Friday, July 6, 2007

And why beholdest thou the mote that is in thy brother's eye?

As if a reminder was necessary, a recent theft of data at Fidelity National Information Services, Inc. has demonstrated that threats to data security doesn't have to come from outside an organization. According to this article from ComputerWorld a senior database administrator - the very person who had responsibility for defining and enforcing data access rights - stole over 2 million consumer records and sold them to a data broker. How can this type of incident be avoided? Well, good personnel policies might help. If there were any red flags (e.g., criminal convictions for related crimes) then putting the former DBA in such a sensitive position would have been a clear mistake. However, not all potential thieves have actually committed a crime (after all, there's always a first time), so looking at an employee's background isn't foolproof. Given that, businesses should make sure that they have in place policies which can detect unauthorized data use (preferably not all enforced by one person, in case that one person happens to be the thief) and then respond quickly, thus minimizing the damage if a theft of data does occur.

No comments: