- Posted Monday July 3, 2017
The need for information security has never been greater… but now the big question is how to implement data security that really works.
There's a lot of research showing that in many cases organisations and workplaces are not doing enough to protect information. For example, the 2016 PWC Information Security Breaches Survey showed that two-thirds of the largest businesses in the UK suffered a cyber-attack or data breach in the previous year.
Companies have to look at the development of an information security policy as just the beginning. For a data security programme to be effective, there also have to be processes in place that target, champion and support the different protective strategies.
Here is a look at how implementing information security in an organisation is multi-faceted and ongoing:
Culture: The first step towards creating a successful security awareness programme, according to a tripwire.com article, is to recognise that there isn’t a timeline with a completion date but rather a fluid development of organisational culture.
A culture of security has to start at the top, and permeate throughout the entire organisation. Also, “when it comes to protecting information security, complacency is among every organisation’s key risks,” concluded the 2016 State of the industry Report by Shred-it. Keeping information security front and centre in a workplace is important for all types of businesses.
Privacy and Legislation: As new threats emerge, new legislation and guidelines are created to protect privacy and personal information. Organisations must stay up-to-date about changes in data protection legislation, and revise their policies and procedures accordingly.
Employee Mindset: Any security architecture will be undermined if there is no process in place to ensure all employees understand their role and responsibilities. Ongoing education is key. The goal is to shift the mindset of employees so that security awareness becomes an integral job function.
Automate Security: It’s important to ensure that it is as easy as possible for employees to follow instructions for securing data – automation can help. First, protect all hard drives with up-to-date IT safeguards. But where possible, automate decision-making around security. For example, use a program that helps decide if an email needs encryption – so that all the user has to do is press send.
Business Processes: Look at how information travels throughout the organisation, and put business processes in place that are also security controls. In this way, information security is embedded in the workplace. One good example is to partner with a recognised document destruction company that provides a secure chain of custody – with locked containers and secure destruction of information.
Shred-it is the UK’s leading information security company. Click here to learn more about the services they provide, including document shredding and hard drive destruction to safely dispose of unwanted or outdated confidential waste.