Jay Sachetti joined Jeff O’Brien, partner at Husch Blackwell and Dyanne Ross-Hanson, president of Exit Planning Strategies talked about the market for mergers and acquisitions, exit planning opportunities for companies that don’t end up for sale and how companies can maximize their eventual sale price during an early October panel at the first Upsize on Tap event at Summit Brewing Co. in St. Paul.
When the state Legislature passed a law requiring employers to provide paid leave and safe time for employees, Justin Bieganek started hearing differing details from friends, colleagues and peers.
While there may be some truth to the notion that larger businesses have more challenges based on size alone, a small business should never take its intimate environment for granted.
Protecting confidential customer data and intellectual property is quickly becoming a top priority for any company that needs to protect its brand and reputation. The methodology of protecting your most confidential and valuable information from being exposed to unauthorized parties by insiders is often called internal threat management.
Unfortunately, this kind of information is often improperly divulged by employees or contractors. Potential examples include the disgruntled employee, the gossipy blogger or the incompetent manager.
While not always malicious or even intentional, this simply means that a company’s internal policy and the security measures it takes to ensure those standards have holes. Many holes.
What happens when these holes are exposed? Companies can lose trade secrets and their competitive advantage, incur litigation costs and worst of all, lose customers. According to Gartner Group, 70 percent of security incidents that cause financial loss to companies involve insiders. Even more shocking is that one-third of those are senior management.
Internal threats are especially problematic because they are nearly impossible to detect unless you either have the proper systems in place, or you were tipped off by a departing employee and then it’s already too late.
The good news for businesses is that there are solutions available to help prevent these information leaks from happening. Consider the following steps to protect your corporate data.
What do you consider to be your most critical asset? Determine and account for your most confidential information including Social Security numbers, credit card numbers, drivers? license numbers, any IP, trade secrets, merger/acquisition information, financial data and the like and label them accordingly (such as private, internal-use only, restricted, top secret, etc.).
By breaking out the location and quality of this sensitive information, you will be in control of who has access to it and who does not.
Hire an outside firm to conduct an internal threat readiness audit of your computer network and policies. Yes, it can be scary to hear that members of your sales force are accessing pornography or gambling sites at work, a senior manager spends half of the workday on eBay or someone is taking your intellectual property. But what you don’t know can hurt you. Work with your consulting firm to establish benchmarks for regulatory and policy compliance.
Develop an acceptable use policy for all of your employees that explains how they can use corporate assets and what your procedure is when a violation takes place. This is often confused with simply asking employees to not use corporate e-mail for personal messages, or to limit Internet usage for business-related activity only.
While these measures are important, they barely scratch the surface in terms of corporate liability. Know where the holes are. For example, it’s becoming more prevalent for businesses to lose valuable IP through instant messaging, chat rooms, bulletin/message boards, peer-to-peer blogs, USB drives (and the like), iPods and encryption, etc. Have every employee sign an agreement saying that he/she read the acceptable use policy and understands its parameters.
It is essential that once policies and procedures are in place they are enforced on a consistent basis. This is done through relevant training and the proper IT solutions.
In addition, never underestimate the value of a comprehensive incident response plan to help guide through any situation involving the loss of sensitive or confidential information. Know whom to call. Educate yourself on what an internal investigation entails. Be knowledgeable regarding all the possible scenarios surrounding an incident.
If you don’t already have the resources to become your own internal threat expert, look for outside assistance to guide you through the proper steps and recommend the most relevant solutions in order to secure the most positive outcome.
It may seem like bad advice, but if the worst should happen and you’ve experienced some sort of internal damage or loss, don’t do anything. Well, not exactly. Don’t do anything with the computer or electronic device involved, at least until a qualified professional is on hand.
Even shutting down or booting up a computer can change time stamps, destroy sensitive data and determine what is admissible in court. Once it’s realized that a situation has developed, make sure that the only people handling potential evidence are computer forensics experts.
News of leaked or stolen data isn’t linked only to credit card companies and banks anymore. With just a few clicks a company’s entire payroll, customer list or employee Social Security number database can be out for the world to see in a matter of seconds.
Taking the time to ensure the most effective layers of protection are in place can save untold hours, dollars and peace of mind. After all, the companies with the most effective internal threat management procedures are the ones you never hear about.
