Performing A Data Risk Audit
The first steps towards creating an information security plan is performing an audit to determine where the risks for information thefts could occur. Identifying these areas and taking action to address them will help to lower the chances of data finding its way to unsavory hands. Some areas may be pretty obvious while others could be things you never would have thought of until it was exploited. In this article we hope to shed some light on a few and hope to get your mind in the right place in order to better prepare you for information security.
Planning an Audit
To begin with let’s start by thinking about three things: where is data created, where is it sent, how is it disposed of? We think that by separating this into these steps, you’ll be able to get in a mind-set to see the specific threats in each area. Lets examine each step and their potential threats one at a time.
Where Data Is Created
This area can be as simple as an employee work station or as complex as a program that is auto generating to a database. If this is a work station where someone is assembling documents think about how they’re being kept. Are they left out on a desk until someone needs them? Are they allowed to leave the room at all? Who’s coming in and out, could it be just anyone or is their authorization and security required?
When files are being printed off is there a disposal bin nearby? If there is you might want to have a look at it; there’s a very good chance that some of them end up in there. While this may not seem like a problem at first, you need to remember that how it’s being disposed of, and how long it sits out does make a difference in whether information is secure.
When it’s a program your concerns may be a bit more abstract. Is the database accessed from the internet and/or storing information on a cloud server? Are the firewalls strong enough to deflect breach attempts? Is access done remotely or only from onsite? Who has access and what are their permissions like? Sensitive information needs to be locked out from those without authorization to access it and shouldn’t just be available to anyone.
Where Data Is Sent
Data is needed in more than one location usually, and the manner in which it gets there can sometimes offer unnecessary risks. If it’s across the hall from one office to another then the main concern would be how it’s kept individually. Are documents placed in secure storage containers or another form of secure storage, or is it all being left scattered across a desk?
Electronic means of transport have similar considerations to when it’s being created. Are secure emails being used to send the data across the web, are employees able to bring their personal USB’s into work and take files home? What about a room full of old computer systems that no one has looked at in years; hopefully all their data was purged before being placed into storage. The potential for data breaches in electronic means is just as varied as it is for paper documents.
The proper disposal of information is an essential aspect of proper information handling. Electronics have an unfortunate tendency of ending up in the landfill, which is a whole host of problems in and of itself, and improper destruction of the data is vulnerable. The only good option is to make sure the device is completely destroyed physically.
Paper documents require the same treatment, secure paper shredding not only reduces records to illegible confetti, it also ends up being recycled. You’ll not only be supporting information security, you’ll also be working towards sustainability efforts.
At BDRS we can help you handle all of this, so stop taking chances.