Business | Opinion
Virtual assets security in focus
Workplace security has shifted its emphasis from physical break-ins and employee theft to the more important, but invisible, threat to sensitive electronic data.
- By Carole Spiers, Special to Gulf News
- Published: 01:18 September 30, 2008
Workplace security has shifted its emphasis from physical break-ins and employee theft to the more important, but invisible, threat to sensitive electronic data.
To most employees, the modern science of data-security is something daunting in its scale, complexity and speed of change. They often feel quite confused by it, and conclude that it would take years to learn it all. So they tend not to try. If they haven't been involved in a security breach, they just feel relieved, and trust the data security specialists to handle the situation.
These data security specialists are, of course, a new and important breed of managers, and the recruiting of the best applicants in this category is a major management priority.
But there is clearly a much wider agenda involving the entire workforce - how to encourage all employees to adopt daily work practices that reduce the risk of compromising security, the consequences of which may be disastrous.
A couple of weeks ago, in London, a top company has had a multi-million pound contract cancelled by the government because it was lax in its security and lost a USB drive containing the names and addresses of thousands of government employees.
It is accepted that most of the big security blunders we read about are caused not by hackers but by ordinary staff ignoring security processes, either deliberately or through carelessness. It is terrifying to think what damage can be done by just one person divulging their password over the internet.
All this points to need to basic information security training for staff.
Managers should maintain a strict attitude of security awareness throughout their department. Any employee, who is granted access to sensitive information, should be given formal induction training in information security.
When recruiting new staff, the job-descriptions, background checks and terms of employment should all include a tightly drawn-up confidentiality agreement. The terms of employment should spell out the mandatory regulations in detail.
I worked with a woman in publishing who retired to live in the country. Her employer had forgotten to ask for the return of all the data-assets to which she had previously had access - including the names, addresses and phone-numbers of the top 20,000 earners in the UK.
That material could have been worth a lot of money to the mailing houses and she received an uncomfortable visit from the firm's security chief at her retirement cottage, where she was told that she needed to prove her innocence of data piracy.
When terminating any employment contract, managers should supervise the return of all information assets before departure. This should include a full inventory of the organisation's hardware, software and data media in the outgoing employee's possession, as well as access rights to all information resources and processing facilities.
- The writer is a BBC broadcaster and motivational speaker, with 20 years' experience as CEO of Carole Spiers Group, an international stress consultancy based in London.
Share this article
More from Business Opinion
More from Business
Popular in Business
-
XPRESS
Way to go this DSF
A fun-filled route to guide you to all the happening dos in town
Business Editor's choice
-
Shaikh Mohammad reaffirms UAE unity
Vice-President quashes talk of discord and reassures investors on the strength of Dubai's economy
-
Pizzazz on the palm: A Nikki Bisiker project
Bright, bold and ultra glam are the top notes of this apartment in The Palm Jumeirah's beautiful marina
-
flydubai starts service to Sudanese capital
Dubai's first low cost airline, celebrated its eighth inaugural flight in less than six months
