Effective staff management is essential at times of business change in order to minimise the potential of valuable system data compromise.
If you were in a position whereby you are concerned that previously loyal staff are likely to become disgruntled and compromise the confidentiality, integrity or availability of your company data assets, you may want to consider the following;
The compromise of your assets may well have one of the following impacts on your business
Reputational Damage (the value of your business may plummet if you are found to have disclosed your information either directly or indirectly).
Financial Damage (the costs of actually addressing any of the issues that arise from the compromise).
Damage to the services that you carry out on behalf of your customers (for example if you are an accountant holding customer data that details how they operate their business).
Personal Distress (related to information of staff, customers, or customers customers â€“ all of whoâ€™s data may be compromised).
Risk to personal safety (if a solicitors data about clients was leaked into the public domain, it could endanger life).
The risk of compromise can be reduced by looking at the following aspects of how you operate your business.
Review and update staff contracts to make sure that you have a legal basis for actions to prevent and or prosecute staff who actually try to compromise your data assets.
Review staff roles and management processes to make sure that there are no â€œlone workerâ€ issues.
Introduce Confidentiality Agreements and Security Awareness campaigns to indirectly make sure that staff understand things can and will be monitored.
Introduce physical measure that make it difficult to steal data or corrupt data stored in the systems (e.g. provision of lockers for staff belongings, clear desk policies).
Introduce technical measures to remove the opportunity for web / email / USB compromise opportunities.
Review and implement business continuity processes to protect your assets from compromise of availability or integrity (multiple systems holding important data with different access rights, or effective backup and restore procedures).
Review of home-working or remote working practices to make sure that the same security measures are applied across the board (remote workers have a much larger window of opportunity to compromise data either by themselves or bystanders).
These aspects are solely focused on staff, they do not cover third parties or clients who may need company data assets for various purposes.
Some or all of these controls are required to reduce the risk of the above impacts being realised, the controls depend on the severity of the impact. You wouldnâ€™t spend Â£50,000 to protect against an impact that would cost your business Â£500 to recover from.