Ensuring your Talent Mobility Data is Secure
As the amount of personal information that organizations obtain continues to grow, so do the potential risks associated with keeping that data secure. Even though businesses are increasing their focus on data security, breaches and malicious attacks continue to rise. At the same time, the world of data protection is getting more and more complex. This article will provide global mobility leaders with insights into key aspects of a strong data security program.
Security through Information Technology
The following details best practices that are the bedrock of data security within information technology.
The first and most basic element of a strong data security program is building a strong perimeter defense or firewall. Like a home security system designed to keep out intruders, companies need a strong perimeter defense because their networks operate out on the internet. A strong firewall acts like a fence around the data. The firewall protects data from the risks posed by malicious websites by filtering outbound traffic by category and individual sites.
Web Application Firewalls
These firewalls are another important element of a strong data security program; designed to scan for the latest application vulnerabilities and block malicious traffic. The best devices subscribe to a service that continually updates the firewall to look for new known vulnerabilities. .
Hardware & Data Centers
Providers with the strongest data security programs in place have servers, databases, and workstations that are built using industry standard hardening techniques. These techniques ensure all the appropriate doors are locked and that the system is updated with the latest security configurations. In addition to securing the hardware that processes employee mobility data, strong data security programs address high levels of physical security and environmental protection. This ensures that data centers adhere to local mandates and industry best practices.
Sensitive Data & Data Access
The strongest data security practices will ensure that any sensitive information is encrypted within the database. In addition, all transmitted data, and data being stored on a disk or media is encrypted. Sensitive data should also be masked when it is displayed.
Another important element of securing data is allowing access to the fewest number of users possible. This means that access should be role-based and not universal. Users should have a defined business need to access data, creating data access controls. Additionally, access to data needs to be logged and monitored for appropriateness with frequent audits performed to review access rights.
Disposal & Destruction of Data
The proper disposal and destruction of data is another key element to a strong data security program. It is important to ensure that electronic data is destroyed in accordance to a strict set of regulatory guidelines and that they contain clear retention cycles.
Beyond Information Technology
Often times there are perceptions that data security is solely an information technology issue. This produces a tendency to focus on the security safeguards such as those listed above. As critical as information technology considerations are, the following are equally important factors.
Policies & Practices
Service Providers’ data security policies and practices are an important place to start to understand how committed they are to data security. Is there just one, or are there two, policies in place as part of their data information security program? Is there a robust and comprehensive set? It is also important to know there is a clear governance framework in place. A sign of a strong program is an integrated framework across the organization that ensures management systems and processes are in place to scrutinize and monitor properly.
Supply Chain Management
Every mobility management company partners with a varying number of suppliers to deliver mobility services to organizations’ mobile employees. When data is moved or transferred to third parties, an additional security risk is created. The mobility supplier has a duty to keep data secure, especially when sharing information with downstream suppliers to deliver services. A strong, adequately resourced supply chain management practice and governance structure can effectively manage these third party supplier relationships and closely monitor their security performance.
The Human Resources team’s role is essential in ensuring a mobility service suppliers data security program is strong. Mobility services providers with an emphasis on data security will have an HR team that ensures applicants are carefully screened. This is especially important for positions with access to confidential information. A variety of references are checked including, but not limited to, criminal, credit, and education and employment verification. This constitutes not only good general business practices, but helps ensure the safety of data. Protocols should be in place to ensure sign-off from new hires on key policies, as well as managing employees who are promoted into positions that require access to confidential data.
Companies can have a strong data security framework in place with many policies and practices, but their culture and values need to support it for success. Embedding data security into the company culture starts from a commitment from the top. Leadership’s decisions to invest in data security and develop supportive programs affect its importance and uptake within an organization. For example, how frequently training is required for employees and contractors can be an important indicator of the organization’s commitment to data security as a culture.
To be truly effective, data security needs the alignment of not just information technology systems but also a wider organizational culture committed to data security. Global mobility leaders need to take all factors into consideration when reviewing partners who support them in moving their employee across borders.