How do you keep control of customer data, personal data, and access to data?
Stolen data, leaked information, or leaving a company laptop in the car. Everyone has read about it, knows of someone who experienced it, or even experienced it themselves. The security of corporate and personal data is a serious issue and is a current issue to everyone. The loss of confidential data can result in major consequences, especially now that the updated European privacy regulations have been imposed on organizations.
In the world of modern business, an internet connection is no longer a choice. In today’s world, it had become indispensable. Think about it. When last did you go through an entire week without using the internet? Sensitive personal and business data are also often included in project and resource planning. In this post, we’ll first take a look at three problem situations that may arise regarding data loss in terms of project and resource planning, then we’ll provide three tips on how to prevent these situations.
Problem situations
Data problem 1 – Confidential data getting out
In this scenario, you are running an advertising agency. You work with several international companies, including two large beer breweries, namely Biabia Brewers and the Ubiki Group. You are busy setting up a campaign for a new line of specialty beers for Biabia Brewers, which are to be launched internationally. To keep the competition at bay, secrecy is of the utmost importance.
And then one day at the office, some employees working on a project for the Ubiki Group, need a USB stick. They find one, put some files on it, and take it for a consultation with the Ubiki Group. Unintentionally, they leave the USB stick behind in the client’s computer.
Sometime later, an article is waved under your nose. Two months before Biabia Brewers are set to introduce their new line of beer, the Ubiki Group has come up with exactly the same range of products. Biabia Brewers are furious. After an investigation, you discover that the Ubiki Group had gained access to Biabia Brewers’ project plans. including all the details.
Data problem 2 – Personal data is disclosed
In this scenario, you are running a construction company. You set up the project planning with all the details of the staff and customers in Excel. The file is sent to all relevant employees in an email group each week. This keeps everyone in the loop so that everybody knows what is planned for the following week.
A co-worker at the office is instructed to add new employees to the email group. At the beginning of the following week, one of the employees calls and says he hasn’t received his planning. After checking, it appears that a typing error has occurred. The employee has used .com in the email address instead of .co.uk. As a result, the planning was mistakenly sent to a company in India. This means that all the personal data of your employees and contacts are now in the hands of strangers.
Data problem 3 – Unauthorized internal access
In this third scenario, you run a consultancy firm with dozens of employees. The resource planning is done in Excel. Several people have access to the file because various people are involved in the various planning projects.
This means that anyone with a computer can access the excel file. Consultants may make quick changes or reserve several hours. Project managers sometimes make copies in order to do a draft planning for a large project.
Due to the fact that various employees can make adjustments to the planning at any time, and that there are several versions floating around, chances are that the planning is not reliable. It has been known for consultants to arrive at the wrong client because they were looking at the wrong version of the planning schedule. As a result, these wasted hours are fruitless and potential income is lost.
Tip 1: Use a professional tool that works by:
authorizing users
This allows you to decide what workers are allowed to see and do. Only employees who are authorized can log into the system and view company data. What can be done and what can be seen in the software depends wholly on the assigned used rights. This allows you to determine which employees are allowed to adjust the planning and which employees are allowed to only view the planning. in this way, employees only see the information that they need to.
secure connections
These days, working mobile has becoming the norm. Workers receive their email on various devices. By using their laptops, they can also work anywhere. An encrypted connection is therefore crucial. This comes as standard with professional software tools. Without an encrypted connection, it becomes quite easy to intercept communications, especially when employees use a Wi-Fi hotspot from, say, a McDonalds on the highway.
enforcing strong passwords
At the end of each year, lists of the most frequently used passwords are published by various websites. Each year, ‘welcome1234’, ‘password’, ‘qwerty’ and ‘123456789’ appears on these lists. We all know what a headache it is to remember all the passwords for the various websites that we use. Passwords are therefore often simple and reused. Fortunately, good software packages have the option to enforce difficult passwords and prevent their re-use. They often also include the option to make it obligatory to set a new password each month.
To keep your company information safe, we strongly recommend that you make use of these options. To help your employees remember those passwords, a password manager on your computer, such as ‘Apple Keychain’ or ‘Dashlane’, is a must.
Tip 2: Pseudonymizing confidential data
Pseudonymization is an act by which data, for example a name, is replaced by another. A pseudonym can always be translated back to the original. For example, the name of a large beer brewery is substituted with another in the project planning and appears as Warp Limited instead of its real name.
If you can’t prevent information from getting out, then the next best thing is to prevent the outside world from being able to use that information. Pseudonymization is therefore a good option. It acts as an extra privacy layer. If documents are leaked, it would be unclear to an outsider what the documents mean or who they relate to.
You can do the same with the personal data of employees. Employees should be mentioned in communications with abbreviations and not by their full name. For example, Paul Johnson does not have to have paul.johnson@yourcompany.nl as an email address – pj@yourcompany.nl will suffice. You can go even further by not using the initials of names, but just numbers
Anonymization goes a step further than pseudonymization. Whereas a pseudonym can be translated back to the original information, that’s not possible after anonymization. If former employee Paul wants to be forgotten after leaving your company, anonymization is then, after the statutory period of data retention, legally required by the GDPR. The information in your system cannot be traced back to Paul in any way.
Tip 3: Controlling the access to your systems
In order to be sure that information can only be viewed or edited by the right people, you need to create an authorization matrix. This determines what kind of information employees are allowed to see and edit, in accordance with their individual function.
Software packages often use profiles. This allows you to determine which areas of the software employees are authorized to use. For example, a planner will have access to the planning board. A project manager will have access to the duration planning (Gantt Chart) of his project. A field engineer will only be able to view his own planning and pass the project progress reports to his project manager. In this way, employees can only do and see the things that they need to. This has the added advantage of preventing employees from drowning in unnecessary information. It simplifies their work and reduces the risk of confidential data ending up in the wrong hands.
Another important responsibility is that you keep track of who has access to your systems. Employees come and go. If an ex-employee goes to work for a competitor after their departure, it would obviously not be prudent for them to still have access to your systems. It is important that you keep control of this.
Conclusion
Keeping your personal and company data safe needs constant vigilance on the part of your organization. A planning schedule often contains sensitive information about clients, projects and resources. More and more data are digitally stored by companies, which means that it’s vulnerable to attack for malicious purposes. As a result, companies are increasingly being targeted. Besides which, the new privacy regulations demand that organizations keep their house in order.
When deciding on new planning software, there’s more to consider than just its practical use. The software’s security capability is equally important. Finally, the people using the software should also be taken into account. How your employees interact with the software and the data will determine the effectiveness of its security. Your company policy in this regard, as well as instructing your employees accordingly, will also play a large role in safeguarding your data successfully.
