How can company information be stolen, shared or copied improperly? Nowadays, people seem to believe that the information lines are blurred since everything happens in a second. In reality, these limits are more important than ever. The possibilities are almost as limitless as our imaginations:
- Except mobile devices on the block, almost all smartphones and many tablets have microSD slot for cards up to 64 gigabytes of memory.
- USB flash drives (pen drives) have such large capacities as 128 gigabytes of memory.
- Storage services in the cloud (virtual hard disks) can offer for free between 5 and 50 gigabytes of space.
- The free emails allow sending and receiving large files, and the ability of the inbox can be in some cases unlimited.
- There are (smaller than a portfolio) miniature hard drives with up to 500 gigabytes of storage capacity.
- For further access controls and “security” we have in our company, there is always the possibility that an employee takes pictures to the screen of your computer with your cell phone.
Then, before a computing landscape with so many possibilities how can we take care of business information not only to look after our secrets or valuable information but to fully with the laws that require us to enforce it? Although there is no magic formula to stop any seepage or leakage of information, we can take the following steps to mitigate these risks on a large scale:
- Implement awareness campaigns within your organization. Make an awareness campaign among all your employees, from security guards to the directors, whose purpose is your workforce: (a) understand what is sensitive confidential, secret, or classified, and why that information keeps such classification, (b) know the legal consequences that may arise if you share, copy or disclose such information.
- Review or made contracts with protection clauses. Every employee, whether direct or indirect (outsourcing), must have in his individual employment contract two clauses: the confidentiality of information and protection of personal data.
- Develop labor policies around these issues. Prepare your company policies governing the use of computing resources, social networks, confidential information, and privacy. These policies must be linked to the Internal Regulations Working or ideally the individual contract of employment.
- Adopt security measures. Every company (including individuals) is required by law to have appropriate technical, physical and administrative safeguards to protect your data against theft, destruction, alteration, use or unauthorized access security.
- Make a plan of response in case of incidents. If there is a breach of your information or databases, you must have formulated a response plan that includes at least: (a) the detection of compromised information, (b) corrective and preventive measures.
- If a crime was committed, filing the complaint or corresponding complaint before the Public Ministry. People often think that “nothing happens” if violent their duties of confidentiality or information security. Until we promote a culture of legality, such actions will go unpunished.
As I have mentioned before the security and confidentiality of information it is the obligation of all! No matter whether or not you have signed a contract or confidentiality clause, you are legally required in most cases to protect the confidentiality, availability, and integrity of information.