Does Your C-Suite Pass, Fail or Excel at Data Privacy?
You’d think that by now the C-suite would be up-to-speed on data privacy and security.
But a recent AIIM (Association for Information and Image Management) report showed that while up to about half of all organizations experienced a data breach in the last year, a quarter of respondents felt that their senior managers did not take the risks of data privacy breaches seriously.
According to a 2015 IBM survey of more than 700 C-level executives, almost three-quarters of CEOs identified ‘rogue individuals’ as the largest threat to organizations – when, in fact, 80% of cyber attacks are driven by highly organized crime rings.
Referencing an earlier report on mobile security threats by BT Global Services, “incredibly, 69% of CEOs don’t take security seriously enough,” said a BT Global spokesperson at the World Economic Forum (weforum.org).
The time is now for senior management to step up and to be proactive in designing an information security framework before it's too late, urged an article at itproportal.com.
Here’s a look at some of the concerns and challenges of corporate data privacy.
- Information Chaos: The explosive growth in data – on hard drives and paper in the workplace, and with ever-increasing volumes on laptops, mobile devices, and cloud storage – needs to be managed from the top. What’s critical is that organizations verify what confidential information they have, securely dispose of what they don’t need, and protect confidential data through its lifetime with a comprehensive document management process.
- The Bigger Picture: Cyber security reaches far beyond the IT department with criminals targeting marketing, human resources and finance departments because so much personally identifiable information and financial information resides there. But in the IBM study, almost two-thirds of executives in these departments acknowledge they are not actively engaged in cyber security strategy and execution.
- Team Effort: An effective workforce requires on-going training in security practices – and strong leadership. There’s now a wider adoption of roles on the team such as Chief Security Officer (CSO), Chief Information Security Officer (CISO) and Chief Digital Officer (CDO). Core executives must participate and contribute in defined, strategic ways, said Steven Durbin of Information Security Forum in a cioinsight.com story.
- Show and Tell: Senior managers have to commit to information security before an organization can fully adopt a culture of security. When management demonstrates a commitment to security, employees will follow suit.
- Collaboration: Over half of CEOs in the IBM study agree that collaboration outside of the organization is necessary to combat cybercrime. But only one-third would share their organization’s cyber security incident information externally.
- Workplace Processes: The 5th Annual Security Tracker from Shred-it showed that over one-third of American c-suite executives do not have a protocol for storing and disposing of confidential data that is strictly adhered to by all employees; and 30% do not securely store documents prior to disposal. Embed secure processes by partnering with a document destruction company, for example, that provides locked consoles and has a secure chain of custody with on- and off-site shredding services.
The most effective way to protect confidential information in the workplace is the simplest – focus on the fundamentals.