Tips: Improve Data Security

March 19, 2008

The issues of data loss and inappropriate use of confidential data has been thrust into the spotlight due to a number of high profile incidents over the past year including Hannaford Bros. supermarket chain and Société Générale -- where the activities of an employee, Jerome Kerviel, led to the company having to write off more than $7 billion in fraudulent trades.

In late February, it was discovered that a rogue trader at MF Global Ltd. rang up $141.5 million in losses on the broker’s account. While these are the high profile cases that create the headlines, companies lose countless millions each year through both malicious and accidental behavior caused by inappropriate access points to data.

According to the Identity Theft Resource Center (ITRC), there were 446 data breaches reported totaling more than 127,000,000 compromised records. This is a staggering number with the cost of a data breach being set at between $90 and $300 per record according to Forrester Research and the United States Department of Justice. It is estimated by these groups that the average company cost per incident is $1.5 million.

To assist companies identify and shore up the areas of greatest vulnerability, Ecora Software has outlined the following steps that every company can follow towards stricter access control to data:

  • Synchronize. Approved credentials and access rights between human resources and IT rarely match. As employees move within an organization access privileges can follow them and quickly mount. Ensuring that employees only have access to the information appropriate for their position is an essential first step in avoiding the manipulation and loss of data. For example, an employee moving from an IT role to a sales position could potentially bring with them the access rights to log in and manipulate sales data bases crediting themselves with commissions they didn’t earn.
  • Passwords. Companies seem to have forgotten that passwords exist for a reason, security. In many organizations passwords have become yet another issue of inconvenience for employees. To combat this some organizations have adopted a relaxed approach to passwords in many cases sharing login information for whole departments or not requiring the changing of or implementation of complex passwords. This creates a fundamental breakdown in security practices as shared or easy to crack passwords can be quickly spread throughout an organization allowing unauthorized personnel to access critical data files.
  • Pattern Behavior. While it’s not possible to view every data transaction in a large corporate environment, Ecora does encourage companies to be cognizant of behavior. For example, if a staffer is suddenly downloading files at an aggressive rate or outside traditional business hours, this should be a red flag that further investigation is needed into the transactions.
  • Go Beyond the Audit. Due to regulations such as Sarbanes-Oxley, companies each year gear up for audits to ensure that all mandates are being met. Ecora suggests that companies strive for a constant state of data access control and not wait for audit season to ensure that they are meeting the appropriate governance standards. It is also important to remember that because a company passes an audit, doesn’t mean they are risk free. Compliance and security are not always defined the same.

New Webinar

Combating Counterfeiting

How can you prevent your identification cards from being easy to duplicate?

New Webinar

Expanding Options with IP

IP has changed the way people are thinking about security for their industrial environments. With the vast capability for collecting and analyzing data that comes with an IP-based security system, the mission is no longer simply surveillance, but an integrated security system.

Poll

What effect will the predicted downturn in the economy have on the security industry overall?





Events