Loss Prevention: Protection of Sensitive Information

July 24, 2013Leave a comment

Information is ammunition

Information is ammunition

A lot of countries are experiencing the pinch of the financial crisis. Corporations are experiencing a lot of losses and they want to have an advantage on the competition. Corporations will try to use ethical, and in most instances unethical means to get data they need to gain advantage. Companies are so serious and dedicated to the cause to the point that they are hiring ex-military and government trained personnel in the art of spying. Once they acquired the proprietary data they will be able to use it to their own advantage or sell it to the highest bidder.

A corporation will be able to protect itself from corporate espionage by hiring a security provider that will advise and develop security plans for the company. Hiring a security agency will definitely help in the protection of sensitive date because they have the know-how and trained personnel for the job.  There are things that a company must do so that they will not be an easy prey and free from losses.

Identifying which information is sensitive

Identifying which information is sensitive

Identify the sensitive data

There are companies that are not fully aware which data is sensitive and which is not. Identifying which information is sensitive, its risk and impact to the company’s security are really important in your security plans.

shredding the documents after use to reduce of its risk to be easily accessed(pictures by aye de la cruz)

shredding the documents after use to reduce of its risk to be easily accessed(pictures by Aye de la Cruz)

Weak in handling sensitive information

The company must have a process in handling sensitive information. An example of this is maintaining a paperless environment or shredding the documents after use to reduce of its risk to be easily accessed.

Store your Keys Properly

Store your Keys Properly

Physical Materials that are used for the sensitive information are not stored in secure places

Physical materials such as keys, security badges and blank forms can be used to gain access to restricted areas. Once the person has access to restricted facilities they can easily get the information they need.

Personnel are not adequately educated of the risk or trained to handle sensitive information

Orient employees of the security measures of the company

Orient employees of the security measures of the company

Employees that are not fully aware of the risk and tend to be passive on the security measures of the company. Proper training in handling sensitive information should be done to prevent the risk of the breach of security.

 

List down all the security requirements for your contractors

List down all the security requirements for your contractors

Contracts from third party contractors does not specify the security requirements for sensitive information

Contractors may have access to restricted areas and the risk of information be stolen is high. Contracts should specify the risk involved and a penalty clause should be in the contract in case of breach.

The Need for Security Audits

Absence of security audits will not determine whether the security controls for the sensitive information are effective or not.

We need to remember that any information that is confidential and of high value is considered sensitive. Unauthorized disclosure, alteration or destruction of sensitive will cause losses to the company.

Leave a comment