What steps can a manager take to secure organizational data? How does security effectiveness and relative cost figure into those plans?
Data security is certainly a central necessity for any organization and a huge responsibility of management. If a company's data is breached, it can mean serious losses for the company as well as a discredited reputation. One example of a costly data breach is the moment TJ Maxx's data was breached by hackers in 2007 resulting in 45 million stolen credit cards and equating to significant company losses, including a drop in stock value by 10% ("The TJ Maxx Credit Card Incident"). Hence, protecting data is most definitely essential, and there are a few steps that any management team/company can take:
- It is especially important to encrypt all data, which is to translate all data into code. The encryption helps eliminate the possibility that those who should not see the data cannot see it.
- It's also essential to be sure that the company's passwords protecting sensitive data are complex enough to be secure. Secure passwords also help prevent hackers from breaching the data.
- Make sure that malware and antivirus software are up to date. Malware can make a system sensitive and able to be breached.
- Be sure that you are prepared to act if any data is breached.
It is also important to remember that any company's most vulnerable point is with respect to its employees. There are also several things management or a company can do to ensure that data is protected through employees as well:
- Be sure that employees are well trained in how to keep passwords secure and know exactly what the risks of insecure passwords are.
- It's also important to understand that, today, employees use the internet a great deal to complete their work efficiently and effectively; therefore, if a company locks the whole network down, then that only encourages employees to find ways to work around the lockdown, and finding ways around the lockdown actually creates more security risks rather than fewer.
- Finally, since a great deal of data these days is stored on portable devices, like smartphones and laptops, another essential step to ensure that data is protected is creating the ability to remotely wipe out all sensitive data in the event that a portable device is lost or stolen.