IGITRUST
WWW.THEENTERPRISEWORLD.COM | EUROPE EDITION | FEBRUARY 2022
Top 10
n
olutio
S GDPR
s
anie Comp tch To Wa
Mathieu Gorge, Founder & CEO
&
From Editor’s Desk T
he world is moving towards an era of digitization. Subsequently there has been a rise of technology, the AI, and many others that are helping people in their every day lives and making them better. This causes the release and generation of heaps of data every single day.
To stop this data from being breached, there have been numerous attempts. And finally, what came to rescue was European Union's decision of launching the GDPR compliance. Under this, there are fundamental points an organization has to check to pass the compliance test. This law ensures complete safety of the users' data. Featuring for The Enterprise World's this issue of Top 10 GDPR Solution Companies to Watch are some such companies that are helping other organizations secure their data. Featuring for the Cover Story is VigiTrust- A company helping others prepare, validate and comply. VigiTrust started out as a security consulting firm and a value-added reseller for network security. Over the years the company developed strong skills in data protection pre-auditing, as well as security and compliance training and awareness. About 8 years ago VigiTrust began to productize the training it had been delivering in the EU and started an eLearning practice. Fast forward to today and VigiTrust is a SaaS provider of Integrated Risk Management (“IRM”) solutions to clients in 120+ countries in the healthcare, retail, hospitality, transportation, government and semi-state sectors. In addition, VigiTrust continually adds new global security and compliance frameworks to VigiOne, its award-winning IRM solution. In Leadership Talks with The Enterprise World, read what László György Dellei tells us about Kerubiel, Kerubiel is a 100% privately owned company providing services in the fields of data protection, cybersecurity, IT and related infrastructures for entities from Small and Medium-sized Enterprises to national and multinational companies operating in a multitude of sectors. In the last 4 years, our company has become a pool of contributing experts, researchers and other professional whose goal is to assist the client to achieve the highest level of GDPR compliance together with protection against threats in the cyberspace. As an enterprise committed to technological development, Kerubiel also has a strong R&D department participating in various national and international projects. From the Editor's Desk, read why data protection is so important and how GDPR is helping companies go forward. Happy Reading!
Shalmali Shalmali W.
High Street North, East Ham, England GB
Follow Us On:
For Editorial Concerns: editor@theentetpriseworld.com For Sales & Branding Enquiries: sales@theenterpriseworld.com For Subscription: info@theenterpriseworld.com Publisher The Enterprise World Creative Content Editor Shalmali W. | Adeeb Marketing Coordinator(USA) Peter J. PR & Marketing Coordinator James H. Business Development Executive Lisa Creative Design Head: Sushant K. Social Media Manager Narendra S. Digital Circulation Manager Amanda V.
This list is NOT a ranking. The companies on listed in magazine serve different aspects of the market, making ranking them in any order except revenue impossible and unfair. We try to bring a perfect platform for business organization to showcase their valued products/ services. Copyrights © The Enterprise World | 2019. All Rights Reserved. The images and content included in this magazine should not be copied, transferred or reproduced in any form or by any means, electronics, mechanical, photocopying, recording, otherwise, without proper permission from The Enterprise World. The Enterprise World solely owns all the reprint rights.
Leaders in Spotlight This issue of The Enterprise World of Top 10 GDPR Solution Companies to Watch features-
Fast forward to today and VigiTrust is a SaaS provider of Integrated Risk Management
Many organizations use the GDPR compliance responsibilities to review how good they are
(“IRM”) solutions to clients in 120+ countries in the healthcare, retail, hospitality,
handling the customer and client data storage, as well as their processing and management
transportation, government and semi-state sectors. In addition, VigiTrust continually adds
responsibilities.
new global security and compliance frameworks to VigiOne, its award-winning IRM
When an organization works towards meeting the GDPR compliance, the business processes
solution.
throughout the organization begin to improve. In fact, the revelations are so minute that one can improve the process efficiency with every detail. Featuring on the Cover is VigiTrustAs Mathieu Gorge (CEO and Founder) puts it, “security is a journey and not a destination”. GDPR is well aligned with this because you need to continually update your data ecosystem and perform privacy impact assessments when a new data flow comes into play. VigiTrust started out as a security consulting firm and a value-added reseller for network security. Over the years the company developed strong skills in data protection preauditing, as well as security and compliance training and awareness. About 8 years ago VigiTrust began to productize the training it had been delivering in the EU and started an eLearning practice.
