Corporate Cyber Security
Ever wonder where sensitive information like performance reviews, attendance records, merit increases, and social security numbers are stored? There‘s a good chance it’s locked up in a human resource information system (HRIS), the crossroads where HR and IT connect. This software enables businesses to centralize virtually all of the data and records necessary to manage their employees.
In today’s technology-savvy world, cyber security is a top concern for corporations as well as medical, financial, and government organizations. Every time the news reports another data breach, people take further steps to ensure that their own information is guarded like Fort Knox. Depending on the size of the company, peace of mind may come with a steep price tag. Besides protecting against viruses, malware, and attacks from cyber criminals, systems need to be redundant to ensure that they can continue working in the event of a failure, as well as recover lost or corrupt data.
Chairman of the Joint Chiefs of Staff U.S. Army Gen. Martin E. Dempsey discusses the importance of cyber security.
Despite growing concern over international cyber-crime, the startling truth is that almost an equal amount of security breaches are caused by a company’s own employees. Yes, you heard that right, we’re talking about a lack of internal controls or lost or stolen devices and documents. In 2014, an IBM-sponsored research study on the cost of data breaches said that 30% of organizations reported employee negligence as the most frequently encountered cause of data breaches, and 42% reported malicious or criminal attacks.
While companies are spending more than ever on their security technology investment, most organizations still remain vulnerable to cyber-attacks. According to Verizon, employees and corporate partners are responsible for 80% of recent data breaches. Another way these criminals succeed is called social engineering: taking advantage of human weakness to gain access to data indirectly through manipulating individuals. Social engineering works when employees haven’t been properly trained to recognize and defend against these tactics. Organizations that focus exclusively on technology solutions without addressing the human factor in the security chain are the most vulnerable to attack.
The best approach to secure a company’s data is to start from within the organization and its employees. Here are four ways for companies to address the protection of data:
1. Appoint a Data Evaluation Team
Assemble an executive-sponsored team to identify which data must have restricted access, and who has the entrance to use it. This should be done internally, however there are companies that will perform an IT audit or site review to gather information and create a plan.
2. Consistently evaluate internal controls and policies
Make a point to evaluate the existing controls, internal policies, and company handbooks on a recurring basis. Companies simply can't afford to rest on their laurels when it comes to enforcing employee rules and holding personnel accountable. Create a recurring task to review permissions, as well as the separation of duties to ensure that employees who have changed duties have the appropriate access.
3. Proactive employee training
Train employees on how to protect company information both on an individual basis - by locking their computers while they’re away and never sharing passwords – and on the tactics criminals use to steal company information. Disconcertingly, cyber thieves can be fellow employees, so training should include social engineering awareness.
4. Enforce the rules
Once data access restrictions are established and company policies have been updated, it’s important to enforce the rules. Act fast if criminal activity occurs and hold employees accountable. Also make sure that employees feel safe reporting any suspicious events they observe to their supervisor.
Securing company data doesn’t need to be complicated, but it does require commitment from the top down and collaboration from every department. Don’t take chances with data protection; implement and maintain basic solutions to protect your company’s important systems. This not only ensures the success of your organization, but it may also attract new business by demonstrating that you’re serious about data protection.