In order to succeed at their jobs, employees need to have all of the right data within easy reach. This is not an unrealistic expectation; in fact, when employees are functioning at their best, everyone benefits, from customers and clients, to the business itself.
But the problem is, the more people that have access to sensitive information, the greater the risk of a potentially damaging security leak. So let’s explore how companies can walk the line that divides data protection and privacy, balancing security and usability.
Granting employee access to sensitive data while trying to keep it secure is definitely a tightrope act.
First Of All, Not Overdoing It
Yes, there’s such a thing as being too careful. If a business took all of its sensitive data, put it in a safe that was welded shut, then dropped it from an airplane into the Marianas Trench, sure, it wouldn’t get compromised or stolen. On the other hand, the data wouldn’t do anyone any good, now would it?
That’s why the first step in establishing a sane balance is recognizing that it’s possible to overdo it. So how does one decide where that line lies? Companies need to conduct risk analysis, identify the points of vulnerability and focus efforts there, rather than simply enacting sweeping draconian measures.
Yes, This Is Still A Thing …
According to an analysis released by a maker of mobile device management solutions, almost 80 percent of tablet and smart phone users create ridiculously simple passcodes to ostensibly protect their privacy. That’s right; even after countless articles, blogs, feature stories, and what have you, all of them screaming about coming up with a good, secure password that’s hard to crack, people still do this. And it’s precisely this sort of thing that factors in with a business trying to make sure data is available while at the same time not leaving themselves vulnerable to security breaches.
Companies that want to tighten security without impacting data accessibility must make it clear to their people that they have to create better passwords, especially in this age of BYOD.
The issue is a simple one: allow all authorized individuals to access all the data they need, while keeping outsiders away. Companies who want to achieve this should consider overhauling their Identity Management systems (IDM). Identity management systems affects data such as user objects, security entitlements, identity attributes, and authentication factors, and define who can access what, and when.
This not only keeps outsiders off the system, it also makes sure that people within the organization can access just what they need to. For instance, someone in the company who collects and processes demographics data has no business accessing the company’s payroll or human resources departments.
We’ve already touched upon the great password fail, but there are other areas where employees need to be instructed on the finer points of security. Human error is responsible for the majority of data loss, so businesses need to not only come up with a realistic security policy, but also make sure everyone in the company is trained on it. A good security policy needs to take into account the latest changes and advances in IT, such as the greater proliferation of mobile devices, BYOD, and cloud computing.
In trying to navigate these murky waters, businesses should be aware that it’s actually a three-way balancing act, not a two-way. The three concepts are: security, ease of use, and functionality. The ideal solution will deal with potential security threats while not hampering the employees’ ability to do their jobs.