Enterprise Security - Keys to Enhance Data Security
By Daniel CS Yeo C.I.P.M, Business Development Director, HaloData Infokom Sdn Bhd
Trending technologies in these last decades’ enterprises were either busy chasing corporate numbers or intrigued with courting social status in social media that many have not been putting enough attention at the most crucial aspect of an enterprise, i.e. security.
Enterprise Security consist of many aspects and within the Information Security context, Data Security could and would be the most important asset in an organization that many are still not treating them with utmost priority nor having enough knowledge on how to set up ‘defense’ parameters to safeguard enterprise data that could consist of financial, patents, trade secrets, clients, patients and personal information.
With the emergence of disruptive technologies and the lack of training or knowledge on how to utilize them properly, enterprises are jeopardizing themselves in security breach, particularly their data.
Whilst there are a lot of organizations that pride themselves in complying with or achieving the requirement of industrial standards in their area of expertise, many have overlooked safeguarding their data internally. Many are even ignorant to the fact that mismanaged and misused data may bring serious consequences to the organization, in the face of its reputation as well as the possibility of running into legal complications, such as breaching the Personal Data Protection Act.
Hence, we shall look into some key areas that companies should consider in regards to securing their data as well as mitigating risks. Following are a few key highlights that we should look into: Data classification such as BYOD (Bring Your Own Device) policies and Data encryption, and Rights to access data.
Data classification has been one of the oldest forms of securing data in an organization. However, and surprisingly, general perception of data classification is less and is only known to government agencies and few private sectors such as insurance or banks that practices data classification in documenting their information.
In day-to-day operations of an organization, as well as for argument sake we shall take small enterprise as an example. For instance, flow of data like financial and clients information could be channeled out without taking into consideration of its sensitiveness and significance. The sense of ownership of the data sent by sender could almost be zero!!
“Data classification has been one of the oldest forms of securing data in an organization”
Enterprises should take pro-active approach by enforcing data owner to classify their data, base on its sensitivity prior to releasing the information to recipients. Ownership must be enforced by companies to data owner.
BYOD (Bring Your Own Device) Policies
Competitiveness has driven businesses to be more cost conscious and some have taken steps as to allow employees to bring their own devices like laptop, pen drives and mobile phones to access to company’s data and information in the day-to-day work. Breaches, misused data, unintentional or intentional data loss/theft and infection of malicious malwares will occur if enterprises do not take proper mitigation steps.
For the sake of cutting cost or increasing efficiency, enterprises may just incur the biggest loss instead of saving and the stake of brushing with the laws are very high. Hence, enterprises must formulize a proper BYOD policies like using only authorized devices (even though it is a BYOD device, enterprise must run proper check on employees’ devices and approve it prior letting the devices accessing to company’s information)
Employees’ mobility is a common sight now-adays and so is data mobility. Information is vital to be communicated and in some instances, critical for decisions to be made, data need to be ‘transported’ from one point to another. It is during the transportation, be it digitally or physically, data breach could occur. Information could be hacked, stolen or lost in transition.
Enterprise need to ensure that its data in transition is secure and contained before transporting it from point A to B, and best practice would be to encrypt the data.
Rights to Access to Data
Organizations should device a strict policy within its environment as to who have the rights to access to what kind of information. This sound like a no brainer but it is not surprising at all that there are enterprises that do not have mechanisms to monitor its data flow to its high level personnel.
Enterprises should not be complacent and dependent on its high level staffs to safeguard its data. Policies must be implemented and technologies must be in place to avoid data theft as 70 percent of data theft/lost occurred from within the enterprise itself and the employees are the biggest culprit being responsible for this.
Security concerns are not just confined to the above few and organizations must not be in denial to acknowledge that data security is a major component of an enterprise. Investment in security technologies is not sufficient, appropriate steps must be taken and employees must be trained to enable a unified approach to defend data security both using brain power and technological tools.
HaloData Infokom Sdn Bhd, an Information Technology and Services firm, is a Singapore based enterprise. It offers services in 3 main areas such as Information Security, Enterprise Mobility and Business Continuity.