In an Interview with László György DelleiKerubiel is a 100% privately owned company providing services in the fields of data protection, cybersecurity, IT and related infrastructures for entities from Small and Mediumsized Enterprises to national and multinational companies operating in a multitude of sectors. In the last 4 years, our company has become a pool of contributing experts, researchers and other professional whose goal is to assist the client to achieve the highest level of GDPR compliance together with protection against threats in the cyberspace. As an enterprise committed to technological development, Kerubiel also has a strong R&D department participating in various national and international projects.
12. VigiTrust
S N
T
22. Benefits of GDPR and Data Protection! A R T I C L E
34.
Data Protection, Data Threats and Vulnerabilities- Everything You Need to Know
C
O
N
T
E
28. Kerubiel
IGITRUST 12
February 2022
&
COVER STORY
Mathieu Gorge, Founder & CEO www.theenterpriseworld.com
13
T The rapid shift to digitization has led to a corresponding rise in the amount of data created by organizations; this, in turn, has led to an increased risk of data breaches and security incidents. The General Data Protection Regulation (GDPR) is a set of policies drafted by the European Union to protect EU citizens' personal data. Therefore, companies need to safeguard any important information from corruption, compromise, or loss. Featuring in this issue's The Enterprise World's Top 10 GDPR Solution Companies To Watch series is VigiTrust, a company that helps its clients to prepare, validate and comply with the changing rules of data protection. The Company If you look at the roots of the business, you'll see that data protection was always the cornerstone of all things VigiTrust. It remains so, so GDPR is right up our alley. Providing a solution like VigiOne makes total sense in this context; it enables clients and partners to prepare for, validate, and maintain compliance with GDPR, and link that to over 100 interrelated data protection standards and laws. “In my view, GDPR is setting the right tone for data protection minimum levels, enforcement, and continuous security.”
14
February 2022
As Mathieu Gorge (CEO and Founder) puts it, "security is a journey and not a destination". GDPR is well aligned with this because you need to continually update your data ecosystem and perform privacy impact assessments when a new data flow comes into play. VigiTrust started out as a security consulting firm and a value-added reseller for network security. Over the years the company developed strong skills in data protection preauditing, as well as security and compliance training and awareness. About 8 years ago VigiTrust began to productize the training it had been delivering in the EU and started an eLearning practice. Fast forward to today and VigiTrust is a SaaS provider of Integrated Risk Management (“IRM”) solutions to clients in 120+ countries in the healthcare, retail, hospitality, transportation, government and semi-state sectors. In addition, VigiTrust continually adds new global security and compliance frameworks to VigiOne, its award-winning IRM solution. “The key to incite our target audience is to keep innovating and to offer always more comprehensive solutions. You just cannot stay still in security and compliance.” There have been several key milestones in the company's development. A decade ago, VigiTrust worked with Hewlett Packard in Germany in the area of secure printing. This allowed the company to get ahead of the game, given that secure printing and document capture security is a key issue for today's security programs. Another milestone was the productization of the training services the company had developed around data protection and information governance. This commenced in 2012 and today, eLearning, security awareness training, and online certification are a must for any organization. VigiTrust has incorporated 10 years of security & compliance eLearning into its award winning solution, VigiOne. VigiTrust transitioned from a consulting and training provider to a SaaS GRC provider between 2016 & 2018. Challenges that Made Way for a Successful PathwayMathieu Gorge (CEO) founded VigiTrust in 2003, a time of great change in the Irish IT security sector following the 2001 recession. Many value-added resellers had suffered in the wake of that recession, leading to some in the sector starting their own security consulting firms.
COVER STORY
Mathieu saw the situation as an opportunity to move away from a pure network security-driven model to a more data protection-orientated one. Back then, the concept of "putting data first" was new. “Today, data is the new currency that makes the world go around.” Keeping abreast with all regulatory updates and industry standards changes is a constant challenge. VigiTrust's core strength is its ability to keep ahead of the various legal, operational, technical, and compliance challenges faced by its clients. The company continuously monitors the security and compliance environment, complemented by its Global Advisory Board, comprised of over 700
members such as CEOs, CFOs, Risk Managers, and other payment and fraud experts. Each year, VigiTrust hosts several Regional Advisory Boards across the globe to discuss and explore current and evolving cyber security threats, trends and innovations, as well as compliance, information governance, and regulations. Since its inception in 2012, the VigiTrust Global Advisory Board has placed a strong emphasis on information sharing and education in a confidential, non-commercial setting, featuring thought leaders who can call on decades of experience in their respective fields.
