As a manager, how would you plan on securing organizational data? How does security effectiveness and relative cost figure into those plans?
A breach in security can have seriously damaging impacts on an organization. One needs to consider two elements with respect to information breaches. The first entails upfront investigation so as to prevent technological data breach in future. Other than this a thorough investigation has to be conducted with respect to timings of staff and other resources including managing the situation after a data breach. Effectively managing data after a data breach can help an organization to save itself from significant losses with respect to finance and other confidential data. A study on the cost of data breach revealed that the two significant reasons for data breach are due to systems and human error (The Walls Street Journal, 2013).
In this case, supervisors should exercise extreme care to ensure the security of data. Venafi maintains the five best practices along with possible suggestions and failure to secure data. According to this survey, it has surfaced that most organizations refrain from conducting quarterly training compliance and security due to significant hurdles like time and resource shortage and lack of knowledge (Venafi, 2011).
Most organizations feel that the cost involved in security data is unexpectedly high. In this case, they forget that a data breach can result in gross financial as well as reputational damages. This is mainly because global laws have granted diverse protections to customers. The costs incurred from a data security breach may be classified into direct and indirect costs. The direct costs are those which are incurred directly by the organization to tackle breach of sensitive and confidential data. According to Ponemon Institute, as per March 2012 the direct cost associated per data breach is around $194/- (Ponemon Institute, 2012). This amount is equal to one compromised record. In most cases, firms may be sued by customers and have to cough up the litigation charges associated with data breach. The indirect cost is incurred in the form of reputation loss. One of the common setbacks for firms challenged with data breach is with respect to decrease in the market share and sales (Sedhom & Sanscrainte, 2009).
The above are some reasons as to why it is very important for supervisors to effectively balance costs and at the same time opt for the most resourceful data security software. Supervisors may consider several among the below listed operations in order to effectively secure data.
Network protection – it is very essential that any computer which falls under the same internet network should have firewall protection and it is mandatory that this firewall is maintained and evaluated from time to time. However, firms should not only depend on firewalls but also try to install other protection measures like quarantine technologies. Several firms have sophisticated computer networks and programs and installing secure cloud applications help in preventing data breach (Phifer, 2011). This is essentially helpful in securing data when accessed from remote applications. Remote applications have become a common feature as most people use mobile phones and laptops to access company confidential data from elsewhere and hence firms should install such software for data security.
Environment access – supervisors should have thorough knowledge about the components in a network environment. It is important that managers should evaluate the overall quality of the security program other than recognizing the security and asset issues. In fact, all organizations should devise and implement a set of policies for data security so that they control the employment of resources and technology in the firm.
Protecting clients and servers – supervisors should ensure that updated protection has been levied on all office as well as client servers. Moreover, in order to recover data in case of a security breach, supervisors should have a recovery and backup plan so as to restore the information and security within the shortest possible time.
Environment monitoring – the central function in trying to secure data entails auditing and monitoring the security system. Supervisors should plan and formulate a proactive strategy so as to audit the network which may help in recognizing systems configured in manners that are not complaint with the best practices of a firm. In order to attain this, regular analysis of server and client logs is essential so as to determine the common patterns of cyber attack (Technet, 2013).
Last, it is the sole responsibility of supervisors to educate the other employees about the significance of protecting confidential information. Training should be imparted to personnel so that they are well aware of certain security systems for securing data. This is especially needed for personnel working from remote locations and servers. Organizations should wake up to the immense threat and loss due to security breach and should implement preventive measures by bringing about a balance in costs as well as effectiveness of resources. The globe experiences all types and scales of data breaches. It may not be possible to guarantee that the organization will never experience a breach in data but it is always recommended to take certain preventive actions for safeguarding information and pay long term dividends.
References
Phifer, L. (2011). 5 best practices for securing remote access. Retrieved December 12, 2013 from http://www.esecurityplanet.com/security-how-to/5-Best-Practices-for-Securing-Remote-Access-3937121.htm
Ponemon Institute. (2012). 2011 Cost of data breach study: United States. Retrieved December 12, 2013 from http://www.ponemon.org/local/upload/file/2011_US_CODB_FINAL_5.pdf
Sedhom, R.V. & Sanscrainte, J.W. (2009). Global data privacy and security: concerns, considerations and conclusions. Privacy & Data Security Law Journal, 387 – 398.
Technet. (2013). Enterprise security best practices. Retrieved December 12, 2013 from http://technet.microsoft.com/en-us/library/dd277328.aspx
The Walls Street Journal (2013). Ponemon and Symantec finds most data breaches caused by human and system errors. Retrieved December 12, 2013 from http://online.wsj.com/article/PR-CO-20130605-902647.html
Venafi (2011). 2011 IT Security best practices assessment: security and compliance best practices and rankings. Retrieved December 12, 2013 from http://www.venafi.com/wp-content/uploads/2011/09/2011_IT_Security_Best_Practices_Assessment_Executive_Overview.pdf
