RadioBDC Logo
| Listen Live
< Back to front page Text size +

Securing company secrets? Keep it simple, stupid!

Posted by Chad O'Connor  August 8, 2013 11:00 AM

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

Most businesses produce some volume of sensitive information, and must entrust their employees to ensure it stays protected. While most employees are happy, or at least obligated, to protect their employers’ secrets, they are still human beings, and if you are reading this then you know that humans make mistakes. The inherent fallibility of people is exactly why it is essential that companies not only prioritize data security, but make sure that the technology and policies they put in place do not interfere with employee workflows.

All the data security technology in the world and a textbook of policies are not going to make a difference if they are so complicated that employees simply circumvent them for the sake of efficiency – or getting the job done.

Professionals charged with creating, sharing and or collaborating on sensitive enterprise data are busier than ever, and let’s be honest, for many, data security is not high on their priority list. What is always top of mind is how to get the job done in the best and most efficient way possible.

The pursuit of efficiency is perhaps the biggest obstacle to overcome for Chief Security Officers (CSOs) and those charged with keeping sensitive enterprise data secure. It is the need to work quickly which can lead an employee to skip important steps to secure data, and it is also the synthesis of smart phones, tablets and mobile devices, which present new points of leakage or breach. So, in a world where people, who make mistakes, are busier than ever and data security is essential but low priority for many, how does one ensure that company information stays protected?

The answer is to keep it simple. While there may be some IT security pros on any staff, the majority of a typical employee base is focused on tasks like book-keeping, marketing, scheduling, forecasting, etc. and not data security. You may or may not realize it, but every position or responsibility described above is likely charged with the protection of sensitive data. For people who handle and are responsible for sensitive information, but don’t specialize in it, security technology and policies must be easy and intuitive, requiring minimal decision making and as few extra steps as possible.

Of course education and training are at the core of a simple approach, but should not be difficult because of the focus on simplicity. A good, simplistic policy is for employees to ask themselves:

Is the email or document I am creating, sending and/or sharing sensitive?

The only possible answers are “yes,” “no” or “I’m not sure.” If the answer is “yes” or “I’m not sure,” then secure it; if it is “no” then proceed as normal.

The technology used to protect or secure information is equally as important as the policies which dictate its use, and must be equally simple. Security technology should integrate with the tools that most professionals are already using, like Microsoft Outlook, Word, Excel, PowerPoint and so on. This means they won’t have to navigate between different programs, windows or applications to properly secure a document. Beyond tight integration with existing workflows, it should also only require minimal extra steps to ensure information is secured – an extra mouse click or two, at the most.

Finally, security technology should focus on securing information as much as infrastructure. This means that a document is secure even if it is accessed on a personal computer at an employee’s home or a tablet while on vacation in Europe. With professionals increasingly utilizing their own mobile devices, like smart phones and tablets, in a professional setting, it is more important than ever that sensitive information is protected regardless of the device used to access or share it.

Think about how often you have misplaced your cell phone? What if there was highly sensitive information on it when you did? There could very well be a breach of sensitive data and subsequently some very severe consequences for both yourself and your company.

When the C-Suite is asked about top priorities for 2013 and 2014, data security continues to rank near the top of the list, and for good reason. As people get busier and technology aims to make us more efficient, the risks around data security continue to grow. If it is easier for us to access information wherever and whenever we want, it is just as easy for those who would like to expose company secrets or use them maliciously. While it may not be possible to eliminate all threats or possibilities of a leak, an approach which focuses on keeping enterprise data security a simple process will greatly increase a business’s chances of keeping it critical information safe.

Bernhard Wöbker is CEO of Cambridge, Mass. based data security solutions provider, Brainloop. Follow them on Twitter @Brainloop.

This blog is not written or edited by or the Boston Globe.
The author is solely responsible for the content.

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

Boston World Partnerships' expert "Connectors" discuss business strategy, entrepreneurship, Boston's place in the world economy, and much more. Using their insider perspective, they illuminate how Boston's innovative companies start, grow, scale, and go global.

Meet Boston's coolest, smartest and most dynamic founders in our REEL Innovators video series!