www.theenterpriseworld.com
15
The Products and ServicesVigiOne incorporates VigiTrust's 18 years of experience in the information security services sector into one single SaaS solution, enabling complex and disparate organizations to simplify the implementation and management of security and privacy regulations. VigiOne utilizes VigiTrust's 5 Pillars of Security Framework™ to enable the key processes for Preparation, Validation, and Compliance. VigiTrust continually innovates and creates new features. “VigiTrust has developed a roadmap that we follow with precision, to ensure that VigiOne can be adapted to any type of organization.” The Integrated Risk Management (IRM) sector where VigiTrust operates is a busy space. However, what makes VigiTrust unique is its VigiOne platform. VigiOne allows organizations to manage security assessments, compliance validation, and continuous compliance. The solution incorporates full project management functionality to allow the management of all compliance tasks, particularly recurring tasks. The platform also functions as a fullyfledged cyber security education portal, boasting more than 250 training lessons. It is also a collaborative tool that enables end-users to work effectively with external assessors. VigiOne can be configured for multiple standards, including GDPR and other data protection standards such as CCPA. Readiness Surveys VigiOne includes a GDPR readiness assessment questionnaire template (31 questions across 13 topics) that can be assigned to entities to assess their GDPR how compliant or “ready” they are for a GDPR audit. eLearning Data Protection Basic, Fundamentals, Intermediate Courses VigiOne provides access to a suite of GDPR eLearning courses, which introduce staff to GDPR and other data protection concepts. VRM Module (where applicable) VigiOne's VRM capabilities allow you to ensure that suppliers fully understand their obligations concerning data processing.
16
February 2022
“I believe that security is a journey, not a destination. This means that innovation is required at all times to ensure that solutions address current threats, vulnerabilities, and regulations & standards.”
COVER STORY
www.theenterpriseworld.com
17
Policy and Procedure Dissemination and Implementation Tracking VigiOne's document management function allows you to communicate, disseminate and control the implementation of important documents such as agreements and a range of policies across large complex organizations. Data Processing Register(Record of Data Processing) VigiOne allows you to create and disseminate templates to ensure that subsidiaries use a standardized and consolidated approach to compliance. Assessment Automation VigiOne's Assessment 360 tool includes templates for all required assessments under GDPR, including DPIA and LIA Balancing Test, and also allows you to develop or customize purpose-built templates for your subsidiaries. Website Scanning Scheduling and Management Organizations can integrate vulnerability management and web application scanning into VigiOne where required.
18
February 2022
Incident & Breach Project Management Template VigiOne's Project and Task Management feature allows you to create project plan templates and task lists that can be used for incident and breach management planning, testing, and execution. Documentation and Evidence Library The capability to demonstrate compliance to GDPR and other regulations at the touch of a button requires ready access to documentary and other evidence of compliance and testing. VigiOne's document library stores and tracks a range of file types, including documents, images, reports, and videos. Summary VigiOne provides a fully transparent view of GDPR processes, even in large, complex distributed organizations. Importantly, it allows you to demonstrably and consistently manage compliance. The platform allows you to quickly review and audit your processes and efficiently control update and change. You can integrate your security program to demonstrate your commitment to protecting the personal data that you need to process, in a
COVER STORY
manner that is compliant with prevailing legislation and best practice. “VigiOne makes it easy and straightforward.” The Road AheadVigiTrust strives for continuous innovation, and its product roadmap is designed to ensure that VigiOne is easily adapted to any organization, be it acquiring banks, retail companies, hotels, QSAs, or ASVs. “I believe that security is a journey, not a destination. This means that innovation is required at all times to ensure that solutions address current threats, vulnerabilities, and regulations & standards.” No one in compliance can afford to stay still. VigiTrust continues to innovate and relies on topics discussed at the VigiTrust Global Advisory Board and its community of 700+ members to help it drive innovation in the right direction!
