Strategies for sharing and protecting sensitive information: the emergence of secure-collaboration technology carries the promise that organizations can share sensitive information without worrying about theft and misuse.

• Author: Price, Elaine
• Position: Technology

Information theft and misuse can affect businesses in a variety of ways, with different consequences (though all are severe) for varying arms of the organization. Confidential research and development information or proprietary sales and product strategies may be leaked to competitors, for example, or employee health records can be mishandled with insurers and put businesses at risk for lawsuits and government fines.

For financial executives, especially at companies working under fair disclosure (Reg FD) and Sarbanes-Oxley regulations, it is critical to protect sensitive or financial information such as confidential data that is not meant to be shared externally or information that by law must be shared with investors in a structured manner.

As CFOs make strategic decisions related to layoffs, mergers, business models and other material topics, they need to gather and share confidential information such as contracts, financials and proposals in a protected fashion with legal counsel, investors, consultants and business partners. It goes without saying that sensitive information must be protected from internal and external misuse or fraud.

Security breaches in any of these cases can result in a Joss of trust from Wall Street, loss of market share (if competitors gain strategic information) and loss of credibility for financial management. All of these factors are forcing management, especially financial executives, to reassess their methods of collaboration and information-sharing to ensure that critical information is protected when working with both internal and external audiences.

Recent statistics underscore the financial damage of information theft. According to the 2003 Computer Security Institute/FBI Computer Crime and Security Survey, 251 organizations reported total annual losses of more than $201 million due to computer crime. Theft of proprietary information caused the greatest financial loss, as it has consistently since 1999--$70.2 million was lost in 2003, with the average reported loss being approximately $2.7 million.

The sources of the attacks as a percentage of all respondents included: independent hackers (82 percent), disgruntled employees (77 percent), U.S. competitors (40 percent), foreign governments (28 percent) and foreign corporations (25 percent). (The CSI/FBI report is available for free at www.goc si.com.) Research also shows that information theft comes from on-site contractors, vendors and suppliers, strategic...