Thursday, April 10, 2014
Why data security can't just be a checklist
Organizations face heavy consequences if fault lines in their information security protection cause their data to be exposed or lost.
Secure File Transfer
Organizations face heavy consequences if fault lines in their information security protection cause their data to be exposed or lost. However, IT teams, executives and employees are usually pretty busy with their other tasks and operations to give the situation the attention it deserves. All too often, data security is viewed as a checklist of sorts: Meet the industry standards and regulatory guidelines, put an antivirus program and firewalls in place, tell employees they need to use good passwords. Stakeholders might cross these items off their to-do list, and view it as a "set it and forget it" activity.
This type of thinking is erroneous, as the numerous recent data breaches and cyber? threats have demonstrated. Large retail companies, health care facilities, governmental agencies and other entities have made the news for some of the worst reasons possible: Exposing customer or patient information, often in violation of regulatory guidelines. Organizations are constantly at risk for losing their resources or falling victim to breaches that can afflict them with heavy fines, dissatisfied customers and PR nightmares. An ongoing threat requires a consistent, vigilant security approach. Therefore, protecting digital information must be integrated into the very fiber of business operations, from regularly educating employees to implementing strong secure file sharing programs.
Culture, not compliance
Referring to the example of PCI compliance as one important type of security protocols that enterprises must consider when designing their technological systems, Wired.com contributor Jeff Mann and PCI evangelist at Tenable Network Security, emphasized that successfully passing audits and intermittently adapting to new guidelines are not enough. He noted that PCI standards, while thorough, are not comprehensive and can't guarantee that an organization's information will be protected against attacks from all angles. Additionally, it's important for companies to keep their eye on the bigger picture - robust security - rather than get caught up in the details of each PCI control, he advised.
In other words, in addition to complying with regulatory guidelines, organizations need the right technology and culture to ensure all parties are consistently working in ways that improve security and keep data safe. Many recent studies have pointed to the prevalence of employee error and poor data sharing practices as the source of breaches. To counter this problem, companies should consider offering their workers intuitive, convenient tools that automatically provide higher levels of protection, such as encryption. Part of this strategy is making sure that team members don't disregard best practices and resort to less dependable consumer-grade programs.
Data security is a team effort
Keeping information secure is a task that requires the contributions of everyone throughout the enterprise. In an article for LinkedIn, Cindy Fornelli, executive director at the Center for Audit Quality, encouraged business leaders to view cybersecurity as a puzzle: Multiple roles have their own crucial contribution to make, and each of these parts must come together to form a solid whole. From auditing professionals to IT teams to executives to employees - everyone must be on board with the organization's policies and strategies to keep resources safe. This requires excellent communication and collaboration between parties, Fornelli added.
Threats to digital networks evolve and change everyday, so it's important for organizations to stay vigilant and keep abreast of the latest rules and recommendations. To reduce the strain on their IT teams and other professionals, corporations might want to utilize secure file transfer systems and other tools that enjoy the support of managed service providers. These vendors keep their products up to date with the latest security measures, allowing company teams to focus their attention and energy on other critical aspects of their comprehensive information security plan.