His areas of expertise include PCI DSS, GDPR, CCPA, HIPAA, VRM, and ISO 27001. He has been involved in payment security for more than 20 years and works with many security working groups and associations in the US and EU. Building on the success of VigiTrust's 5 Pillars of Security Framework™, he is a regular speaker at international security and compliance conferences such as RSA, ENISA & ISACA. Mathieu was the President of the French Irish Chamber of Commerce in Dublin from 2017-2019. He remains on the Executive council and as chair of the ICT working group. He has also served as the Chairman of InfoSecurity Ireland and was an Official Reviewer for ANSI (US). He is also the founder of the PCI DSS European Roadshow, which has been running since 2011. Mathieu is also the Chairman of the VigiTrust Global Advisory Board, an international security & compliance think tank. Mathieu has recently authored a book entitled The Cyber Elephant in the Boardroom, published by ForbesBooks (November 2020).
Mathieu Gorge- Leading the WayMathieu Gorge, Founder & CEO created VigiTrust in Dublin, Ireland. He is an established authority and speaker on Cyber Security, Risk Management & Compliance with more than 20 years' international experience.
www.theenterpriseworld.com
19
&
GDPR
Data Protection 22
February 2022
www.theenterpriseworld.com
23
The European Union launched a core digital privacy legislation, the General Data Protection Regulation. This is a digital privacy mandate that applies to all organizations in member states and implies to businesses and individuals across the European Union customer or the user base. Although there are many enterprises that continue to view GDPR as a troublesome requirement, this regulation has helped many enterprises to streamline and improve their core business activities. Here are some of the benefits of GDPR complianceEasier Automation of the Business ProcessesMany organizations use the GDPR compliance responsibilities to review how good they are handling the customer and client data storage, as well as their processing and management responsibilities. When an organization works towards meeting the GDPR compliance, the business processes throughout the organization begin to improve. In fact, the revelations are so minute that one can improve the process efficiency with every detail. Increased Trust and CredibilityArticle five of the GDPR compliance states the 7 fundamental principles, which includeŸ
Lawfulness, fairness and transparency
Ÿ
Purpose limitation
Ÿ
Data minimization
Ÿ
Accuracy
Ÿ
Storage limitation
Ÿ
Integrity and confidentiality
Ÿ
Accountability
These seven principles form the rationale and a strong basis for most of the laws included within GDPR, and at the same time are becoming principles of universal data protection. It becomes easier for the organizations to gain their customers' trust and credibility if they show that they follow these seven fundamental principles of GDPR in making decisions regarding data protection.
24
February 2022
As the world gets closer with digitization and technology, there is heaps of data that is being produced thus converging privacy and security. At such time, a high level of data protection also means a high level of data security, something which is valued by all organizations. GDPR takes this forward as it relies on the best practice principles of data management. Better Understanding of the Data that is CollectedWhen you approach to it logically, a strong adherence to the GDPR policies will give your business a better understanding and appreciation of their data collection and how it moves in the organization. Every department and every function in an organization benefits from GDPR compliance. A simple example of GDPR compliance is that the marketing and sales teams can gain an enhanced oversight as to who they can legitimately market their products and services to. This kind of an approach generally results to smaller audiences but the ones that
are more engaged in the product and service, which makes it easier to address and manage. Protect and Enhance the Enterprise and Brand ReputationWhen you are protecting your consumers' privacy, as an organization, you not only avoid the potential penalties, but at the same time you can also unlock some of the hidden reputational brand value. If an organization doesn't have a verifiable commitment to privacy, it can become vulnerable to brand damage and can have their products/services criticized as being underhanded or creepy. Over the long run, the GDPR compliance will help the organizations to increase their customer loyalty and trust and make way for them to bring in greater innovations and value creations. Today, the GDPR compliance is becoming one important and necessary benchmark for the businesses to provide their services to companies. At the same time, GDPR services are helping companies distinguish themselves from the prospective customers.
In addition to this, the businesses that collect and process this GDPR-affected data are required to comply with the GDPR in order to attract business customers. This is because the businesses or enterprises that own compliance are tied to their vendors' GDPR abidance. As the modern customer becomes more tech-savvy and more aware of the privacy concerns, he/she will look out for the companies that take privacy seriously. While it can be easy to fall into a mindset that GDPR is just another set of compliances, but it is important to understand that in this world of rapid digitization, privacy needs to be baked into everything your company may do and at every level of your organization. Data protection is not just simply checking off of a few things on a list, but it is an ever-evolving process and organizations need to expand, change and adapt to it.
