Who Knows What and Why?

0
1700
credit cardturteltaub-adam-200x200By Adam Turteltaub
adam.turteltaub@corporatecompliance.org

The Wall Street Journal reported on June 7, 2015 that the New York Attorney General had urged banks to limit teller access to customer information and to take steps to identify potentially improper behavior. This comes on the heels of a number of cases in which tellers have been accused of using consumer data improperly.

It’s likely a very prudent move, but it’s also one that raises issues for companies outside of banking to consider:

  • Just because we’ve always given people access to data, should we continue to do so?
  • While we’re building better systems to protect us from hackers, what are we doing to protect ourselves from insiders?

These days everyone wants to have access to everything, and over the years more and more data has become available internally. With shared virtual workspaces being more common and an increasing embrace of the idea of transparency, it may seem natural to give your workforce access to greater amounts of data. But with the increased incidents of high profile data breaches, maybe it’s time for a reassessment.

Just because everyone wants access to everything doesn’t mean they should have it. Companies are already wary about sharing personnel info. But, it may be time to start asking what other information needs to be protected, and who really needs to see it?

At the same time, it’s good to remind ourselves that often the greatest threats to systems aren’t outside hackers but employees. Some have nefarious plans for corporate data, which is what the New York State Attorney General feared. Others, though, compromise data through careless means — lost hard file and, flash drives – or by having a laptop stolen out of a car.

Training on safeguarding data, and constant retraining are necessary to keep the data safe.

Business often refers to its data as its gold. That means both valuing the data, but also protecting it. You wouldn’t let anyone have access to actual gold or take it home. It’s increasingly time to treat your data the same way.

[bctt tweet=”Training on safeguarding data, and constant retraining are necessary to keep the data safe @AdamTurteltaub #datasecurity #compliance”]