Skip to main content

Cultural differences in data security

The differences on what counts as private information are varying, depending on which country we are talking about. In the EU, for example, an address, an e-mail address or a phone number already counts as sensible information, and companies can only use it if you agree to the terms. However, the social security number is not that highly protected, meanwhile, in the USA that code is the most valid link to your personal life. This is a huge difference: While in the EU a hacker cannot do much with a single social security number, in the US they can even apply for a loan or steal your whole identity.

People’s trust towards the state is also depending on where they live. To go on further with the US, EU comparison, the level people trust governments differ very much. In the EU it is completely normal that governments keep some records and you contribute your data to it, however in the US, the state is not getting a lot of data, people are more likely trusting companies, and we have already seen with the recent scandal of Facebook where this is leading.

Therefore, when companies decide to globalize their operations or outsource work to offshore locations they shouldn't overlook behavioral and cultural differences when developing their security risk-management plans. Employee behavior is different depending on which country and culture they are from, and has a direct bearing on the threats posed to corporate data.

Many of the countries that are mainly in the business of outsourced workforce haven't experienced the same level of worm mass mailings, denial-of-service attacks and other IT security threats that companies in the US and EU have been dealing with for years. But people are more likely to be a victim of social engineering. For example, in China and in Brazil employees at their companies are more likely to allow outsiders to use corporate laptops and mobile devices without any supervision.

In some countries, for example, there is a greater tolerance for employees tailgating behind other workers when entering secured facilities, or for verbally sharing sensitive information with others. IT and security managers have to be aware of such differences when they set security plans. They also have to be prepared to incorporate whatever technical, physical or procedural controls are needed to help mitigate the risks.

The key to an effective enterprise-wide security program is in establishing and enforcing a minimum standard for security that is the same at each site regardless its location. With a little more thought, you can save yourself and your organization many security headaches down the road with standardized protocols.


You might also be interested in:


Share this post

Comments ()