Many people go into business with little thought to their business’s security. As their businesses grow, they often install some security measures, but when they get large enough for their company to be attractive as an investment via a merger or acquisition, they need to further enhance their security.
Types of Things Stolen From Businesses
We all know that employee theft and retail shoplifting are very common and to help stop this, hiring unarmed security personnel and installing security systems are recommended. Furthermore, the things most often stolen form businesses in this technological age are the following:
- Business confidential information. There are many types of confidential information a business has including: profit and loss sheets, inventory management reports, asset management reports, lists of vendors and payables, budgets, and taxes, to name a few.
- Employee data (social security numbers and payroll information)
- Customers and receivables, and consumer information
- Intellectual properties include (but are not limited to) manuscripts, designs, artwork, formulas, inventions, symbols, music, sculptures, films, computer programs, databases, advertisements, maps, industrial designs, architectural designs and technical drawings.
As businesses grow, the amount of confidential information they store grows with them.
Problems with Data Storage
Over half of the businesses queried said they have never conducted a data inventory. Many do not even know the location of their sensitive data storage. This is not just a problem for businesses; it affects governmental agencies also.
A case in point is the laptop and external hard drive stolen from the home of a Department of Veterans Affairs employee who had the names, social security numbers and dates of birth of 26.5 million armed forces members and veterans stored on them. The VA ended up paying over $20 million to those people whose information was stolen, even though it was determined that the data had not been compromised.
Thefts of employee laptops containing sensitive data were reported by 81% of the businesses surveyed by CSO in 2006. The respondents surveyed believe that the types of confidential data most at risk are business forecasts, financial and accounting statements and reports, and budgets.
The storage devices businesses are most concerned about losing sensitive data from are PDAs, Smart phones, corporate laptops, and USB memory sticks. Many businesses have no idea what types of sensitive information their employees have access to, or where it is stored. The actions that lend themselves to loss of sensitive data include: employee carelessness, and protective business processes that are not followed by employees.
The biggest data storage breaches in 2015 reported by Tim Greene were determined by the number and types of data compromised and the possible threat to subgroups like children. The US Office of Personnel Management had multiple breaches of data security involving over 22 million employees, both current and former.
Anthem and Premera health insurers both had their data hacked on the same day with methods thought to belong to a subversive Chinese group who call themselves Deep Panda. Even the IRS had the records of 330,000 taxpayers compromised such that the perpetrators got several millions of dollars of bogus refunds plus sensitive data on the taxpayers involved.
Recommendations
Further enhancing a business’s security can help prevent loss of sensitive confidential data. While there will always be hackers who can defeat any system created, a business can at least take steps to control how their sensitive data is handled in-house.
