The latest edition of the BCS Information Security Now newsletter presents sixteen “recommendations” on how to loose your corporate crown jewels – your most treasured databases. With many officer workers admitting that company databases would be a top target for information theft if they were considering leaving the list makes a useful checklist, from which procedures can then be developed:
1. Employees able to access a database regardless of their need to do so, with sight of complete records including information that they do not necessarily need to see.
2. Unrestricted downloading of the data base to removable media.
3. Employees able to print individual records, or even the full database, in hard copy format.
4. Employees able to access records, in undefined quantities or for unlimited periods of time, providing the opportunity to make a written copy.
6. Records, or even the entire database, altered or deleted.
7. The full database, or individual files, emailed as an attachment.
8. The full database, or individual files, uploaded to an external storage facility/website or a hosted document storage and management solution.
9. Secure employment for the purpose of having unrestricted access to confidential data with criminal intent.
10. Existing employees being coerced into removing data for financial gain.
11. Ex-employees who have not had their access rights revoked.
12. Photocopy hard copies.
13. Over the shoulder screen theft from mobile workforce.
14. Writing down, or even sharing, passwords.
15. Loss of external or portable media (memory sticks, CDs, laptops, etc) that contain unencrypted information, often during travel.
16. Misplaced, or stolen, devices (laptops, BlackBerrys, etc) used as a back door to the corporate network.
