For companies to protect themselves, the following needs to be in place:
- Internet use policy.
It should cover what is authorized and unauthorized. Treatment of any information or data handled and processed. What can and can’t be done online using office resources. Liabilities for any violation.
Understanding of data subject, personal information controller, and personal information processor roles in the organization and their corresponding responsibilities. Confidentiality, non-sharing, authorize use and access to information. Liabilities for any violation.
- Infrastructure investment
Companies also need to “live” by their policy. Showing adequate security, processes, and procedures are in place will be vital to prove non-negligence as any violation will have to be explicitly planned by offenders rather than gaining access easily or by accident.
- Process in handling investigation inquiries when law enforcement agencies contacts you. (and when you also need to reach out to them as a victim.)
- Process in reporting data privacy breaches as required by the Data Privacy Law.
Firewall, network monitoring systems, anti-virus tools, among others will need to be in place especially for large organizations.
Case study references can be helpful when planning or justifying your intended programs. Found an Internet network security case study paper featuring Green Future Innovations Inc. released by Cyberoam that can be a good read for this purpose.
What I like about that case study is its enterprise applications are complex as an alternative energy and power utility entity. Microsoft also has Dynamics AX case study article citing Green Future Innovations Inc. as a user of its enterprise resource planning solution to help monitor and improve business productivity.
The more critical applications a company has, the more policies have to be in place on Internet use and data access. Don’t let an employee misuse of resource put your organization under fire and enter a stage of misery in handling such crisis.
But in case crisis happens as a result of it, GeiserMaclang’s Amor Maclang insight on handing such can be helpful. (via Raket Hub)