Do your technology policies match the reality of your business needs? Do those policies safeguard the sensitive data such as customer and employee information, company financials and intellectual property that staff members need to access in the daily course of business? How do you minimize your risk of exposing that data through carelessness, working around a security measure, or inadequate security policies?

First of all, you have to take an objective look at how business really gets done. Do you have folks on the road all the time working from laptops at airports? Do people telecommute or take work home? Many people who do not have remote access to their work files will often send a document to their personal email address so they can work on it later. Most everyone has done it at least once and no harm was ever intended- in fact just the opposite. We want to continue working on a project after the kids are in bed and there are no office distractions.

This leads to a bit of a procedural paradox. That action violates most organizations’ stated security policy, yet it is a prevalent practice. There has to be some way to reconcile this without compromising security. We can mitigate information exposure risk by centrally and strictly managing insider credentials. Some possible solutions could include usernames/passwords, access attempt monitoring, and one time use passwords for consultants to work with FTP files.

Take the time to match up your existing privacy and information security policies and procedures with what actually occurs. When security procedure is handy and easy to deal with for end users, they are less likely to need to find a way to work around it. Crafting smart policy changes that minimize risk of sensitive data exposure and maximize productivity of dedicated professionals are a big win for everyone~ the business, the employees, the customers and the information technology team.

Consult with your Privacy Gurus® to find out more about smart privacy and information security best practices, and with any other questions about this topic or any other privacy and information security topic.

Darity Wesley is CEO and Legal Counsel for Privacy Solutions, Inc. a San Diego based consulting firm. Her team of Privacy Gurus® work with you to create policies and procedures to establish the expectation of privacy for your members, clients, customers, prospects, affiliates, associates, employees and vendors. You can reach her at (619)670-9462 or Darity@privacygurus.com