The Crunch helps Security- or does it?

Statistics show that people have been traveling around on business less over the last 6 months.  This is good news because it means that there is less insecure working.  However, don’t let desperation to seal a deal lead to careless business practice.

One of the best places to pick up sensitive information is the Executive lounge in just about any airport I have ever visited.  People treat it like their own office and have meetings, make phone calls and work on documents and laptops in plain sight.  My next favourite hunting ground is the train where people are, too often, happy to conduct personal  telephone banking in the company of 50  (or 150 in the rush hour)  strangers  However, as the recession bites most businesses are carefully monitoring their travel budgets and so less work is conducted on the move, reducing the overall risk  

However, the challenge of the current economic difficulties are not all good for security.  As we all redouble our efforts to win sales,  sensible business practice can be overlooked. Some paperwork can help – a Non-Disclosure Agreement (NDA) will allow you to share business confidential information with potential partners, suppliers and customers, while ensuring that any abuse of the information has some mitigation in the event of disaster.  However, don't just do this where you have concerns - make it a standard part of your “good business practice” process and you are less likely to give the mistaken impression that you don't trust your project partner or potential customer.

Safe disposal- Hardware may be re-used, donated to charity, sold on EBay or dropped at the tip but first be sure that the contents are properly removed.  RBS got caught with that problem last year when the contractor who they had employed to dispose of their hardware was caught selling machines that still contained sensitive information, on Ebay,.

As staff are, sadly, being made redundant (or believe they might be) the risk that they will walk out of the door with your customer records on a portable device- or just e-mailed out- increase.  One way to deal with this is to use a Data Management System.  This can allow control over how a document is handled at all stages,, from reading, writing and  amending to copying and deleting.  A word of warning on this though is that it works best where there is already a culture of role based access to documents to work from.

A simpler solution is to go back to the way things operated in the days of mainframes so that key documents are not stored locally at all.  They are stored on a central system and are worked on other machines- but the document remains on the central drive with no copying permissions allowed.

My Economic Crunch Security Tips 

• As a matter of routine have NDAs in place with anyone you do business with. 
• Dispose of hardware carefully.
• Protect your sensitive information from copying and removal.
• Store sensitive data on a protected drive that will inhibit copying.