By Peter Lyle DeHaan , PhD
It doesn’t matter what type of company you run, your operation amasses a great deal of valuable data. You have a treasure trove of customer information, including phone numbers, mailing addresses, email addresses, billing histories, demographic profiles, social security numbers, bank account numbers, and credit card numbers. You purchased some of this data, while you garnered the rest over time, using meticulous recording keeping.
Even the smallest of businesses possess an extraordinary amount of priceless information, while larger organizations store millions or billions of data points — all nicely organized, painstakingly verified, carefully stored, and dutifully backed up.
You have all that information, but what are you doing with it? No, I’m not talking about harnessing metadata to produce a competitive advantage or turning raw information into a core distinctive (think of how Google astutely exploits the vast minutia of data they have accumulated). I’m sure you know you must do these things and are diligently working on them. What I am referring to is protecting your immense information stash from the nefarious reach of notorious hackers, cyberspace’s criminal elite — hard to catch and harder still to prosecute.
With the theft of personal information steadily increasing — due to an insatiable demand and relatively low risk — there is a greater likelihood your business could soon be a victim. So I will implore you to protect one of your organization’s most valuable assets.
First, you need someone with the knowledge and experience to be in charge of securing your computers, network, intranet, and Internet access points.
Then, give them the resources needed to do the job. I’m not suggesting you provide an unlimited budget or give them a blank check, but when they say it will cost X dollars to do the job, don’t provide half that amount and expect full results. If you cut the funds, some items will remain insecure or be only partially secure. That would be akin to locking the doors of your office, but leaving the windows open — or installing a building security system, but never connecting it to the monitoring station. Don’t handcuff the crime stoppers.
Next, know that many security breaches are inside jobs. Yes, I realize you carefully screen new hires and trust your employees to not steal from you. I’d be disappointed if you didn’t hold your staff in high esteem. However, the reality is that many cases of data theft involve an insider, be it complicit or innocently duped.
To address the people side of the equation, you need your human resources department involved, along with IT and your security officer. Together they can put safeguards in place to restrict access, limit the scope of information available, and provide an electronic log of activity. Additionally provide training on what information staff can give out and under what conditions.
Your data — and your company’s future — is on the line. Make sure it’s a secure one.