Are You Doing This? How to Implement Data Security
The need for information security has never been greater… but now the big question is how to implement data security that really works.
There's a lot of research showing that in many cases organisations and workplaces are not doing enough to protect information. For example,the PWC Information Security Breaches Survey showed that two-thirds of the largest businesses in the UK suffered a cyber attack or data breach in the last year.
Companies have to look at the development of an information security policy as just the beginning. For a data security programme to be effective, there also have to be processes in place that target, champion, and support the different protective strategies.
Here is a look at how implementing information security in an organisation is multi-faceted and ongoing.
- Culture: The first step towards creating a successful security awareness programme, according to a tripwire.com article, is to recognise that there isn’t a timeline with completion date but rather a fluid development of organisational culture. A culture of security has to start at the top, and permeate throughout the entire organisation. Also, “when it comes to protecting information security, complacency is among every organisation’s key risks,” concluded the 2016 State of the Industry Report by Shred-it. Keeping information security front and centre in a workplace is important for large businesses and SMEs alike.
- Privacy and Legislation: As new threats emerge, new legislation and guidelines are created to protect privacy and personal information. Organisations must stay up-to-date about changes in data protection legislation, and revise their policies and procedures accordingly.
- Employee Mindset: Any security architecture will be undermined if there is no process in place to ensure all employees understand their role and responsibilities. Ongoing education is key. The goal is to shift the mindset of employees so that security awareness becomes an integral job function.
- Automate Security: It’s important to ensure that it is as easy as possible for employees to follow instructions for securing data – automation can help. First, protect all hard drives with up-to-date IT safeguards. But where possible, automate decision-making around security. For example, create a program that helps decide if an email needs encryption – so that all the user has to do is press send.
- Stay Current: Security policies have to reflect current trends in the workplace. For example, bring-your-own-everything (BYOx) is a trend that allows employees to bring their own devices to work. Put a process in place to identify all the risks such as mismanagement of devices and unreliable business applications – and address them.
- Business Processes: Look at how information travels throughout the organisation, and put business processes in place that are also security controls. In this way, information security is embedded in the workplace. One good example is to partner with a recognised document destruction company that provides a secure chain of custody – with locked containers and secure destruction of information.
Get proactive on fraud prevention, and Identify the areas in your workplace where fraud is most likely to happen.