The majority of data contamination and loss of intellectual property occurs as a result of security breaches within an organisation. For this reason, South African businesses are urged to tighten up the security of their internal data stores in order to maintain their competitive advantage.
For many companies, data and information storage is concurrently their most valuable asset and greatest vulnerability. A recent study conducted by IT company, Magix, indicated that up to 80% of data breaches are caused by unintentional errors by staff. Furthermore, 45% of companies surveyed said they do not monitor database access, and a mere 14% were able to detect whether unauthorised devices were attached to their corporate network. It is not hacking alone that companies need to look out for. Hacking involves sophisticated and invasive coding where the challenge is usually simply to gain entry into a closed system. The greater danger is internal security breaches such as password sharing and the circulation of unprotected emails within a company which allow criminals access to confidential information.
A security system is only as good as the people who are using it. Technology is still an evolving not a natural concept to many South African employees who do not always understand the consequences of what they are doing with the data – and why passwords and protocols are necessary.
Companies should carefully screen the employees who will be handling confidential company information. At a basic level, this can be done by means of a simple credit check. It is also vital that employees are trained on how to use internal systems so that they can be held accountable for the security of the data. There is no point in having state-of-the-art firewalls and anti-virus programmes in place if your employees do not know how to check if the protection is valid and working.
It is in companies’ best interests to incorporate automated tests into their network system which will conduct regular security checks. These tests should run in conjunction with everyday activities. They generate activity reports for individual IP addresses, which not only enforce individual accountability for data security, but also enable companies to reassure their customers and clients as to the confidentiality of the information that they share. It is also important to commission regular penetration and vulnerability tests which assess the effectiveness of the security measures and can detect the possibility of an internal or external breach of security.
The nature of business today means that companies are storing huge amounts of data on central servers. This data is used by company executives, CEOs and junior employees alike and most of this information may be construed as confidential and sensitive. The challenge is to implement processes and procedures that allow the appropriate people access to the system, but ensure the security of the data at the same time.