Data security and the insecurity of electronically stored information (ESI) is ephemeral. Data security is not as predictable as one would prefer to think. Any anticipation of a data security incident or of its origin is absolutely unpredictable. With every incident, the attention is always on possible external sources. All too often, little effort is dedicated to address the internal sourced cause. Seldom do entities envision the internal sourced incident. Entities would rather assume the best intents and rely on internal process to protect the data they manage. With that mindset comes complacency. Unfortunately, the risk from internal unauthorized access to trade secrets leading to misappropriation of data is very realistic. This is not to spawn an environment of distrust in the workplace, but caution is needed. It is difficult to develop an environment of distrust in the workplace. there are many cases where employees pilfer company knowledge, designs, formulas, or even the companies R&D new software specs for self-gain.
The imminent vulnerability is through personnel and their mishaps, forgetfulness, or the unfortunate deliberate sabotage. Always the employee with the increasing frequent absences draws a cause for concern and some form of query, especially an employee who has access to critical company information. This concern is so realistic that it has motivated states to promulgate their own version of a uniform rendition on trade secrets and provisions addressing computer crimes. Some promulgations allow for civil and monetary remedies when business data is compromised as a result of someone exerting unauthorized access either internally or externally sourced.
With the ease of ESI transmission, unauthorized access becomes all too prevalent for the business insurance companies to fathom the risk. This reality is augmented by the anonymous activity through shadow bots, exchanges and other means that leave the business owner holding client data, innovative plans, beta testing new processes, without protective leverage. Backdoor access is always a possibility especially among those of trust, mutual gain in the prosperity of the enterprise. Worst case events is what gave rise to FUTSA and CADRA in Florida and many other states that appreciated the seriousness.
Insecurity of data security is by the nature of storing ESI and transmitting ESI in our day-to-day business endeavors. Customer information as well as business assets are at play in the realm of cyber insecurity. Security is only as secure as the weakest link in the chain of transmission. As vulnerability is realized in its present state, the urgency then is to focus not only on firewalls and other aspects but on internal employee training, policies, non-disclosure agreements, vendor contracts, cyber insurance policies and their coverage reviews, and vetting vendors’ cyber liability coverage before inking a deal. Can a business claim to safeguard its data assets to engender public confidence in the security of ongoing credit card transactions, storage of its personal account information, the transfer of its customers’ medical records, or the updating to financial records? The qualified claim itself draws also the risk of misrepresentation before the regulatory eyes of the Federal Trade Commission. That’s subject for another piece. ESI is every day business as usual for many entities. The role that management should engender is that risk management must account for internal as well as external aspect of cyber intrusion. The efforts must be balanced with internal constructs in order to anticipate the unpredictable. In a digital world there is one constant. That constant is that data is created every minute and it is transmitted for the delivery of services. How it is secured and how one prepares for the unpredictable is what makes this subject area so exciting.