Data Security Enhancement and Business Ethics

Data security is one of the key points of business success regardless of the company’s size and scope of activities. There is plenty of information that is difficult or impossible to recover or replace in case of loss, including corporate and personal files, payment data, bank account details, and customer contacts.

It is not infrequent that security breaches happen due to the wrong perception of danger. In many cases, company leaders believe that data leaks happen as a result of a third-party interference or technology failure. In deed and not in name, hacker attacks are only one of numerous security threats, far outnumbered by detrimental mistakes committed by the company’s insiders. According to the recent statistics, more than 60% of all data security breaches happen from within (Von Solms & Van Niekerk, 2013).

Risks and Threats of Company Data

In order to defend an organization from both in-house and third-party hazards, it is necessary to understand what types of risks it may face. They include (Jouini, Rabai, & Aissa, 2014):

1. Technology with questionable or weak security level. Since there are a lot of technological devices released every day, some companies tend to opt for innovative and cheap solutions, helping to save money. The problem is that plenty of new gadgets have no plan for device protection while allowing Internet connection. Unsecured connections increase vulnerability, making it much easier for hackers to steal data.
2. Social media cyber attacks. In every organization, there is a list of websites that its employees frequently access while being at work. Thus, it hackers manage to infect the entire cluster of websites the company is supposed to visit on a daily basis, they will get an access to the best part of data stored in the organizational network. This type of geographical attack is called water holing. Despite its complexity, it is widespread in social media and proves to be rather successful (Cavelty, 2014).
3. Mobile phone viruses. Most organizations rely heavily on mobile connections. Besides, the majority of business people use their corporate or private smartphones for storing data related to work, reading and sending email, searching for information, accessing data bases, etc. Yet, despite this wide range of functions performed daily, there is still a tendency to underestimate mobile security threats. A lot of users are much less concerned about it than about the safety of their computers. For this reason, cybercriminals can easily target mobile devices and steal classified information.
4. Third-party entry. This is the path of the least resistance hackers choose to steal secret data. There are plenty of firms that lack in-house labor resources, which makes them resort to third-party providers, who are allowed to access corporate networks. That is currently one of the major causes of all data breaches. When the credentials of the third party are stolen, it is easy for cybercriminals to use them for obtaining financial information of thousands of customers.
5. Configuration neglect. The issue of configuration may seem insignificant but disregarding it still leads to deplorable consequences. Organizations typically neglect security settings configuration, relying on the default mode. As a result, some critical functionality may be accidentally disabled, which leads to data leaks (Cavelty, 2014).
6. Outdated software. Big data cannot be fully protected unless regular updates of software take place. This is another mistake committed by a lot of firms as they believe that it is enough to install security software and forget about it. In fact, it can protect the system only against existing threats. This means that a new malicious code unknown to the outdated version can easily pass undetected.
7. Social engineering. In the age of technology, companies mostly focus on protecting data from computer intrusion techniques. However, there are also non-technical methods to steal data like social engineering. It gains access to confidential information through social interactions and manipulation. This method is often underestimated, which makes it highly unpredictable and efficient.
8. Ineffective encryption or total lack of it. It is essential to protect data not only in transit but also at rest, which requires every computer in the network to be encrypted. This way data cannot be stolen when the computer is in the offline mode.
9. Accessing corporate data from personal devices. Since plenty of employees access their corporate accounts from personal smartphones, tablets and computers, classified information is always at risk of being breached through loopholes.
10. Excessive reliance on technology. The majority of anti-virus programs offered today for protecting corporate networks send alerts when they detect attempt of intrusion. Yet, it is typical of organization members to forget that such alerts are valuable only if there is somebody who can immediately address them. No matter how sophisticated technologies may be, they cannot ensure full protection since any device or software is meant to be a managed tool.

Ways to Ensure Data Protection and Business Continuity

When the system is subject to an attack, it causes not only data leaks, but also downtime. The cost of it in the modern, extremely competitive business environment is too high for companies since most of their bases rely on continuous availability. Business continuity is the ability of the organization to ensure resilient systems that would work even in case of unpredicted downtime. Such systems heavily rely on data protection, which can be achieved in the following ways (Engel, n.d.):

1. Identifying security risks. Before addressing the problem of data security and investing into expensive protection systems, it is essential to identify what real risks are associated with the activities the company performs. This way, an effective plan can be developed to ensure that the new security policy complies with privacy laws. It is a mistake to start taking any steps without appointing a professional data protection officer who is aware of the most probable threats that the organization may encounter. As soon as he/she outlines risks, it will be much easier to carry out landscaping and assessing the value of the information that can be breached.
2. Analyzing information. In order to develop a protection plan, organization leaders must ensure that they fully understand what the information is about, what it is used for, and who has the right to access it. Not only digital but also physical aspects should be taken into account, including visibility of computer screens, staff reliability, etc.
3. Involving employees. There is a common mistake of managers to keep employees unaware of the existing problems to avoid negative reactions. However, the staff can play a significant role in safeguarding the data if the organization leaders manage to communicate the importance of protection. The point is that it is common for employees to conceal information losses because of the fear of being fired or reprimanded. The task of top management is therefore to dispel this fear and encourage the staff to unity in a collaborative effort.
4. Investing in management information systems. A good MIS provides information required to manage them effectively and thereby protect data (Fielder, Panaousis, Malacaria, Hankin, & Smeraldi, 2016).
5. Enforcing strong passwords. Establishing simple passwords makes it much easier for hackers to crack the system. Thus, the organization must apply the system checking password difficulty to ensure that they cannot be guessed.
6. Creating the action plan. Ensuring continuity is possible only if there is a plan of action in case of emergency outlining steps to be taken as a part of an immediate reaction.
7. Encrypting every piece of information. Data must not be accessible without authority in case the device (a tablet or a smartphone) is lost in a public place.
8. Securing multifunctional devices. Printed documents often contain confidential data. That is why it is desirable to use secure print option, which will require a password to lease the document.
9. Installing antivirus protection and firewall. Internet traffic must be controlled with the help of firewalls to avoid leaks. Anti-malware programs are necessary to prevent online attacks and to eliminate viruses from other sources.
10. Updating regularly. Full protection is possible only if all programs are updated as soon as a new version is released.

Conclusion

While data losses due to natural disasters (flood, fire, etc.) are devastating, viruses or hacker attacks are not only destructive but also threatening to the company’s future performance since the information can be used by rivals to its detriment. Thus, it is the duty of any organization to ensure data privacy in order to meet the expectations of all stakeholders involved, including its employees, partners, and customers.

References

Cavelty, M. D. (2014). Breaking the cyber-security dilemma: Aligning security needs and removing vulnerabilities. Science and Engineering Ethics, 20(3), 701-715.

Engel, F. (n.d.). Best practices for protecting critical business data. IT Today. Web.

Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support approaches for cyber security investment. Decision Support Systems, 86(1), 13-23.

Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of security threats in information systems. Procedia Computer Science, 32(1), 489-496.

Network security–keep you secure online all the time [Image]. (2017). Web.

Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38(1), 97-102.