June 04, 2014
"Security is not a product, but a process." That should be the mantra of every security engineer today, according to Bruce Schneier, a cryptographer, computer security and privacy specialist, and writer.
“It’s more than designing strong cryptography into a system,” he said in an online post. “It's designing the entire system such that all security measures work together.”
With data breach incidents reaching new heights every year, this ‘process’ of information security needs to be an integral part of running a business. Of course, as a key component of privacy legislation and compliance standards, protecting private information is also the law.
So what should it look like in the workplace?
It should be a combination of security products and tools, technologies, policies and procedures that work together to safeguard the availability, integrity and privacy of all personally identifiable information.
While there are many different kinds of data breach incidents, the ones that get the most attention involve cyber espionage. A recent example is the sizable Target breach where approximately 40 million holiday shoppers had their credit and debit card account information stolen by computer hackers.
But mishandled paper documents still cause a lot of data breaches too. For example, in a recent report on privacy breaches, Stephen Warren of Veterans Affairs said that between 96 and 98% of data breach incidents at the Veterans Affairs Department involve paper documents. "People are not thinking about the fact that that piece of paper they're carrying around making benefits determinations has sensitive information, and they need to protect it."
Interestingly, over half of U.S. businesses believe a security breach would not seriously impact their business. But it would. Research has shown it not only damages reputation and client relationships but it costs about $145 per lost or stolen record, according to the Ponemon 2014 Cost of a Data Breach.
The Shred-it State of the Industry Report showed that the average organization loses five percent of its revenue to fraud every year.
While all workplaces need information security policies and procedures, here are some of the hot spots to keep in mind:
Learn more about how a company can improve its information security by protecting its most important asset, its data.