IT security during tough economic times

Published 21 October 2008

Tough economic times lead to layoffs and mergers and acquisitions; a key aspect of such transitions is the inevitable turnover and its impact on internal security

Tough economic times lead to an increase in layoffs, mergers and acquisitions. This increased activity could potentially weaken data security, but most security experts agree that large firms have the right procedures to follow to ensure security and data integrity in the event of a major shake up. As Claudiu Popa, president and chief security officer of data security vendor Informatica Corp. explains in a conversation with SearchSecurity that mergers and acquisitions force IT security pros to be more aware of internal threats. Popa outlines a strategy and some best practices to ensure data security and consumer trust during times of uncertainty. Here are two questions he was asked, and his responses:

SearchSecurity: What is the biggest challenge for companies facing a merger and acquisition (M&A) from a security prospective?

Claudiu Popa: M&A situations are one of the most sensitive times in the existence of a company. The risk to information assets during this time is increased by numerous factors such as different policies in effect, people, process inefficiencies, breakdowns in leadership and lax security controls. This kind of transitional period results in situations that can not only foster security breaches, but critically make them more difficult to detect. Any organization going through a merger or a sale must prepare for the transition by testing their business continuity plans, their incident response program and by verifying the security awareness level of their workforce.

Finally, a key aspect of such transitions is the inevitable turnover and its impact on internal security. Whether employees are disgruntled or simply feel that no one’s watching, beefing up your security monitoring and reviewing employee agreements is an absolute must. Unfortunately, due to the numerous project and change management challenges involved, organizations and executives drop the ball on security on a regular basis. Part of the reason is that competent security consultants that offer this specific type of service are difficult to find. Look for a firm whose offerings include a standards-based approach to secure project management (SPM).

SearchSecurity: What’s your take on data security for these financial firms going out of business and being acquired?

Popa: The types of fire sales and mergers we are seeing in the financial industry are a cause for serious concern because so much personal and financial data is changing hands on such tight deadlines that mistakes are likely being made every day. Customers of such firms should inquire with their own institution about the nature and amount of their personally identifiable information being stored there. It is also important for clients of these firms to scrutinize bank statements on a monthly basis to identify any security issues as soon as they occur. The unfortunate reality is that in situations where organizations change in such fundamental ways, information assets, which represent the vast majority of the company’s value, are the first to be misplaced or stolen. Whether that information is ever used for fraud or other unauthorized purposes is very difficult to determine going forward.