Unlike COVID-19, there is no vaccine for security breach!
Before 2019, only a few people would believe that there exists a virus that could defeat the advancement of modern medicine and cause a global catastrophe like COVID-19. Now, scientists have gradually researched and developed a vaccine against COVID-19. But there is still another "virus" that we did not anticipate its strong explosion in this IT era, which is the "virus" that breaks Information Security…
If a company is a “host”, the information and data systems are the valuable assets and the “genetic code” of that company. Companies may go bankrupt, but if these information and data systems are still available, it is entirely possible to establish a new company with a similar business idea, operating method,.... At the same time, if the company's data is leaked, depending on the importance of the information, it can cause measurable losses. Aware of the importance of protecting this information system, businesses are spending part of their annual profits to construct information security systems.
The information security market is a hot market worth tens of billions of dollars and growing by double digits every year. A technology company, such as Sun*, pays even more attention to these security issues. Sun* has built an ISO 27001-level information management system and has always maintained security checks and enhanced "patching breaches”.
Currently, at Sun*, there have not been any serious information security incidents recorded, but as programmers or system engineers, you must have heard of violations of engineers at top technology companies in the world, right?
For example, in 2017, Apple fired one of its engineers after his daughter posted a clip of the latest (unreleased) iPhone X model from her father's test phone. The teenage daughter has a hobby of posting self-recorded clips on social networks to share with friends. On the day of the incident, she went to Apple HQ to wait for her father to have lunch together. Her father is a longtime Apple engineer and he received an iPhone X model for testing. He happily let his daughter try this product sample. But he did not anticipate that his daughter would immediately record the process of using the iPhone X and posted it on social networks. Moreover, in her video, she also revealed her father's engineer QR code, which meant that a smart enough crook could completely steal this QR code to access the company's internal system and find out about every new Apple product. As soon as Apple discovered the incident and notified the girl, she immediately removed the video. But it was all too late, the video was already downloaded and shared all over social media. Apple gave the most severe punishment - fired its engineer, although the girl later made a video apologizing and crying, she did not know that her behavior could cause such serious consequences. Apple cannot be merciful in this situation.
The example sounds very similar to the motif of some stories where "a stupid teammate is much scarier than a mighty enemy” that happened recently in Vietnam. We don't want to look too deep into the education of some family/teammates or how someone's career has been ruined because of a few minutes of young girls/boys (or not so young) bragging about their 'euphoria' on social media. Here, let's just look at the consequences that happen to company employees when they themselves leaked the information. There are two points we need to keep in mind:
You can't predict how far the leaked information can spread.
Even if we unintentionally and do not directly disclose information, we can still be subject to the most severe form of discipline for company employees - dismissal.
Since the issue of information security is new, Vietnam's legal system in this segment is still in the construction phase. However, when regulating information security between the Company and its employees, the law also has basic provisions, thereby creating a "fairly open mechanism" for companies to proactively govern through internal regulations. The company has the right to agree in writing with employees on the content, time limit for protection of important information, rights and compensation in case of violation (Article 21 of the Labor Code). Therefore, each Company may have certain differences when handling this issue.
Even at Sun*, currently, regulations on violations of information security as well as what types of information should be kept confidential have been reflected in the Company's Regulations; All employees/collaborators/partners of the company have also signed commitments on information security, intellectual property and unfair competition.
In the next article, the Justice Protection Squad will reveal how the Company can penalize violations, so that you are always careful with Information Security. Don't wait until you have to say
"I beg, but Sun* does not forgive"!