Protecting Information in the Workplace

PROTECTING INFORMATION IN THE WORKPLACE 5 STEPS TO KEEPING INFORMATION CONFIDENTIAL OVER 90% OF THE AMERICAN WORKFORCE BELIEVES THAT REMOVING CONFIDENTIAL INFORMATION FROM THE OFFICE IS COMMON PRACTICE Unknown Access and 38.6% Changes to Documents CONCERNS 27.3% Leak of Company IP REGARDING COMPANY'S 18.2% Regulatory Compliance Reporting INTELLECTUAL PROPERTY 11.4% Location of Documents and Files 3.8% File Duplication 1111100000 OF ADULTS BELIEVE IT IS NEVER ACCEPTABLE TO REMOVE 40% CONFIDENTIAL INFORMATION FROM THE OFFICE, HOWEVER THESE ARE CIRCUMSTANCES FOR WHICH THEY BELIEVE IT IS ACCEPTABLE TO REMOVE INFORMATION: 48% 32% 30% 16% 2% 2% To work over To finish a late night project from home When boss When it is When it can be confidential information about themselves To show something to family or friends who promise to keep it confidential brought back to the office before the boss says it is ok the weekend or while on vacation knows it was gone Source: http://www.thegrindstone.com/2012/03/14/career-management/does-your-company-have-a-confidentiality-problem-971/ $305 $7.2 IS THE AVERAGE COST PER CORPORATE DATA RECORDOFAHIGHPROFILE BREACHES CCOST BREACH IN A HIGHLY COMPANIES REGULATED INDUSTRY AROUND MILLION DOLLARS Source: http://www.ey.com/Publication/vwLUAssets/Data_loss_prevention_en/$FILE/Data-loss-prevention.pdf PROTECT INFORMATION FROM LEAK, LOSS, OR MISUSE STEP IDENTIFY INFORMATION THAT MUST REMAIN CONFIDENTIAL STEP • Federal and state legislation mandates that CREATE A POLICY TO ADDRESS CONFIDENTIALITY certain information remains private, such as medical information and employee Social Security numbers. • Provide details and examples of the specific types of information that the business considers • Decide which proprietary information must confidential. remain confidential and under what circumstances, if any, it can be shared. • State the information that is not protected, such as personal emails on the company email system. STEP • Review and update the policy regularly to address new issues, such as blogging and social media, 3 as they arise. TRAIN EMPLOYEES ON THE POLICY • Provide specific examples to help employees identify what information can be released and to whom. • Instruct employees not to discuss confidential STEP 4. information in open environments like public elevators or over lunch in a restaurant. REQUIRE STAFF TO SIGN A CONFIDENTIALITY AGREEMENT • State the consequences for violation of the agreement. • Include conditions explicitly forbidding the release of confidential information even if the worker is no longer employed with the business. Source: http://smallbusiness.chron.com/confidentlality-workplace-25063.html PREVENTIVE MEASURES ***** 8. SHRED INFORMATION USE UNIQUE SET AN PREFORM REGULAR AFTER USE PASSWORDS AND EXAMPLE WITH SECURITY AUDITS CHANGE THEM TOP MANAGEMENT FREQUENTLY SOURCES: Click 4 Compliance http://smallbusiness.chron.com/confidentiality-workplace-25063.html http://www.fmlink.com/article.cgi?type=Magazine&pub=FMJ&id=30932&mode=source https://filetrek.com/blog/data-security/?page=2 www.click4compliance.com http://www.thegrindstone.com/2012/03/14/career-management/does-your-company-have-a-confidentiality-problem-971/#ixz2LMsoj88k http://www.ey.com/Publication/wLUAssets/Data_loss_prevention_en/$FILE/Dataloss-prevention.pdf