The challenge of keeping valuable secrets confidential is often held in tension with the challenge of being a robust company with opportunity to discover and grow. Some companies lock-down information so tightly it can inhibit workflow, cause unnecessary duplication, and even generate a culture of suspicion. Other businesses may err the other way and lose valuable information that can hurt the future of the company.
Building a comprehensive secure strategy includes an internal evaluation of your business, your infrastructure and your staff as well as an external evaluation of potential threats facing your business. In their recent “Guide to Intellectual Property Protection,” CSO offer a basic overview for securing intellectual property. [1] Their guide provides a helpful outline for thinking about security in general. Here are the highlights of how to begin asking questions about your business:
- Your Assets
- Networks and Data
- Physical Devices
- Staff
- Data and Media Destruction Plan
- Clean Desk Practices
- Policies
1. Your Assets – What needs to be secured? What could hurt your business if it was exposed to competitors, public, thieves? Many business fail by not understanding what it valuable. For some companies, certain processes may be as valuable as certain products. For instance, logistics management may be the key to succeeding in a market. What could hurt your business the most if it were exposed? By asking these types of questions at every level of the business, you can develop priorities, create a plan of protection, and help employees understand how to help support security efforts.
2. Networks and Data – Since much of your valuable data is digital, effective network management is a fundamental part of overall security. By understanding asset protection priorities, you can make better decisions about levels of encryption needed for various types of data (in the future, I explore encryption on deeper levels), about available technologies, and about potential areas of risk.
3. Physical Devices – What kind of devices can capture information or transmit information in your business? Many of these devices play an essential role in day to day business, but it is important to understand how they could pose sources of risk. CSO recommends a physical access control strategy that considers all used devices, their potential risks, and steps to improve security. Devices may include USB drives, mobile devices, laptop applications, cameras, routers, antennas, digital audio recorders, VOIP Telephones, binoculars, Zoom Cameras, iPod, DVD (and other recordable media), and even paper.
4. Staff – Who works for you? Who is disgruntled? Understanding your employees is not simply about suspicion but about understanding potential risks or strategies for safety. Many disgruntled employees have caused great damage in companies. Some companies have failed to complete proper background checks when hiring staff and have unwittingly welcomed thieves into the business. While a tiny percent (if any) are dangerous with intent on hurting the business, it is possible that many could create risks by carelessness or manipulation via social engineering. Proper training and support can help many employees play a vital role in the overall protection of a company.
5. Data and Media Destruction Plan – What’s your strategy for eliminating information no longer needed? From printed paper to digital information, outdated data can be a source of leaking information. It can also create a problem of redundant documents on computers or in the cloud that contain wrong information. Data management and data destruction requires a strategy that combines training, governance and technology.
6. Clean Desk Practices – How are employees trained to protect information at their workstation? What about projects that are in process? From locked desks to password-protected file cabinets to using social media, there are a range of ways employees can accidentally expose company information, and it is helpful to have policies and training in place.
These categories offer a way to begin thinking about developing a more secure workplace. Integracon works with clients in various fields to safeguard everything from client data to vital company information. To discuss your overall security strategy, to upgrade your infrastructure, or to test your networking security solutions, contact Integracon at 865-330-2323 or Live Chat Now.
[1] The Ultimate Guide to Intellectual Property Protection. CSO Magazine. June 6, 2012 <http://www.csoonline.com/article/707774/cso-s-ultimate-guide-to-intellectual-property-protection>