24 August 2017
Stephen Midgley

Spotlight on Regulation

Stephen Midgley - Absolute Software

5Posts 15,915Views 0Comments

Don’t let data risks inhibit innovation

31 July 2015  |  2380 views  |  0

2014 saw some major data stories hit the headlines, with global firms such as Sony, eBay and the European Central Bank suffering very public data breaches. The CEO of Target even lost his job as a result of the breaches his firm suffered. We’re only a few months into 2015 and we’ve already seen US healthcare provider Anthem announce that it suffered a breach that could affect up to 80 million of its customers. There has been a high profile response to the Anthem breach, demonstrating how one incident can put a business at the centre of a massive media storm. For anyone on the board of a company, this is a complex situation to be in. Before you even consider the potential £500,000 fine the Information Commissioner’s Office can impose for a data breach, the public perception and business impact can be equally concerning. Whatever your business, your customers want to know that their personal information is in safe hands, and will think twice about entrusting it with companies that don’t have a good track record in this field.

 

However, while data breaches themselves should obviously be a board-level concern, it’s becoming increasingly important to look at the broader impact they can have. When a company or a competitor suffers a breach, often the first priority is to review how the overall business handles its data. However, the danger here is that a knee jerk reaction can result in draconian policies being implemented, severely curtailing employee use of data. In this scenario, the entire workforce can lose data flexibility, and this could impact productivity. This can range from being unable to access critical information through mobile devices, to making it impossible for employees to work anywhere other than directly in the office.

 

At the same time, a hasty reaction to a data breach could potentially have a negative impact on employee morale. Suddenly telling employees they can’t read digital files outside of the office, or are only able to work from home through approved devices can result in a lot of uncertainty. It’s this kind of atmosphere, where no-one knows what they can or can’t do with company data, which can result in further mistakes being made.

 

It is becoming increasingly clear that board level and senior management teams need to be aware of the dangers of positioning data as the bad guy. Change can only come from having a more data-led approach to business, not just at management level but throughout the company. From praising teams that have shown good data-centric initiatives, to equipping employees with the tools they need to embrace flexible and mobile working strategies, there is a lot the board can do to dispel the common fears surrounding data. However, that doesn’t mean the risks should be ignored – they just need to be managed properly.

 

There are a number of ways that this can be done, but it essentially boils down to three elements. The first is policy, which sets out how data and devices can be used, and allows your employees to clearly see when they’ve breached the policy. The second part of this is training and education to address one of the common causes of a breach – the human element. This training has to be engaging, relevant and tailored to the jobs people are doing for it to be truly effective. The third and final step is the technology that you use to protect the business if and when a data breach occurs. The key thing here is being able to prove that all compliance processes have been adhered to, and to securely track and disable any device involved in the breach.

 

Ultimately, a business’ attitude to data needs to be set from the top. A company culture that is scared of data and isn’t prepared to embrace a modern way of working will always lag behind its more forward thinking competitors. This information, in all of its forms, is one of the most powerful assets an organisation has. An intelligent, flexible and secure approach to information management will ensure businesses can make the most of its data, and guard against potential risks. 

 

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Stephen

Don’t let data risks inhibit innovation

31 July 2015  |  2380 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulation

5 Things the Financial Services Industry Needs to Know About the EU GDPR

11 June 2015  |  3805 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulation

Working with your CIO to negotiate GRC - Part Two

07 November 2014  |  3559 views  |  0 comments | recomends Recommends 0 TagsSecurity

Working with your CIO to negotiate GRC - Part One

23 October 2014  |  3011 views  |  0 comments | recomends Recommends 0 TagsSecurity

De-mystifying regulation roadblocks

15 May 2014  |  3161 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulation

Stephen's profile

job title Global Marketing and Product Development
location Vancouver
member since 2014
Summary profile See full profile »

Stephen's expertise

Member since 2014
5 posts0 comments
What Stephen reads
Stephen writes about
SecurityRisk & regulation
Stephen's blog archive
2015 (2)2014 (3)

Who's commenting on Stephen's posts