Forecasters predict that the amount of information companies have to manage will quadruple in the next ten years. Data management and security protocols are a growing risk management concern. Companies need to protect proprietary and confidential information including everything from their latest designs, internal communications, client data, marketing strategies, financial information, and the list goes on. Fact is, every aspect of your operations has information and data attached to it that competitors or worse would love to have access to. What can and should a company do to help manage this ever growing risk?
- Make sure you have cyber-liability and other insurance coverages to cover against these losses.
- Do a complete assessment of the most important risks. Not all are weighed equally. Make sure there is someone fully responsible for managing each one of those risks.
- Make sure you know where the information flows and who has access to it. Chances are, your employees have access to more information than they need to.
- Have protocols surrounding all information devices including servers, desktops, laptops, and mobile devices, video conferencing, online chats, and social media platforms.
- Train your employees on the risk associated with not properly managing this information or data.
- Hire a third party service to check your vulnerabilities.
- Employ today’s technologies to help better manage data. For example, Symantec and Web Sense are the leaders in data loss prevention. Their software is often used to prevent social security and credit card numbers from leaving a company.
- Have protocols around the use of social media. HR That Works members should take a look at the Social Media Training Module and related tools.
- Have clear protocols about people who are telecommuting to work or are third-party vendors.
- Make sure how you manage the departure of terminated or defected employees. Of course, you can have non-compete and confidentiality agreements as well as taking a checklist approach to making sure all equipment, passwords, etc. have been collected. If necessary you can employ counsel to file an injunction against use of any confidential information.
- Don’t forget about low-tech espionage including dumpster divers and the Xerox machine.
These suggestions are just a start. You should conduct an extensive risk management and technology assessment and there are plenty of vendors willing to help you with that effort.