ORGANISATIONS hold vast amounts of information; data that holds the key to new business ventures, enhanced customer engagement, increased productivity and competitive advantage. So why is it so many firms fail to treat information with the care and respect it demands?
With the recent explosion in digital communications, many European businesses appear to equate ‘information’ and its security with IT. In response, the IT department protects data by installing firewalls and anti-malware security to keep cyber-risks at bay. However, information includes spread-sheets and databases loaded onto PCs and laptops, as well as the mountains of paper documents crammed into folders and filing cabinets.
External threats are very real and need to be addressed, but a growing body of evidence shows employees could be the greatest risk to information exposure. While your business is looking the other way, valuable and confidential information is happily and often innocently leaving the office in somebody’s bag or laptop case.
The 2012 global data breach report by Verizon found that while just 4% of actual data breaches implicated insiders, the potential impact of theft by an employee was invariably greater than that of an external threat. This is because insiders are three times more likely to steal business-critical data. The reasons behind this could be that employees have a sense of ownership over information they were involved in creating, with some making off with customer database, plans and proposals.
The current competitive landscape means many organisations are fighting to win customer trust. Consequently, it is vital firms understand how employee behaviour is exposing the business to potential data breaches and corporate espionage. All companies should be aiming for the highest standards of information management and security. There are several easy, low-cost ways to reinforce information security in a business:
• Step 1: Make information risk a boardroom issue – ensure there is a senior individual on the board responsible for it, and that it is embedded into how the board monitors overall corporate performance.
• Step 2: Put the right HR and information policies and processes in place – and ensure these cover all information formats (electronic, paper or media). Also, define any vulnerabilities relating to manual information handling, establish whistle-blowing protocols, and review and test all systems and processes on a regular basis.
• Step 3: Change the workplace culture – design and deliver information security awareness programmes, have the right guidance available for every person at every level, and reward and reinforce good behaviours throughout the organisation.
Most employees do not take information out of malice, but because they are proud of the work they have produced. They understand its value and think it will be useful to them in the future. These are very positive foundations to build on – do not let the opportunity go to waste. Get your employees on board with a corporate information responsibility programme that will enable them to play a key role in mitigating information risk and keeping your critical information secure.
Rod Day, senior vice president and chief financial officer of Iron Mountain, Europe
Join Financial Director, Oracle and a host of ‘Fast Data’ experts to discover how financial professionals can help create a Fast Data business
Yahoo’s data breach highlights difficulty in determining whether unauthorised access to data has occurred
Cyber risk is a dynamic threat as criminals seek more creative ways of extracting value from reputable businesses. The new wave of attackers are sophisticated and skilled, and may lie low inside a network for weeks, or months, before taking definitive actions
Wolseley is to cut up to 800 UK jobs and close around 80 branches costing the company about £100 million, the plumbing and heating supplier said on Tuesday despite reporting rising sales and profits
What can you do to ensure your employees know the company policy and stick to it? Hear from other CFOs and experts in our free-to-view video