incident to managers, while any delay in such situations can be disastrous for a company.
In case if an organization uses a data protection system responsible employees in such situations receive instant notifications of incidents and have the opportunity to take the necessary measures in a timely manner. Such tools today make it possible to monitor a variety of communication channels: email, Skype, ICQ, social networks, chat rooms and many others. They also allow to monitor documents recorded on flash drives, external hard drives or printed by employees.
All is fair in love and war, or The fight against unfair competition
Apart from negligence, corporate information leaks occur due to ill-intentioned acts of employees. Today nobody is surprised about news when leaving former employees carry with them client databases, latest projects and developments of a company, personal data of colleagues and other confidential information. According to various sources, it happens on average in 34% of dismissals.
Although to determine losses from data breaches in monetary terms is practically impossible, competing companies strike each other affecting the financial position and subjecting the reputation of opponents to severe tests. In such circumstances programs for data protection come in handy, helping to identify disloyal employees who are ready to cooperate with "enemy" organizations.
It is accomplished through a variety of ways: for example, in the SecureTower data protection system this can be done by setting the appropriate rules of information security or inspecting employees’ contacts clearly presented in one of the program’s modules.
It is much easier to provide complete protection of corporate data and compliance with an information security policy if business processes in an organization are well built and optimized. Indeed, everything is much better when all duties are clearly defined and it is well known, who is responsible for what and, as a consequence, all tasks are performed faster and better.
With modern information security systems it is possible to analyze the effectiveness of individual employees as well as entire departments, monitor the way corporate resources are spent, identify the incidents of incorrect actions of personnel and generate reports on work activities of employees. All this helps managers to quickly solve organizational problems, make the necessary adjustments continuously optimizing business processes in the company and as a result allows to achieve the precision of clockwork in workflows.
There is safety in numbers
When everything in a company is put in order, all instructions are executed with the highest accuracy possible, the information is secure and everything works as clear as a single mechanism, such a picture may seem overly idyllic. But to run in a fairy tale and completely forget about reality is not the best decision: data protection programs are effective but nevertheless they are the same tool for managers and information security professionals as, for example, the 1C program for modern accountants. The use of information security programs should be combined with other measures, taking into account all the details related to the specifics of an organization. Only with an integrated approach to information security in a company it is possible to achieve tangible results. So first of all, it is worth remembering that the devil is in the details and it is better to meet possible threats head-on.