Does Your C-Suite Pass, Fail or Excel at Data Privacy?
You’d think that by now the C-suite would be up-to-speed on data privacy and information security.
But a recent AIIM (Association for Information and Image Management) report showed that while up to about half of all organisations experienced a data breach in the last year, a quarter of respondents felt that their senior managers did not take data breach security measures seriously.
According to a 2015 IBM survey of more than 700 C-level executives, almost three-quarters of CEOs identified ‘rogue individuals’ as the largest threat to organisations – when, in fact, 80% of cyber attacks are driven by highly organised crime rings.
Referencing an earlier report on mobile security threats by BT Global Services, “incredibly, 69% of CEOs don’t take security seriously enough,” said a BT Global spokesperson at the World Economic Forum (weforum.org).
The time is now for senior management to step up and to be proactive in designing an information security framework before it's too late, urged an article at itproportal.com.
Here’s a look at some of the concerns and challenges of corporate data protection.
- Information Chaos: The explosive growth in data – on hard drives and paper in the workplace, and with ever-increasing volumes on laptops, mobile devices, and cloud storage – needs to be managed from the top. What’s critical is that organisations verify what confidential information they have, securely dispose of what they don’t need, and protect confidential data through its lifetime with a comprehensive document management process.
- The Bigger Picture: Cyber security reaches far beyond the IT department with criminals targeting marketing, human resources and finance departments because so much personally identifiable information and financial information resides there. But in the IBM study, almost two-thirds of executives in these departments acknowledge they are not actively engaged in cyber security strategy and execution.
- Team Effort: An effective workforce requires on-going training in security practices – and strong leadership. There’s now a wider adoption of roles on the team such as Chief Security Officer (CSO), Chief Information Security Officer (CISO) and Chief Digital Officer (CDO). Core executives must participate and contribute in defined, strategic ways, said Steven Durbin of Information Security Forum in a cioinsight.com story.
- Show and Tell: Senior managers have to commit to information security before an organisation can fully adopt a culture of security. When management demonstrates a commitment to security, employees will follow suit.
- Collaboration: Over half of CEOs in the IBM study agree that collaboration outside of the organisation is necessary to combat cybercrime. But only one-third would share their organisation’s cyber security incident information externally.
- Workplace Processes: The 5th Annual Security Tracker from Shred-it showed nearly a third of British C-suite executives surveyed do not have a protocol for storing and disposing of confidential data that is strictly adhered to by all employees in their organisation; and more than a quarter do not securely store documents prior to disposal. Embed secure processes by partnering with a document destruction company, for example, that provides locked consoles and has a secure chain of custody with on- and off-site shredding services.
The most effective way to protect confidential information in the workplace is the simplest – focus on the fundamentals. Get informed about the important issues surrounding data security with this report.