Data Security

Identity theft is common these days. Data theft from call centers, financial, education and other institutions is inflating operating cost. This rise in operating cost is shrinking the revenue for the company.

So, what exactly can an organization do? Nothing. Why? Organizations are run by humans. Employees must adhere to the data security policies that are regulated by the higher management.

Then how exactly is the higher management securing clients’ data? And are clients aware that their data is secure by the institution they are doing business with?

There are many IT innovations that can secure the data electronically and physically. It is up to the management how to use and implement them. I am suggesting few of the tips below.

It is not one person’s job to secure the data. It is each person’s and each department’s responsibility to secure the data. Now, you must be pondering what data to secure. Frankly speaking, it can be just a letter A or your Computerized National Identity Card (CNIC) number or Social Security Number (SSN).

Human Resources departments must make mandatory the implementation of Pakistan Data Security Act 2005 to their already hired employees and new employees. The department must work with high management to implement their own strategy to protect the data and relate that to Pakistan Data Security Act 2005. You can Google Pakistan Data Security Act 2005.

In Pakistan, we take for granted the CNIC number. The CNIC record has our finger prints, residential address, and date of birth information. The data on CNIC is correlated with Pakistani machine readable passport and immigration and border system.

There are three major ideas that will ensure protection of any company by implementing data security strategies.

  • Organization’s data
  • Knowledge worker
  • Business Secrets

All three ideas essentially require communication, respect, and trust among the employees and the higher management.

There is a lot of work that needs to be done in Pakistan with regards to data security. However, we can come up with some easy tips to remember how to secure data. These are only few and I am sure data security experts will help you with more.

DOs

  1. Do use secured user id and password protected FTP when transferring any data. This is specially done in call centers
  2. Do use secured user id and password protected VPN access
  3. Do secure user id as well as passwords
  4. Do secure physical infrastructure
  5. Do use paper shredder to destroy documents
  6. Do have employees sign company’s data security agreement and non-disclosure agreement
  7. Do screen or have a background check done for new employees

DON’Ts

  1. Don’t send data over the email
  2. Don’t send credit card information over the email
  3. Don’t tell password over the telephone
  4. Don’t throw paper into dustbin or trash can
  5. Don’t let employees use personal mobiles or USBS for data transfer, especially in call centers
  6. Don’t let anyone inside the office premises without their proper identification
  7. Don’t let employees use pen and paper unnecessarily to transfer the data, especially in call centers

These are only few basic tips but any professional will keep an eye on small things to secure company’s data.