www.theenterpriseworld.com
25
I N T E R V I E W
Best Solutions for Your Company's Security
D
ata production and data protection go hand in hand with all the new advances in technology. A large part of data protection is ensuring that the data can be restored quickly after its corruption or loss. The pandemic has caused millions of employees to work from home, thus creating data in heaps. Businesses are made compulsory to adopt to the new technologies of data protection. Helping companies to adapt to this quickly and protect their data from all kinds of threats is Kerubiel. In this interview with The Enterprise World, László György Dellei tells us all about how Kerubiel is helping organizations from data reach. Tell us about GDPR Solutions? Kerubiel is a 100% privately owned company providing services in the fields of data protection, cybersecurity, IT and related infrastructures for entities from Small and Medium-sized Enterprises to national and multinational companies operating in a multitude of sectors. In the last 4 years, our company has become a pool of contributing experts, researchers and other professional whose goal is to assist the client to achieve the highest level of GDPR compliance together with protection against threats in the cyberspace. As an enterprise committed to technological development, Kerubiel also has a strong R&D department participating in various national and international projects.
* 28
February 2022
László György Dellei, Founder & CEO
* www.theenterpriseworld.com
29
What were the initial challenges you faced?
How were the first few years of your company?
Data protection and information security counselling is an extremely crowded market these days. Since 25th May 2018, controllers and processors are more conscious about their privacy agenda which trend is further strengthened by fines issued by DPAs, and news flooding the media about data breaches and zero-day vulnerabilities. But there are some factors that may be considered when considering upholding quality and trust toward your clientele, and thus overcome such challenges.
In 2017, Kerubiel began its operation to provide assistance to a wide range of clients such as financial and insurance companies, as well as governmental organisations, e.g., healthcare providers and hospitals, etc. As its clientele grew, Kerubiel attracted a number of prominent professionals who joined the company, furthermore, a network of contributing and cooperating entities began to unfold around us.
Besides the usual CRM, a company working on the data protection and cybersecurity market needs 2 distinct factors. The first is creativity and openness towards technological as well as legal advances. These areas are constantly and rapidly changing in terms of technology and infrastructure, and the legislative actions. These changes (or challenges) shall be calculated (in some cases foreseen) when one develops complex applications & solutions.
30
February 2022
In 2019, Kerubiel decided to widen its operation and began its R&D division. In this regard, the company participates in a number of scientific as well as professional research projects in the field of modern, developing technologies, such as AI or VR. Domestic and international projects provided a unique opportunity for Kerubiel to establish itself as a scientific think tank that continues to venture to emerging areas that may be effectively utilized in everyday operations.
In 2020, the pandemic has brought new challenges to the surface that needed to be tackled with. Cybersecurity and threats in the online environment became the focus of professional discussions and efforts. Thus, Kerubiel decided to strengthen its operations and tools in this respect. What is the reason behind your company's longstanding success? Digitisation and client-centred approach. As to the first, digitisation has been on the scene since the establishment of Kerubiel. Originally being a consulting company, digital tools and communication have always been in the centre of operations. Thus, our experts can work parallelly on multiple projects, contact various customers easily and rapidly, and provide our services from home as well as from any remote places. we believe that the finish line of a project does not mean the end of our support. Leaving the clients behind is always a bad sign. Thus, Kerubiel seeks to maintain a vivid and continuous relationship with its former and current clients as well. What influenced you to start a GDPR Solution company? The last decade brought data protection and information security issues to the limelight. In the era of data-driven society and economy, effective, lawful and secure management of personal data as well as information is a crucial element for companies. New opportunities and new threats had arisen as new technologies flooded the market and our everyday lives. As these issues became more important standard setting and legislative measures set into motion in a rapid pace. On of the results of this work is the GDPR, the centrepiece of the new European regime for data protection. One of the main issues in the regulation is the so-called risk-based approach and the importance of integrity and confidentiality of personal data. These issues are the strong testament that the cooperation and coordination between data protection, and information security experts. With decades long experience in these interconnected areas, Mr. László György Dellei decided to establish Kerubiel, in 2017, to merge the expertise from data protection, IT, and information security, and to set up a provider that satisfies the need of the clients via state of the art, efficient, and compliant solutions.
