The impact of the current recession is far reaching, and consequences of layoffs and business closures extend beyond longer unemployment lines and shrinking market segments. As VeriSign's Todd Waskelis and Bindu Sundaresan pointed out in CSO Online last week, corporate mergers and sales can also put protected information at risk.
For instance, the writers ask:
What happens to the credit card data after the purchase from a store that is going out of business? Is that part of the sale as well? The thought of financial information leaving a Point of Sale (POS) system, which is known to be one of the weakest links in the payment operations world, ending up with someone who purchased this POS system is disturbing.
So how do businesses working through transitions brought on by the financial crisis protect the information they have collected? Just as effective asset management is important when a company is closing down or changing hands, data security and compliance issues should also remain front of mind. The company should have a plan in place to ensure that employees know how to properly protect sensitive data during this time, the writers say.
Company officials should also be aware that layoffs and restructuring create a higher risk of insider threats or data theft at the hands of a disgruntled employee or former employee. Moreover, those who are uncertain of their futures with the company may be more susceptible to phishing attacks disguised as job offers or career counseling e-mails.
The writers also note that the company will need to systematically shut down Web sites, domain names, wireless networks and other "pieces" of the infrastructure as the transition occurs so that all the points of access to protected data are closed. In short, data security should remain a priority, even when the business is winding down.