At last month’s Asquarterley event, the panel discussion touched upon the important point of data security when an organisation adopts a SaaS or BYOD approach (or both); the risks associated with employees using a range of devices and software are difficult for organisations to identify and mitigate as the complexity and diversity of technology increases exponentially.
But, another kind of risk is prevalent for all companies, no matter what their industry, security measures, software and hardware investment; the risk of data breach.
No doubt, everyone has now heard about the two largest corporate data breaches so far this year. Most people have probably been affected by the eBay data breach announced in May that potentially impacted up to 128 million active global eBay users and required all users to reset their account password. Prior to that, Target USA also announced last month that up to 40 million credit and debit card details had been stolen and 70 million customer files including name, address and email address had been exposed.
Closer to home, and the risks are just as prevalent with reports in March this year showing that the Department of Immigration and Border Protection (DIPB) accidentally disclosed the personal details of 10,000 asylum seekers on its website in February, and the ACCC (Australian Competition and Consumer Commission) announced in April that the email addresses of an undisclosed number of subscribers had inadvertently been made public.
Whether large-scale corporate hacking, human error or lack of clear internal processes surrounding data protection, the risks are real for all organisations.
What can your organisation do to protect the data you hold?
- Have the right people in charge of data processes
For large companies, investing in a CSO (Chief Security Officer) or CISO (Chief Information Security Officer) is becoming more vital as the amount of Big Data and the technology we use to capture and store it increases rapidly. Smaller organisations might consider hiring a data specialist to draw up contingency plans and educate all employees on data protection best practice.
- Stay on top of your data practices
Can you confidently say that all personal and protected data is safe within your organisation? Identify the data sources, storage methods and weaknesses and consider closing down the data at most risk. This could mean restricting employee access or the devices used within your network to access certain data.
Planning for the worst is key in safeguarding your customer and client data as data breaches and cyber attacks become inevitable.
- Educate employees
Your employees are the biggest threat to company security in terms of data breaches due their log in credentials (often unchanged for long periods of time) and their access to data through unsecured networks (working from home or other out-of-office locations). Compromised employee log in credentials are believed to be how hackers were able to first access eBay’s corporate network.
Making data protection a common discussion topic in your organisation and providing employees with guidelines and advice to follow will help to reduce the threat posed to your data sources. Again, if you’re not an expert, hire someone who can best educate your team.
- Review your cloud storage security measures
A recent Ponemon study highlighted some worrying statistics about cloud data storage and the associated risks. It estimated that the increased usage of the cloud could triple a company’s chances of incurring a data breach and each lost or stolen customer record could cost a company US$201.18. Whilst some might argue that the benefits of cloud can outweigh the risks, it’s worth putting measures in place to protect your company’s exposure.
Reviewing your cloud usage and storage is important to protect the data you carry and a thorough and regular vetting of the security of the cloud service provider needs to be carried out (as it should for any other third party vendor). Your IT team needs full visibility of the service provider’s security measures and should have processes in place to report any perceived threat.
- Establish a combined prevention and response strategy
When reviewing your data storage policies and processes, it’s imperative to combine your prevention methods with a response plan, both internally and for your customers and clients. Protecting the data your organisation holds needs to be embedded into the daily operations of your entire workforce. And, if the worst happens, being transparent with your employees and customers will help you to ride the storm instead of trying to hide the problem. After all, much of the press surrounding eBay’s data breach focuses on their lack of appropriate communication with customers.
It’s not the time to bury your head in the sand and think you won’t be affected; chances are your organisation’s data is already at risk and it’s only a matter of time before the threat becomes a reality.
Have you booked for the next Asquarterly event?
What are the fundamental differences between the disciplines of Project Management and Change Management? Book now for an evening of industry networking, engaging panel discussions and the latest insights into project management. Reserve your place here.
About the Author
Founder and Managing Director
Steve founded Asq Projects in 2001 after a long and successful career in Portfolio, Programme and Project Management for blue chip firms in his native New Zealand and subsequently in Australia, UK and China.
Prior to the establishment of Asq, Steve spent 6 years consulting across change management, solution design and business analysis having had experience in all areas of designing, implementing and supporting IT systems, and 5 years providing design, technical and project management services for 24/7 contact centres.
Steve brings broad sector experience to Asq leadership having delivered projects of varying complexity across Banking & Finance, Government, Transport & Logistics, Pharmaceutical & Healthcare and IT & Telecommunications.
Leading from the front, Steve maintains professional accreditations across PRINCE2, AGILE, P3O and other methodologies to ensure the business remains totally relevant to its customers from top to bottom.