The 2013 Target breach, 2014 Sony breach and other highly publicized security breaches have pushed the need for strong cyber-security to the forefront. Often, organizations are left vulnerable to cyber-criminals for a few reasons:
- Inadequate security controls
- Lack of user-based permissions, resulting in employees with too much access to sensitive information
- Mismanaged data that is kept in emails and shared drives instead of on a secure server, leading to employees accidentally sharing private data
- Lack of policies and procedures (or training on company policies) to guide employees on how to properly handle data and ensure its security
- No IT emergency action plan
Yes, having a proactive compliance program is an important component, but keeping private information secure starts with creating, implementing and training your employees on policies and procedures that detail how to correctly manage and protect data. When establishing these policies, consider:
- What type of information is considered private and needs to be kept secure
- What are the necessary different levels of security, based on the importance of data to your company; what information may need to be better protected (and/or have less access and greater restrictions to it) than other data
- Where the data will be stored, how often it will be backed up and where the backups will be housed
- What employees need access to which types of information and why
- How to track which employees have accessed which information and when
- How often the data needs to be updated and who is responsible for managing data
- What constitutes obsolete data, how it will be handled and who is in charge of getting rid of it
Your policies and procedures should cover all of these questions, and be kept just as secure as other proprietary information. Without the proper policies in place, your employees are more liable to unknowingly share sensitive data and you’re more likely to have private data that is unorganized and unaccounted for — leaving your organization more susceptible to data breaches.
With ConvergePoint’s Policy Management Software, your company can securely store its documents on its own on-premise SharePoint server, which offers greater security than third parties or shared servers. Housing all policies in one central document repository helps ensure private or outdated information isn’t accidentally shared via email or confused in share drives. Document storage capabilities, coupled with custom workflows, also allow you to control employees’ access to certain documents, ensuring the right employees only see the right, approved, most up-to-date policies.