At the end of November, Information Security Magazine online did a news article about current data sharing. According to a survey about the costs of data breaches, there has been a 43% rise of cost since 2005. This is a huge increase and should be taken into account when gauging the costs of security and what actions or additons should be made for security. TJX, who I blogged about yesterday, had a major breach and they are paying the cost for damages through banks of over 40 million. This is just one example of current breach costs.
But back to the main point of the post, data sharing. The article talks about how companies are sharing intellectual property to their suppliers, customers, and clients without policies in place to monitor or restrict that sharing. This can lead to some information “donations” to people outside the company that are not wanted by the executives. Most times, people are trustworthy but it only takes one bad apple to lead to a security breach or costs for the company in intellectual property leaks, bad publicity, and lost business. However, you don’t want to over-regulate data sharing in a company because it does lead to cost savings. If a company over regulates, the employees start to find ways to get around the regulations, working under the radar and that leads to sometimes even larger security problems.
As the article states, companies need to have security audits and make sure to educate their employees about what information is vital to the company and should be guarded and what information can be used to pave the way with clients and other outside entities. Policies should be written and IT solutions should be investigated that help to aid ease of complience with employees. Risks and solutions should be evaluated. Knowledge of risks help to decrease being blindsided by a breach.
J Rae Unbound 