Johannesburg, 02 Dec 2008
South African businesses are only too well aware of the extreme criminal threats to personal wellbeing and physical assets they, their employees as well as shareholders face on a daily basis and take measures to try to reduce the threats. Few, however, realise the criminal threat today extends to the virtual world where the information in a corporate database can be worth more to a clever criminal and is easier to obtain than a company`s physical assets.
There is an understanding among executives that virtual assets need to be protected and some enterprises have monitoring solutions in place. However, while they feel their data is protected, it is not.
"Companies that monitor access to virtual assets should be lauded for taking some action to protect the future of their organisations," says Amir Lubashevsky, executive director of Magix Integration. "Yet even these business leaders are making a critical mistake and leaving their companies vulnerable to data thieves."
Lubashevsky explains that monitoring only supports reactive action along the lines of shutting the stable door after the horse has bolted. Data leakage can only effectively be stopped if companies implement preventative measures.
"To make the move from reactive to preventative requires a corporate mind shift away from traditional monitoring policies to new processes that automatically set measures in motion as soon as a breach is detected," Lubashevsky adds. "This is not some policy that can be dictated from the executive suite, but needs to be implemented with the support of staff who must understand its importance to the company and, by implication, to their jobs."
In a green fields implementation it is easy to start with the best policies and processes and to induct staff into a preventative mindset, but for companies with a long history of poor data protection the changes can be challenging and even threatening to staff. Efficient change management has therefore become a critical component of preventing data leakage.
"It`s only when staff are part of the solution that real preventative processes can be put in place and enforced," says Lubashevsky. "And it`s only when the entire process is backed at board level that those managers responsible for its implementation will have the necessary support to ensure the new policies filter down to every person in the organisation."
The most important issue to remember, however, is that the implementation process is never complete. Security is a continuous cycle of assess, plan, implement and monitor, where the company`s security processes are continuously analysed and improved.
Share