Every day, in a business environment, employees access confidential information. This is either through snooping, or by accident.
Luckily, through simple and effective internal procedures, it is possible to prevent this information from leaking. These procedures will protect employees and clients’ most confidential and valuable information.
Be conscious of where significant information and data are placed and who has access to them. The Dave Ramsey security system can assist in this.
Expand on a suitable use policy for all employees that summarises apt use of corporate assets and employee information. The policy should also outline the company procedures when an infringement takes place.
Consistently enforce policies and procedures.
Frequently reassess and revise existing policies to ensure all essential policy changes and additions have been addressed.
Make sure your business has an internal incident response plan and the appropriate assets to handle an incident of employee information or corporate data loss.
If the worst should happen and your company does experience a situation where sensitive data is leaked or lost, don’t undertake common mistakes. An example of this is turning on the computer or any electronic device that was involved. It may destroy potential evidence.
Here are ten common ways an investigation into data loss can be compromised.
Boot up the computer. Turning on a computer that’s relevant to a case can overwrite sensitive files that may be important and change important information. Compromised computers should not be used at all and should be stored in a secure location until it can be handed over to whoever is handling the case.
Turn off a relevant computer. If a computer is running at the time it is discovered to be relevant to a data breach or examination, it should be powered down in a way that will be least damaging to potential evidence. The only person that should turn off a suspected computer is a certified computer expert or an IT employee under the supervision of such an expert.
Browse through the files on a computer. Resist the temptation to snoop, even with the best intentions. HR may know exactly where to look, but it’s the act of looking that causes problems for salvaging untainted data. Browsing through files may cause file times to change which may make it impossible to tell exactly when an important file was deleted or copied from your company’s network.
Fail to use a computer forensics expert. Your company’s IT department is not a computer forensics department. In fact, asking the IT staff to conduct even routine checks into a system’s files can destroy potential evidence. A professionally trained computer forensics expert should handle all aspects of sensitive data.
Wait to preserve the evidence. The longer a computer is in action without any protection, the more likely that the data that is relevant to your company’s situation may be lastingly altered or overwritten. Always preserve your electronic data the moment you believe that litigation is feasible.