Guarding Against Inadvertent Data Exposure
Learn how information security can prevent data theft from document exposure, social networking, unauthorized document sharing, and inappropriate email usage.
Information security is essential, as information disclosure can happen when an employee posts to their Facebook account, or accidentally holds confidential data in plain view. The costs of information security breaches, in terms of money and company credibility, are high.
All organizations need to use information security to prevent disclosure of intellectual property. This document discusses examples of inadvertent (or intentional) disclosures, and shows how information security can protect data in a range of environments.
Information Security to Prevent Document Wrapping
The United Kingdom's senior anti-terror policeman recently resigned after being photographed with a confidential document exposed. Digital photographic technology enhanced the ability to enlarge and read the sensitive data.
A cover sheet, binder, or other container should be always be used to provide information security against inadvertent disclosure.
Information Security on Social Networking Websites
Social networking sites are under no contractual obligation to provide information security for companies whose employees post to such sites. Social networking discussions are also harvested by competitive information professionals.
Companies should have official information security policies for social networking, to make sure that sensitive corporate data is not placed on these sites.
Information Security and Document Classification Standards
The FBI recently arrested a former employee of an unidentified firm for trade secret theft. He was sending programming source code and promotional materials to his personal email account, and sharing this information in unauthorized competitor meetings.
Organizations should make sure that data custodians know the information security classification process of the enterprise, and use basic documentation classification standards.
Information Security for Email Handling
Email providers are under no obligation to provide information security at the level that a corporation may protect.
Organizations must educate employees about information security for company email. Employees should never send proprietary company information to personal email accounts, even if they are working at home.
For more information please visit: Security