We hear a lot of buzz about protecting both customer and company data, but it is troubling how few IT departments and enterprise users are doing it correctly. One would think security should be the basis for every IT decision, but sadly, it is typically an afterthought.
This is often due to corporate culture and the fear of change. Many corporate executives seem to think that security will hinder users’ business activities. They fear the additional steps required for data security will slow progress and make communication difficult. However, a culture of data security is not one that limits the ability to succeed in business, but one that simply aims to protect the data assets held by a company.
Educating employees about the dangers of unsecured and/or unnecessary data transfer is more business-friendly than preventing it altogether. Part of this process should be moving everyone to a managed file transfer methodology. This will not only secure your data transfers, but it will create a digital paper trail showing where assets are going -- something of particular importance when you consider all the data security compliance regulations in effect today.
Think of it this way: If each important record were a hundred-dollar bill, would you let your employees grab handfuls at will and pass them out to whomever they please?
So if the core IT organization is committed to data security and does as much as possible to stop unsecure data transfer and prevent future problems, where are the other large data security holes?
Not to point fingers, but the largest holes lie in the departments outside IT that don’t place the same value on the data as does the IT security team. Many organizations still allow their employees to perform file transfers directly from their desktops and BlackBerrys using FTP or other unsecure tools. Not only are these ad-hoc methods unsecure, capable of exposing passwords and entire databases, but they do not all function alike and do not provide centralized logs.
While to an end-user it may seem easiest to just do your own file transfers, the risk of this online behavior is too great.
Data security for the millions of files sent over the Internet is of great importance to all industries, including healthcare, retail, banking, and finance. Internet transfers include the critical data needed to conduct business, such as customer and order information, EDI documents, financial data, payment information, and employee- and health-related information. Many of these information transfers relate to compliance regulations, such as PCI, SOX, HIPAA, state privacy laws, or other mandates.
We need to build a data security culture that includes secure file transfer.
— Dirk Zwart leads the writing department at Linoma Software.