How can I prevent staff from taking corporate and customer information with them when they leave the business?
With many businesses having to make staff cuts, the risk of reprisals in terms of data breaches is a growing concern for IT departments, according to Ernst & Young.
It has found that employees made redundant are increasingly affecting the smooth operation of businesses, with IT systems a common target, and data theft becoming more prevalent. By law, retailers are obliged to protect customer information under the Data Protection Act 1988.
Ernst & Young says it is paramount that companies undertake a specific risk assessment exercise to identify their potential exposure and put in place appropriate responses.
Retailers should identify the data they have, the owners of that data and the risks to the information throughout its use and disposal within the business. While technology plays a significant role in data protection, personal safeguards over who can access the information are equally important.
Ernst &Young director of IT risk advisory Seamus Reilly says: “The applications used, how your infrastructure is configured, and the ability – or lack thereof – to store a copy of the data on some removable media are important. But risk management does not need to be complex or supported by complex technology. It needs to clarify the risks faced and how these risks can be dealt with.”
He adds: “Such an approach must also be repeatable so that it can be undertaken following changes in data handling processes within the organisation or in response to changes to external threats.”
No comments yet