Confidential information is one of a company’s most valuable assets. It is important for all employees who have access to such information to refrain from using it in a way that could hurt the company. It could be as innocent as telling a friend or family member about a special project they are working on or malicious like downloading files to take with them when they leave the company. Insider theft is an epidemic in business and it doesn’t always have to do with physical items, it can be an idea or client list, too. Sharing confidential information can cause a company to lose millions (or more). You can see why it’s important for a company to protect their information.
A company’s confidential information is stored in different ways – electronically, on hard copy, or mentally, by the people having access to it. It is important to ensure that all employees who have access to this information sign confidentiality agreements so that the company’s business transactions are protected. A company can take the following steps to secure its confidential information:
- It should first identify the confidential information; the company should have a confidentiality policy which should be signed by all the employees.
- Confidential information should be stored in places which are not accessible to unauthorized people.
- When such confidential information needs to be passed on it should be done so by secure means like encrypted emails or secure file transfer.
- The confidential information should be shared only when it is absolutely necessary to do so and only shared with people authorized to have access to it.
Employees who sign these agreements with the company are liable if they illegally share the information and will most likely be terminated. Unfortunately not all companies have a formal process to keep information from being shared. Even with a confidentiality agreement, it doesn’t mean that the employee still won’t steal the information. With the practice of BYOD, many employees are taking their work (and confidential company information) home with them. Maybe they wouldn’t share it with others, but having their personal phone with them everywhere they go opens it up to have the device lost or stolen.
I think most of us remember the Apple employee that forgot the new prototype of the iPhone at a bar. Soon the whole world (and the other cell phone manufacturers) knew what top secret items Apple was planning to introduce. This can easily happen at your company. It’s 8 o’clock- do you know where your employees (and your data) is?
There are a few ways that businesses can try to curb data theft by their employees (and ex-employees). One way is to ban the type of apps that your employees can download on a company device. Apps like Sugar Sync and Dropbox can be an easy way that employees can take information, place it in their Dropbox and access it from another device. You can protect your confidential information through monitoring your employees PC and devices. If you see strange download activity or them accessing files that have nothing to do with their job, you can investigate further.
Don’t leave your confidential information to chance. Protect your company by taking the right security measures.
Gail VanWhy is an IT manager who also contributes regularly over at the Sniper Spy blog, a remote spy app packed with useful features.