In day-to-day operations of an organization, as well as for argument sake we shall take small enterprise as an example. For instance, flow of data like financial and clients information could be channeled out without taking into consideration of its sensitiveness and significance. The sense of ownership of the data sent by sender could almost be zero!!

“Data classification has been one of the oldest forms of securing data in an organization”

Enterprises should take pro-active approach by enforcing data owner to classify their data, base on its sensitivity prior to releasing the information to recipients. Ownership must be enforced by companies to data owner.

BYOD (Bring Your Own Device) Policies

Competitiveness has driven businesses to be more cost conscious and some have taken steps as to allow employees to bring their own devices like laptop, pen drives and mobile phones to access to company’s data and information in the day-to-day work. Breaches, misused data, unintentional or intentional data loss/theft and infection of malicious malwares will occur if enterprises do not take proper mitigation steps.

For the sake of cutting cost or increasing efficiency, enterprises may just incur the biggest loss instead of saving and the stake of brushing with the laws are very high. Hence, enterprises must formulize a proper BYOD policies like using only authorized devices (even though it is a BYOD device, enterprise must run proper check on employees’ devices and approve it prior letting the devices accessing to company’s information)

Data Encryption

 Employees’ mobility is a common sight now-adays and so is data mobility. Information is vital to be communicated and in some instances, critical for decisions to be made, data need to be ‘transported’ from one point to another. It is during the transportation, be it digitally or physically, data breach could occur. Information could be hacked, stolen or lost in transition.

Enterprise need to ensure that its data in transition is secure and contained before transporting it from point A to B, and best practice would be to encrypt the data.

Rights to Access to Data

 Organizations should device a strict policy within its environment as to who have the rights to access to what kind of information. This sound like a no brainer but it is not surprising at all that there are enterprises that do not have mechanisms to monitor its data flow to its high level personnel.

Enterprises should not be complacent and dependent on its high level staffs to safeguard its data. Policies must be implemented and technologies must be in place to avoid data theft as 70 percent of data theft/lost occurred from within the enterprise itself and the employees are the biggest culprit being responsible for this.

Security concerns are not just confined to the above few and organizations must not be in denial to acknowledge that data security is a major component of an enterprise. Investment in security technologies is not sufficient, appropriate steps must be taken and employees must be trained to enable a unified approach to defend data security both using brain power and technological tools.

HaloData Infokom Sdn Bhd, an Information Technology and Services firm, is a Singapore based enterprise. It offers services in 3 main areas such as Information Security, Enterprise Mobility and Business Continuity.