The Products/Services What are the products/services the firm focuses on? How are your services different from those in the market? Kerubiel offers a great variety of services in the fields of data protection and information security. On the one hand, the company is able to cover all aspects of the clients related to GDPR compliance. In this regard, we provide “classic” services, such as GDPR audits, when our staff assesses the compliance of the client's data processing with applicable legal and practical requirements. In addition to the audit, our specialists provide practical advice and assistance regarding drafting documents (data processing and joint controllership contracts, policies, notices, records, etc.), performing impact assessments (e.g. legitimate interest assessment, DPIAs), and action plans. Furthermore, Kerubiel may act as either the data protection officer of the client, or – regarding controllers or processors outside the EEA – as a designated EU representative. As a DPO, Kerubiel aim to provide its services in a manner that manifests to the clients that the data protection officer is an economic and compliance advantage rather than a legal necessity. And as a representative, our company assists the controllers (especially in the APAC region) in responding to requests of data subjects, in communicating with DPAs, and records of processing activities. However, recent years – and especially the pandemic – showed that data protection may not properly function without the efficient security of data. Thus, in addition to GDPR services, Kerubiel also specializes in services such as IT audits and information security counselling (e.g. IT risk assessment, IT security counselling), developing complex cybersecurity systems based on ITIL and AI applications, and counselling on business continuity and disaster recovery plans. In so doing, Kerubiel utilizes IT standards, such as the ISO 27000 and the NIST 800-53 controls assessment. Recently, the company has been focusing on Cyber Threat Intelligence software systems with Industrial Control System specifics and related services. Kerubiel specializes in threat hunting activities to collect, analyse and utilize data on possible attackers, methodologies, directions, motivations before, during and – in some cases – ex post facto the incident. In other words, we are applying dynamic protective measures to combat possible threats.
www.theenterpriseworld.com
31
34
February 2022
DATA PROTECTION, DATA THREATS AND VULNERABILITIES Everything You Need to Know
www.theenterpriseworld.com
35
36
February 2022
W
hen you talk about data security, data threat is anything that can potentially cause danger to the information in your systems. These threats could be anything from an intruder network through a port on the firewall, to a process addressing data in a way that violates the security policy of a company, to a tornado wiping out a facility, or even an employee making an unintentional mistake which could expose some of the confidential information or destroy a file's integrity. It is important for every business to understand the risks if their data is breached. One of the most important steps in data security is to identify the potential threats to the system, classify them by a category, and then evaluate that damage potential to the company. Following are the ways how common data threats can affect your business.
Technical Data ThreatsHackingToday, hacking is worth a multi-billion-dollar industry for the cybercriminals. Hacking has been providing opportunities to extract the data for political and monetary gains. In a broader view, hacking is an unethical and unauthorized user who gains access to a computer or a network. There are many ways through which the hackers gain access to networks or computers, some of which are as intricate as altering the systems security. Others are simple and straightforward, like guessing the users' passwords or installing a keylogger. CrackingCracking is a reverse engineering for software, passwords or even encryption. This could lead to the unauthorized access to a company's sensitive information. MalwareMalicious software, or also called as the malware is a software that disrupts some of the important computer operations and gathers sensitive information or even gains an access to a computer system through which the data and information is then compromised. To keep a computer safe from this kind of data breaching, antivirus software and firewalls are installed. Viruses, worms, spyware, ransomware, keyloggers and backdoors are some of the examples of malware. ErrorsSome of the most common errors like system misconfigurations or some other programming errors can
cause the unauthorized access by cybercriminals. These errors can occur due to faulty in-house programming, or when hackers find a loophole. Data LeakageData leakage is when there is an unauthorized electronic or the physical transmission of data or information from a company to some other external destination. Non-Technical Data ThreatsOne thing to keep in mind is that data security is not just an electronic issue. Some non-technical threats can affect your business too. Some of the non-technical data threats arePhysicalPhysical factors like theft, tampering, snooping, sabotage, vandalism, local device access or an assault can negatively affect your business as it can lead to loss of your data and information. EnvironmentalDire environmental factors like undeniable natural events of tornado, power losses, fire, and floods can pose danger to the organization and infrastructure where the data is located. Insider ThreatAnother way the non-technical factors can pose as a threat to your business is when there is insider threat. Your employees, contractors, or even partners can commit a fraud or theft of the intellectual property. Social MediaOften employees can fall prey to some scams on the internet and thus reveal sensitive information which is not intended for the public knowledge. Improper DisposalDumpster diving or the improper disposal of sensitive data can cause improper disclosures and leak some of your sensitive information. To avoid this, you need to have internal procedures when disposing of the sensitive documents. With heaps of data being produced every passing day, it is just as important to save the data properly. Leaking even a small amount of data can lead to larger repercussions and can cause great losses to your company.
www.theenterpriseworld.com
37