Tuesday, November 24, 2009

Data Security As A Process

Keeping data secure in your business involves three key elements:
  1. Finding and implementing good technology solutions to meet your security needs.
  2. Communicating with employees about what data needs to be kept secure.
  3. Training employees how to use your selected security technologies.

You need to do all three of these things to protect your data. Each one alone will not work. IT organizations tend to focus on finding technology solutions for data security issues because that is what they know and that is what they are comfortable with. Good technology is important but if you provide it and your employees do not use it, then these technical systems will obviously fail to do what they are designed to do.

You must communicate with and train your employees to use your selected security technologies. You have to get your employees to understand the importance of keeping data secure. You need them to be a part of the solution rather than being a part of the problem.

If your employees do not know that they are not supposed to copy confidential documents to an insecure USB drive, how can you blame them when they do? If you implement a web-based secure file sharing system but don't tell employees about it and don't show them how to use it, will you be surprised when they send sensitive files as unencrypted email attachments?

So what should you do to keep data secure in your business?

  1. Identify the data that you need to protect e.g. confidential files, sales proposals, customer information, employee information.
  2. Determine who needs to have access to this sensitive information e.g. HR personnel for employee records, sales staff for sales proposals, etc.
  3. Find the appropriate technology to provide access to the data while also protecting it e.g. HR applications, secure email, secure file sharing systems.
  4. Tell your employees what you are doing e.g. newsletters, weekly meetings, etc.
  5. Train your employees on the technologies that you use e.g formal classroom training or informal one on one sessions.
  6. Repeat all of the above on an ongoing basis. As your business changes so do your data security needs!

As always, feel free to contact me if you have any questions.

Posted by Fred Jonas at 7:28 AM
Labels: , , ,