Today is Data Privacy Day led by the National Cyber Security Alliance, a non-profit focused on cyber security education for all online citizens. Data security is a major issue for all businesses. As a Software-as-a-Service (SaaS) company we not only look after our own data but that of our customers as well, and it is a job that we take seriously. I think all SaaS companies face questions from potential customers about data security on the Web. Even as the model gains popularity there are still many people who worry that they are losing control of their data and that it will, therefore, be less secure. What I find interesting in my conversations with business managers is that they often overlook some of the major data privacy concerns that originate right in their own office. I would like to address two issues that should come up more often.
Physical security
Many people feel safer having their data stored in their office on a computer that they can keep an eye on. In the majority of cases this means that the data is only a smashed window away from belonging to someone else. Compare the physical security at your office to a top-tier hosting centre that has 24-hour security guards, surveillance cameras, multiple checkpoints with access limited through biometric scans, etc. I find that people rarely think of this.
Employee Theft
Disgruntled or overly-entrepreneurial employees can be a concern for every company. If your data is stored locally on a machine not only could they simply walk out with the machine but unless their data access is limited, they could easily copy and leave with it. This is probably worse with companies that still use Excel and print out sheets to give their employees, but is an issue with all systems that allows any user to view data in large batches.
It is important for your contact management software to address this issue. In VanillaSoft, for example, there are different levels of access and there is a distinct division between managers and salespeople. All data is centrally stored, so you can’t lose it. In addition, salespeople only have access to the data that they are working on and cannot easily copy the database and leave with it. You can also create fields that are only viewable by management, thus hiding sensitive information. Although nothing can prevent all data theft, it is important to limit the chances of it occurring.
You can easily find information about the many different security measures that SaaS companies, including VanillaSoft, deploy on behalf of their customers – 128-bit SSL technology, user authentication, dynamic data and encoded sessions IDs, entry controls, SSAE 16 audits, and more.
I would strongly encourage everybody to take advantage of Data Privacy Day to examine their own practices – both personal and business – to see how they can be improved. As pointed out by the Ponemon Institute in their 2012 “Cost of Cyber Crime Study,” the costs associated with cyber crime are on the rise. Some of these result from outright malicious behavior. Others result from carelessness.
Cyber crime’s annual costs have reached over $8.9 million–a 6% increase over 2011, and a 38% increase over 2012.
Information theft accounts for over 44% of external costs.
The most expensive cyber crimes are caused by malicious code, web-based incidents, stolen or hijacked devices, and malevolent insiders.
Remember that just as with driving most accidents occur close to home.