Southern New Hampshire University
OL 442 – Professor David Miller
April 25, 2015
Final Paper: Data Security
With technology taking over businesses and costs rising higher by the year, having a solid data security policy in place is an extremely beneficial and important part of protecting an organization. Sinrod (2010) discusses how financially damaging data breaches can be for an organization, with an average cost of $6.75 million per incident in 2009.
Breaches can be expressed both in and out of the organization, with especially staggering statistics on employee theft. Dwyer (2014) states, “39 percent of data theft from businesses comes from company insiders. Even more ...view middle of the document...
If I were the Human Resources Manager of a bank, I would communicate the policy through a few different methods. First, similar to Spherion’s method, I would present the document(s) to employees upon onboarding for review and signature, and store the files in our employee file database (Jackson et al., 2014). Furthermore, it would be valuable to train new hires on data security for additional protection (Hass, 2010). If it were a brand new or amended policy, I would initiate a company-wide meeting to discuss its details and request both a written and verbal agreement. This would give employees an opportunity to ask questions, voice their concerns, and truly feel like they are being communicated to effectively.
A data security policy for a bank should be extremely detailed, and include well thought out procedures for protecting such at-risk organizations. With overwhelming statistics on the high amount of data theft caused by a business’ very own staff, banks need to be especially careful on how they implement their policies. Morgan Stanley is the perfect example of how a single employee alone can cause an overwhelming amount of damage. Earlier this year, the financial services corporation terminated one of their own for stealing account names and numbers from about 10% of their clients (Gara, 2015).
Bank employees can breach data security through a number of methods and the company policy should take action to eliminate as many of these portals as possible (Hass, 2010). Some policies should include the inability to process family/friends’ transactions and disabling cell phone and personal email use during work hours (except for emergencies). I would also enable supervisory programs that can track employee work history and set web portal controls through organizational databases. Video surveillance would be an important addition to the physical security plan in order to conduct investigations in the event of an actual incident. Hard drives and USB sticks should be banned unless they are considered company property and used appropriately. Since email monitoring tends to be controversial, it might be beneficial to look into software programs that can trace anything communicated through company technology that would be considered a threat instead of monitoring every keystroke.
It is important to note new employees and existing employees can be handled a bit differently when issues of data security arise. As with any data breach, investigation should be done and causation should be identified (Snider, 2013). It’s...