OK so just hold on there before we even start. It is very important that we make our message on this subject clear from the outset. If we say that the greatest risks to financial data security come from inside the business, we are not saying that firms should inherently mistrust their accountancy staff or any other employees.

 

It’s quite the opposite in fact

A small to medium sized business needs to (and should) be able to trust its accounts team (or single employee) implicitly to perform diligently and effectively year-on-year to help the firm trade profitably. But remember, even a trusted accounts person can inadvertently plug in external USB sticks, phones, cameras and other devices with infected data on board.

These are the people you need to depend upon the most when it comes to financial concerns, so make sure they are aware of the risks of malware and educate them as to what actions are appropriate in terms of data security and what isn’t. If a firm hires in a contracted accountant who plugs in his or her laptop into the company network when processing the accounts, question whether that computer is protected with the same level of anti-virus protection that the firm has laid down to safeguard its own assets.

The definition of who is “inside the business” may be cloudy in the first place; so small business owners may like to question who is inside their circle of trust and in fact restrict and shrink that perimeter back to core employees only. Let us provide you with some examples here.

 

Innocent victims

SCENARIO #1: If a sole trader runs a business from home they may very likely be using a WiFi-powered router to gain Internet access. As well as promoting their business online, this individual is likely to access bank details and perform at least a basic level of electronic transactions online. If suppliers from any industry visit the home office premises and ask for the wireless ‘key’ or password to “just check in with the office” this should never be given.

If it’s the gas man, a materials supplier or even a trusted window cleaner the answer is simple: “this is a company secured network for business banking and we don’t give out the password” — it’s that simple. You never know what unmanaged access to your Internet connection could lead to.

 

SCENARIO #2: A small to medium sized owner experiences unexpected levels of extra demand during a seasonal promotion and decides to hire in temporary staff to assist with office duties. From electronic front door key fobs, to company database access and system passwords – releasing access to this information can quickly represent a security risk to the business. Think about setting up policy controls to govern which employees (both permanent and temporary) are able to which pieces of company data at any one time.

 

SCENARIO #3: As instances of so-called “permatemping” increase, new questions arise relating to staff data security issues. The permatemp situation is seen where a company hires a temporary employee (often through an employment agency) for a consecutive number of weeks, months or even years. The worker’s longstanding tenure at the company may see the employee granted privileged access rights to information and data of all kinds. It is important to stand back and consider this worker’s legal status with regard to security infringements if they should occur.

 

So it appears that employee trust is not an open and shut case. Not only will a company need to be wary of what data breaches employees might execute willingly and consciously, there are other breaches that may be carried out unwittingly or accidentally. In short, security policies and security protection is a wide angled subject with a multitude of considerations, consider the risks from all angles.

Enhanced by Zemanta