The Effects of Economic Downturn on Data Security

2:01 pm on January 14, 2009 | By Edward Chung | In data breach, identity theft, pc security tips, risk management | No Comments

The current economic landscape has left corporations brutally exposed to loss and even abuse of sensitive data.  According to a survey conducted by SailPoint of over 100 Fortune 1000 IT managers, “nearly 70 percent can’t summarize which workers have access to the most critical applications and data. Further, if faced with a layoff, 44 percent of respondents are unable to remove access privileges of terminated employees on a timely basis.”  This is extremely dangerous with the high number of layoffs and merger/acquisitions that are increasingly happening every day.  It allows for situations where disgruntled workers can maliciously misuse their access such as in the case of the disgruntled S.F. admin who hijacked their network.

Public CIO has some useful tips on what to look for and how to keep your company from being vulnerable.  The four things to look out for are :

  • Orphan Accounts – Do employees that no longer work at your company have access to any systems
  • Access Level of Contractors/Temps – Do you regularly restrict the access you give to contractors as they move off and on various projects
  • Entitlement Creep – Have employees who have worked at your company for a long time received more access than they should have just for being around?
  • Separation of Duties – Do any employees have excessive control over critical business transactions?

Regularly monitoring these things should greatly help maintain access control over your sensitive data so that the economy does not cause more damage than it already has.

Share/Save/Bookmark

 

Not even Google is immune to security threats.

2:10 pm on July 22, 2008 | By Meghan Whelan | In data breach, pc security tips | 2 Comments

Earlier this month, a major breach was reported when a third-party employee benefits administrator’s office was burglarized and part of the theft included personal employee data. Data breaches happen all the time, but this particular incident raised some eyebrows because it happened to Google.

Turns out the company Google had entrusted with administering benefits to its employees and protecting their personal information is just as vulnerable as everybody else to this type of risk. A company like Google must prove its ability to secure user data on a daily basis, or they won’t have users. So why, then, would they not ensure such security measures are being taken by third-party vendors to secure employee data?

The problem is more common than we’d all like to admit. It can happen to anyone who hands over their employees’ or clients’ personal information to a third-party vendor. And is that vendor to blame when the information is breached? Yes and no. The responsibility is still on the company its employees and clients trusted to secure their data, regardless of where that data travels along the B2B highway.

Bottom line: vendors, contractors, and service providers should be measured not only by the quality/value of their services but by their diligence in maintaining the privacy of the custodial data they’ve taken responsibility for.  When considering a vendor, add a sound security policy to the items you value. You won’t be sorry.

Share/Save/Bookmark