Protecting Corporate Information

A business’s information is as important an asset as anything physical it owns.  Many breaches of privacy or releases of sensitive information are inadvertent and can be prevented by educating employees about confidentiality and then checking in frequently to confirm compliance.

Ensuring that employees follow the right procedures will:
Protect your business by keeping trade secrets and valuable information from your competitors
Keep your customers happy by safeguarding their private information
Defend your company against losses from data theft or fraud
Project an image of responsibility and professionalism

Set Policies on Confidential Information

First, identify what information your business needs to protect (customers’ private information, financial data, trade secrets, and so forth). Second, determine who handles that information, and how it should be protected. Your policy should clearly state that the company owns its information and identify the types of information that must be kept confidential, the processes by which data security will be ensured, and the consequences for violating the policy.

Educate your Employees about Privacy and Ownership of Information

Communicate your policy at hiring and reinforce it regularly. Provide stand-up or web-based training programs. Implement a Policy Portal that will demonstrate that employees have read your important policies.

Have your employees sign Nondisclosure Agreements

A nondisclosure or confidentiality agreement is a legal contract between employer and employee that binds the employee to keep the company’s information confidential. These should be implemented wherever practical.

Monitor Employees

Trust but verify! The more valuable your confidential information is, the more your business must guard against data theft and fraud. For most employees, letting them know what is expected of them is generally sufficient but tools are available for DLP (Data Loss Prevention).

Control Electronic Communications, Internet Use and Data Transfer

Emphasize that all data on company computers is company property and subject to filters and monitoring. Use passwords and access permission to limit the right to see confidential information to only those employees who need it. Implement email encryption programs to protect sensitive information when it is sent outside the organization.

Remember, company employees who inadvertently violate data security policies continue to be a factor in  the largest population of data breaches. According to a recent Verizon report, 67 percent of breaches were aided by “significant errors” on the part of well-meaning insiders.

Set Policy. Provide Training. Implement Controls. Monitor Compliance.

 

Speak Your Mind

*