Last year, Yi Mou, a man from Yubei, took advantage of his position as a network administrator of a technology company in Chongqing to steal 10,815 customer order information from the company with a man Yan, and resold it to others for profit. Recently, the Yubei District Court concluded the crime of infringing on citizens' personal information. The defendants were sentenced to fixed-term imprisonment ranging from 9 months to 1 year, and were also sentenced to a fine.
1. If enterprise information is leaked, the problem is not only the employees, but also the enterprise!
On March 15, the newly adopted "General Principles of the Civil Law" clearly stipulates that the personal information of natural persons is protected by law, and any organization or individual that needs to obtain the personal information of others shall obtain it according to law and ensure the security of the information, and shall not illegally collect, use, process, When transmitting personal information of others, it is not allowed to illegally buy, sell, provide or disclose personal information of others. Yi's behavior is undoubtedly a lack of legal knowledge, and he engaged in such illegal and criminal activities with a fluke.
The author believes that the emergence of this case is not only a moral issue of the network administrator, but also the lack of protection of the enterprise's own data assets and the possibility of criminal acts. Enterprises do not realize the importance of their own data assets and lack corresponding protection measures, so that network management can take advantage of it.
In March 2013, Neusoft Group was exposed to the leak of trade secrets, and about 20 employees were arrested by the police for allegedly infringing on the company's trade secrets. The leak of trade secrets caused Neusoft to lose as much as 40 million yuan .
In October 2013, the information of one million Yuantong customers was leaked, and the customer's address, name, mobile phone number and other information were at a glance, and buyers could choose at will. Technical experts have confirmed that it is difficult for even hackers to be able to see real-time information of all customers in the country at any time, except for Yuantong.
On the evening of December 11, 2016, some media reported that a 12G data package began to circulate on the black market, including user name, password, email, QQ number, phone number, ID card and other dimensions, with thousands of data. Ten thousand. Both black market buyers and sellers said that the data came from a well-known domestic e-commerce company.
The above-mentioned enterprises, as well-known domestic enterprises, have certain technical strength, and they all suffered from information leakage more or less, resulting in a series of losses. Why can't such a large company protect its data assets? The most important reason is the lack of awareness of enterprise data asset protection. What about the larger group of small and medium-sized enterprises in China? Should I also have a deeper understanding of my own data security?
2The era of big data is coming, what are the threats to enterprise data security?
With the development of network information technology and e-commerce , for modern enterprises , key business data has become one of their core assets and the embodiment of their core competitiveness. Whether a modern enterprise can effectively protect its key sensitive data has become one of the important factors for the enterprise itself to be invincible in the fierce business competition. Loss of sensitive data not only means significant economic losses to enterprises, but also has a fatal impact on enterprise reputation.
However, judging from the current situation, most enterprises are still facing huge challenges in data security.
A considerable number of enterprises do not realize the importance of data assets, so they do not pay enough attention to allow criminals to take advantage. According to relevant statistics, among the causes of all data loss accidents, viruses, Trojans, worms and hacker attacks only account for 21% , while software and hardware failures, internal staff misoperations and other reasons account for 79 % . The data protection measures taken by enterprises are limited to installing anti-virus software and firewalls , which means that they have no protection against 79 % of security threats . This situation should cause every enterprise to pay attention!
3Where should businesses start with data protection?
Data assets are so important. From the perspective of enterprise managers, the data security of enterprises can be effectively guaranteed only by starting from the following aspects.
-
增强企业员工的信息保密意识
目前,许多企业员工对信息安全存在着误区。应该尽量使用复杂的密码做为保护,而不是只要随便设置个简单的密码,例如“123456”不同的账号和文件,设置不一样的密码,才不会让入侵者或“泄密者”有机可乘。而许多企业对入职员工培训并没有涉及到信息安全、保密这一方面。员工对信息安全、保密意识的缺失,企业也有一定的责任。
-
防火墙、杀毒软件的安装
当今互联网的发展,使得企业不能不使用网络进行各个方面的洽谈,正是由于互联网的开放性,导致了企业信息无时无刻都可能暴露在广大网民面前。所以,在管理好内网的同时,还需要对外网的行为进行管控,及时的更新防火墙、杀毒软件的版本,做好计算机网络的防护,也是防止企业信息失窃的重要手段。
-
数据资料备份
数据资料的备份,是防止数据丢失最简单的方案。但是,如果是重要的资料,尤其是丢失会造成大量损失的数据,数据备份还远远不够。
-
数据加密
要从源头保护文件,就需要利用前沿的驱动层加密技术,对单位内所有重要文件实现强制透明加密,一旦加密,如果非授权情况下把文件带离公司,文件将显示乱码无法使用,带走也徒劳。
-
终端管控
关于企业的数据资产安全,普华永道会计师事务所风险保证业务部的Joe DiVITo说道:“企业要正确核计赋予员工的访问权限。要确定谁拥有授权和日常访问该数据的权限,并确保需要修改或撤销访问权限时,各有关方均通知到位。”
所以,员工安全的上网行为对于企业数据信息安全来说越来越重要,这也正是步入信息时代上网行为管理产品市场需求逐步扩大的重要原因。而针对不同层级员工的权限控制,将会进一步降低信息泄露的风险。
严控泄密途径,实施终端安全管理,管控包括U盘拷贝、沟通工具传播、邮件发送、打印资料等在内的数据泄露隐患,同样非常重要。文件的全程操作过程都有记录可查,如果有人企图带走内部文件,增加了窃密难度,也增加了窃密成本。
企业数据资产的保护,只有从这5方面出发,才能全面防止企业信息的泄露。这5方面内容,主要是技术手段和非技术手段,技术手段可以花钱解决;而更重要的是非技术手段,只有数据安全意识的具备,才能做出更合理的行动来对数据资产进行保护!