We followed the development of a company from a single operator through its growth to one that hired staff and worked with partner businesses. The information handled by the company was now exposed to more people and systems, entities, than at start up and the security practices had to be kept in tandem
As the company expands there will be an increased need to identify where data comes into the view of unauthorised entities. The staff are divided to specialise in different tasks such as Finance where records such as salaries are handled and HR where personal identifiable information is viewed. There must be policies and technology in place to ensure that these two views of company information remain distinct.
As a company grows there is a higher likelihood of exchanging data with external parties. When services are outsourced there needs to be a level of diligence by the client company regarding the security practices of the service company. The client must seek guarantees that the information exchanged is kept safe among the external staff and also not exposed to rival companies using the same service.
A larger company presumably comes under more legislative scrutiny and is subject to regular audits of its processes. Successfully passing these audits is a marketing bonus because it shows the company is responsible in many aspects, such as finance, health and safety and data protection.
I’ve given a very high level view of the importance of data security across all sections of the business spectrum in order to show its importance. The role of an information security consultant is to determine how best a company can safeguard its information and remain compliant with as little technological investment and disruption to business as possible.
At the start up stage there are security tools that are shipped with operating systems and applications that do a very good job. As more information processing systems are brought into the company, the implementation of policy and governance along with additional technology becomes important.
A company that develops a culture of security awareness from the onset will find it a simpler task to protect its data as the business grows and the stakes become higher. The practices of securely backing data, updating software, physically protecting machines, restricting access and ensuring that the systems and information are always available will remain part of the organisation’s operation throughout.
Appetite for risk decreases, information security increases.
Photo by Sean Dreilinger