In the case that I was in charge of a company's human resources department, I would make use of all available communication methods to inform employees of a data security policy that required the use of software to verify their emails. To ensure that the policy is clearly defined, these mediums include memoranda, employee meetings, and business symposiums. I would also use newsletters and, ultimately, surveys and questions to determine whether or not the policy has been assimilated. Even though the use of an emailing list would be at my disposal, I would refrain from the use of general emails to the staff members due to the fact that there is a high likelihood of an email being ignored or the policy not being adequately comprehended. Some of these emails can also find their way in the spam folder and therefore no effective communication would have been done.
Question 2
A bank data security policy has a number of divergent elements. One of the key elements is the disclosure of the information relating or affecting a customer (Hallinan, & Friedewald, 2015). Customers need to be aware of the manner in which a bank will handle their information. This extends to the people who will handle their records and any manner in which their information would be released (Hallinan, & Friedewald, 2015). The next element relates to the framework that has been put in place by the bank to process and store their customers' records. The banks need to ensure that they invest heavily in cyber security in order to avoid any intrusion that will either lead to the manipulation or exposure of their customers' data (Hallinan, & Friedewald, 2015). Some of the measures that can be employed to safeguard the information include the use of encryptions, passwords, virtual private networks, firewalls and having an information security analyst that regularly checks the system to ensure that it is running smoothly (Kendall, 2002). The information system is a very important aspect of any business and the management needs to put in place adequate mechanisms to ensure that it is adequate. Cyber criminals also take advantage of systems that are not adequately secured due to their vulnerability (Kendall, 2002).
Question 3
Many organizations at one point or the other have been victims of data theft. Most often the perpetrators of this unethical act are usually new employees and employees who have notified the management of their imminent departure. The Ponemon institute conducted a study relating to data theft within organizations and inferred that close to 60 percent of the employees who resigned or were fired from their workplaces left with highly confidential company information (Security, & Breach, 2017). In order to effectively deal with the aforementioned scenarios, organizations need to come up with relevant policies that mitigate or prevent the occurrence of these situations. This could be either through data encryption or having clearance levels within an organization in order for highly sensitive information to be retained at the highest level and access to such information should only be done upon express permission ("Protecting practices from data theft", 2013).
Organizations should also take initiatives to educate their clients on various ways to safeguard some of their information. In the event that an organization deals with telecommunication or is a financial institution, the management should ensure that the customers are aware of the fact that they are under no obligation to divulge their secret PIN numbers to anyone including their employees ("Protecting practices from data theft", 2013). Implementation of some of these policies will ensure that data is adequately protected. Organizations also need to put in place relevant policies that will ensure that new and existing employees are aware of the limits with which they are allowed to deal with the company’s information. These limits relate to the manner in which the information is classified, retained and disbursed.
The IT department needs to be one of the places a new employee visits during their induction process in order for them to be guided by using the information system and also to acquire relevant credentials that will be able to leave a digital footprint that will be able to be tracked online ("Protecting practices from data theft", 2013). Another measure that organizations could take to mitigate data theft internally is ensuring that the in the event that some of its employees leave the workplace either on their own volition after being sacked, the various credentials that they have in their possession are canceled by the IT department. Finally, a handing over program needs to be put in place where the departing employee returns any company property that they might have in their possession. The smartwatches, smartphones, laptops and other gadgets that might have been given also need to be inspected to ensure that they are in equally good states and free from any viruses and malware.
References
Hallinan, D., & Friedewald, M. (2015). Open consent, biobanking and data protection law: can
open consent be ‘informed’ under the forthcoming data protection regulation?. Life Sciences, Society, And Policy, 11(1). http://dx.doi.org/10.1186/s40504-014-0020-9
Kendall, M. (2002). Developing a Data Protection Policy for an Information Service. Legal
Information Management, 2(04). http://dx.doi.org/10.1017/s1472669600001420
Protecting practices from data theft. (2013). BDJ, 214(6), 314-314.
http://dx.doi.org/10.1038/sj.bdj.2013.307
Security, I., & Breach, C. (2017). IBM 2016 Cost of Data Breach Study - United States.
Retrieved 25 April 2017, from http://www.ibm.com/security/data-breach/
