Protect Stored Information
Before a business can protect stored information which might be mobile and confidential in nature such as competitive business information or consumer personal information, they must know what information is vulnerable to exploitation and where they are. These are the first two steps of the Identity KAOS principles for protecting consumer identities. More people nowadays are storing confidential information, whether business or personal information, on their laptops and other types of storage devices which can be carried around for the convenience of accessing them when they are away from home or office. Some businesses might store payroll files and other sensitive documents while consumers might save account numbers and passwords on unprotected mobile storage devices to be accessed when needed. This information mobility also presents huge risks for every one because the unprotected information becomes more exposed to theft, loss and damage as it is carried around to some less protected environments. Of course, business management can protect stored information by providing protection measures to its employees such as encrypted devices or the ability to encrypt confidential files before taking them home, but employees can ignore the protection measures and therefore management needs to know who is storing what information and on which devices in order to prevent information loss or theft. In order to accomplish this task, automated tools are needed to prevent the loss or theft of the information but sometimes businesses and consumers fail to take such measures because human nature is designed to procrastinate and allow history to repeat itself over and over. In the case of some businesses, they solely rely on their policies, if they exist, to express their desire to protect stored information. However, desire is not enough to protect important information and must be followed by actions.
The problem for businesses, if they want to protect stored information, is that unless management has implemented automated and preventive controls to stop employees from storing customer information on various unprotected storage devices such as USBs and CDs, no one in the company can certify that customer personal information is protected and only stored where management has authorized. Policies alone which tell employees not to store select information on unprotected devices are not sufficient as they can be ignored by employees, however, enforced policies with automated technical tools can prevent the unauthorized storage of personal information and notify management of such attempts. In the absence of preventive technical tools, management is incapable of verifying where such information might be stored because it would be impossible to locate all personal information. Even if automated scanning tool are utilized to scan all computer servers to identify select information based on predefined criteria, there is no way to identify all locations and information as some of the storage devices may no longer be connected to the company network or not be readily identified or available for scanning purposes and verifying whether confidential information resides on the devices. Business management can only know where personal information resides only to the extent of their knowledge and authorization. This is one of the areas where technology security tools and resources become very useful for implementing the automated tools for preventing unauthorized storage and monitoring any violations from prescribed information security policies.
Return to the workplace security page after reading "protect stored information.