Living in a Digitized World: 3 Ways to Safeguard Information
Is there a way to simplify information security in the workplace?
A recent InformationAge.com article takes a really good stab at it by suggesting a three-pronged approach that combines ‘leadership’, ‘investment’ and ‘people’.
But one doesn’t work without the other.
Malicious security threats and unintentional breaches are the two main types of digital security threats. Here’s how leadership, investment, and people, help close the gaps and create end-to-end security.
Safeguarding information should be part of business process management, and that has to start at the top.
42% of respondents in the Global State of Information Security survey said their Board actively participates in the overall security strategy and 36% said the Board is involved in security policies.
In a recent article by IT Pro Portal, Nicholas Perocco of security solutions company Rapid7, said Chief Information Security Officers (CISOs) will spend 100% more time with their boards and executives in 2015.
He said high profile data breaches have put the importance of good security programs on the Board agenda.
“CISOs will work closer with the boardroom to highlight security program effectiveness, and they will focus more on mitigating actual risks to data loss.”
When security is a board-level concern, it’s more likely that security awareness will permeate throughout the entire organization to create a culture of security.
The level of time and money invested in security should reflect the value of what the organization is trying to protect, wrote Ben Rossi in the InformationAge post.
According to the 2014: A Year of Mega Breaches study by Ponemon Institute, 61% of organizations increased their security budgets by an average of 34% in 2014.
The 2014 IT Security Budget Forecast Roundup for CISOs/CSOs white paper showed that the top area of increased IT spending in 2014 is security technologies. Depending on an organization’s cyber security definition, “not only will there be at least a 3.5% increase in IT Security spending for 2014 but the typical CISO’s direct budgetary control continues to increase”.
On the other hand, the Global State of Information Security survey reported the average information security budget dipped to $4.1 million, down 4% compared to 2013. Security spending is 3.8% of the overall IT budget.
An organizational culture of total security requires a shift in the attitudes of employees, according to The Human Resources Guide to Creating a Total Security Culture from Shred-it. “Employees should not only know and understand their organization's security policies and procedures, but truly commit to them and implement them correctly.”
Companies can help by providing on-going employee training and other security awareness.
The mega breaches survey showed that half of organizations had begun new security training and awareness activities.
Processes should also be in place so that safeguarding information is part of the job. Utilize technologies such as patch-management tools, intrusion-prevention tools and privileged user access. Implement a Clean Desk Policy and a Shred-all Policy. Partner with a reliable document destruction supplier that provides locked consoles for documents that are no longer needed, secure on or off site shredding and a Certificate of Destruction after every shred.
Living in a digitized world means the mobile workforce knows how to protect their laptops in and outside of the office. Here are all hidden costs of a laptop.