Svitlana Renkas: Information security and protection of ownership right to information is an important element of any business.
Svitlana Renkas, director of the legal department (residents) of Arricano Real Estate Plc, took part in the International Forum for Business Protection, which took place on May 16, 2019. In the format of an open interview dedicated to “Augmented Reality of Information Security, or How to Avoid Theft of Corporate Information”, the top-manager of Arricano answered the questions of Vitalii Serdiuk, a senior partner at Aver Lex.
Svitlana Renkas believes that ensuring the security of information and counteracting leakage of corporate information is an important issue of business protection. “Information security and protection of ownership right to information are important components of any business,” the spokeswoman said and remembered the famous SkyMall case, which began with the leakage of confidential information. - Our company faced the disclosure of confidential information at the stage of registration of the holding. The well-known suit began with the disclosure of the provisions of the agreement related to the change of shareholders stipulated by the requirements to public companies.”
The director of the legal department (residents) of Arricano told about two directions where it is necessary to provide protection from the leakage of information - internal and external - and provided examples of obvious cases of preventive measures for information security.
Svitlana Renkas recommends four steps protecting from the leakage of corporate information
1. Awareness of employees about what information is confidential and how to work with it.
Arricano has developed a number of procedures that are programmed and fixed in the recommendations. As a result, each employee, either a new or already working one, knows what is a commercial secret of the company, what is confidential information, what they consists from, when and who should communicate with external organizations, for example, with the media, with the AMCU, with the state authorities, supervisory bodies, etc., who responds to inquiries of each nature.
Each employee of the company signs a personal commitment not to disclose confidential information; the commitment specifies rights, duties and consequences of disclosure for an employee. For example, if there are requests from the media, everyone knows the procedure: to whom this request should be directed, who is responsible to answer and to what extent. Of course, this procedure involves lawyers.
2. Cybersecurity is obligatory, because an unauthorized attack on the IT-system of the company is possible. Arricano has developed a password defense mechanism. Passwords are changed regularly, unlike simple, unchanged, customary, home ones, which are the same on all gadgets.
After a virus has destroyed many companies' databases, we regularly hold trainings on how to work with letters, suspicious messages, and IT security checks. “Sometimes our IT department sends test letters and then gathers the employees together and tells them who acted in which way: who opened the letter, what virus or spy could have be there, and which consequences such opening might have, how to get information through these letters. “As a result of the systemic work on the cyber security of such people, we have less and less openings of dangerous messages.”
3. Insider queries disguised as requests from official authorities.
Given that some requests from the authorities can be used by interested people who want to do harm to your business or business of your partners, you should protect your information, for example, through privacy or lawyer secrecy.
In Arricano, after receiving a request from the Antimonopoly Committee for provision a large amount of information, its dissemination was protected by means of confidentiality and restricted access, so that to avoid the leakage of data from the Antimonopoly Committee. If people's deputies or other bodies disguised by the status will be interested in this information, the AMC has no right to disclose it, as it is legal liability for the Committee itself and its employees.
When requests about partners are received from public authorities or law enforcement agencies, the security of certain information in Arricano is provided by the lawyer's secret, while the partners are informed that the request has been received. “We are obliged to provide information, and we provide it - in accordance with the law and in accordance with the rules, but in the company we have the principle: affiliate business should go hand in hand,” Svitlana emphasizes.
4. Common sense is the easiest way to protect trade secrets.
If you receive a request for commercial information, it is important to answer the simple question, “Whom, why and how will I transfer these data? What threats may arise?” When working with confidential data, mass mailings should not be used, information should be transmitted individually.
The case of one of the company's partners, which the speaker gave as an example, concerned the distribution of commercial information that became a part of mass mailing, though it has been intended for one person. The confidential parameters important for operators, owners, managers of the shopping mall became public through negligence.