Keep control of your sensitive data, your organisation is worth it
At SmartOcto we use data to help media companies maximize their online impact. In order to do this, we need access to critical and sensitive data of these companies. We are a data company, so protecting this data against unauthorized use, has top priority for us. But if you are a media organization, it probably has not.
Sensitive information is all too often stored in unstructured files and documents. Those are commonly subject to data loss and leakage, especially in today’s mobile and cloud based world. Most of today’s data loss is accidental or unintentional.
We have noticed this with our clients. Requesting access to their analytics, the credentials are usually submitted to us right away. Without any questions or restrictions, in an email or on a piece of paper. Lucky for them, we are a fair company with honest people, but how would you know, if you know someone for only one hour? Just handing over your Google Analytics username and password in clear text in an email is not a good idea. At least let the other party sign a Non-Disclosure Agreement (NDA) and find a way to encrypt the password.
Controlling everyday sensitive data is becoming more complex than securing databases, in many organisations.<span class=”Apple-converted-space”> </span>The reasons are firstly employers that fail to deliver basic data handling rules, without compromising productivity. Secondly, employee’s fatalistic attitude towards data security. Given the recent rise in hacks and leakages of sensitive data like Panama papers and the Snowden leakages before that.
This show the urgency for media companies to invest in information security control mechanisms. Organizations that want to stay in business and flourish in the information economy need to make critical considerations on:
- When sharing sensitive information with third parties, let them sign a NDA with a specific timeframe. For example the end of a licensing period. When a license will be continued, that would be the right moment to resign the NDA.
- Keep a list with the 4 W’s of Who, What, Why and till When; Who has access to what specific data, for what reason, for what period.
- Monitor the time frame that a source has access to the sensitive data. Adding an appointment at the end of this period in your calendar, is an easy and low level way to monitor this.
- When you send sensitive data to someone else, at least encrypt it! This can be done simply by adding the file to a zip archive and protect it with a password, and of course not a simple password like “da da da“.
When you don’t take these kind of measures, sooner or later the credibility of your organization will be news-subject. While your organization probably should bring the news. And the worst part: you probably won’t know who it was, that put that strange message on your social channel.