,

Beyond cyber threats: business culture, employee responsibility and information security

By Christian Toon | Posted March 22, 2012 | 0

Information is the lifeblood of every business. Paper files and folders, back-up tapes and digital archives represent a treasure trove of customer insight, employee knowledge, business intelligence and innovation. At the same time, information presents one of the greatest legal and reputational risks to businesses of all sizes. You only have to pick up a newspaper to see what can happen to your customer relationships, brand reputation and sales if information is lost, damaged or exposed.

Like any other business asset, your information is exposed to risk. You can only protect your information assets if you know where the risks are, how likely they are to occur, and how best to manage them.

To understand the levels of information risk within European mid-sized businesses and their capability to mitigate against this, Iron Mountain commissioned PwC to study 600 mid-sized businesses across Europe. The results reveal a deeply concerning picture of complacency, ignorance and lack of management that should sound an alarm bell across the European community.

Information management and mitigating information risk is a board-level issue. If you only take one thing away from the report, it should be an understanding that the key to data protection and managing information risk starts and finishes with employees and business culture. It’s wrong to think that technology alone can solve the problem. People are often the weakest link when it comes to information security, but they are also a company’s secret weapon when it comes to cost-effective information security management.

We hope that this report will encourage you to review the approach your business takes to information risk and take on board the recommendations and practical steps suggested.

We hope you take action not simply because your customers are calling for it, or the legislators demand it, but because it is the right thing to do. Take action because the success or even survival of your business could depend on it.

A summary of the report “Beyond cyber threats: A study on business culture, employee responsibility and information security“ can be found at www.ironmountain.co.uk/risk-management

Tags: , , ,

Read and Discuss
LINK
,

Risk Management: Europe’s First Risk Maturity Index created by Iron Mountain and PwC

By Christian Toon | Posted March 22, 2012 | 0

Iron Mountain has collaborated with professional services firm, PwC, to produce innovative risk management research culminating in the creation of the Risk Maturity Index. We have created this infographic to introduce the research and highlight its key findings. The research is a wakeup call to SMEs that the risks they face in terms of data protection are not being addressed. What is more, failure to perform proper risk assessment and make changes could mean the difference between a business’s ultimate success or failure.

Overall, the report concludes that mid-sized businesses in Europe have a Risk Maturity Index score of 40.6. The report includes the statistic that only 1% of businesses surveyed believed that data protection was the responsibility of everyone in the company. The report highlights that employees are at the centre of common information management issues and that changing workplace culture was a crucial part to play in mitigating risk.

Visit http://www.ironmountain.co.uk/risk-management for more information about this ground-breaking report.

”Risk

View in high-res >>

Tags: , ,

Read and Discuss
LINK

Information management: a glance backward and a look forward

By Phil Greenwood | Posted December 9, 2011 | 0

This blog post first appeared in Risk UK online as a bitesize interview feature. It is reproduced in full here with the kind permission of the Editor.

How have the last twelve months been in your sector?

My job role enables me to view information management across multiple sectors, so this is an interesting question for me. One of the key trends I have seen across the board in the past twelve months involves the digitisation of physical information. Healthcare trusts, for example, are evolving their records management processes, making them more efficient and secure with the use of digitisation. In the financial services sector, the driver for digitisation has been a desire to improve customer service and satisfaction levels. Banks are able to reduce waiting times for their customers and speed up issue resolution by making information available faster.

Off the back of this trend, all organisations, regardless of industry or sector, have had to recognise that digitisation is not just a one-step process but requires a change in how their information management policies are operated and implemented. It has become increasingly important for businesses to think about their chain of custody – how information is created, stored and then, how it is ultimately destroyed securely (regardless of whether it’s a piece of paper or digital image). They need visibility of where the information resides at any given moment and who last touched it.

Are there any trends in the market today?

Businesses are no longer talking to us just about storing paper records securely, but instead are requesting help and assistance about how they manage their information from cradle to grave. There is a huge demand on individuals and organisations with respect to the amount of data they have – be it paper, images or backup tapes- and they need to know how to pull it all together in a coherent strategy. Few organisations have the time or in-house expertise to manage this on their own and it is here that third-party providers of information management services can really begin to add value.

What are your predictions for the future?

All sectors, without exception, have come under pressure regarding compliance and security of information – recent breaches and the introduction of significant fines from the FSA and ICO respectively have acted as a wake-up call for organisations to consider what they need to do to remain compliant in a changing and increasingly complex regulatory landscape. I believe that the immediate future will see greater intervention from these authoritative bodies. Compliance and fear of brand damage, however, are not going to be the key drivers, we will see a shift towards responsibility and information advantage – a desire to protect customer information while extracting greater business benefit from the information they hold. Organisations will see good information management practice as part of doing the right thing by their customers and the bottom line.

As a consequence of this shift, we will see the person or persons responsible for how an organisation manages its information and data moving up the corporate structure to a senior level, indeed we are already seeing this. An awareness of the significance of information management is vital to a business. All other areas of a business, be it accounts or sales, have the power to take down a business if their department is not managed well, and the area of information and records management is no different. In fact, research states that 43% of businesses would not recover from a catastrophic data breach.

A decade ago, many heralded the coming of the paperless office. This has not and will not come to pass and it is clear that we will not go paper-free in the immediate or mid-term. The way to think about it now is “paper-light” not “paperless”. Most businesses are going to end up with a hybrid model that means that paper and digital archives will coexist comfortably. Organisations will become accustomed to a hybrid, “paper light” approach, but paper will never vanish. This will drive the behaviour and systems that organisations have to work with when it comes to handling data.

As with any type of change, there will always be an element of heel dragging. Every industry has a long-standing relationship with paper, so the offer of an alternative is often met with resistance. Paper is, after all, in our cultural DNA. However, a combination of forward-thinking entrepreneurs and technology -savvy young managers coming into the workplace will drive cultural change and see greater take up of a blended paper-digital informational environment. Essentially, business will remain about getting more money out than you put in, and keeping up with technology, including digitisation, is becoming increasingly vital to not only survive, but to prosper

Tags: ,

Read and Discuss
LINK
,

Is it time for IT leaders to wake up to the threat of a non-digital data breach?

By Christian Toon | Posted November 30, 2011 | 0

This post was first published online by Computer Business Review. It is reproduced here with the kind permission of the Editor.

Data protection is a hot topic at the moment, but are companies ignoring the risks of paper-based breaches?

It’s a fact of life that people make mistakes. We are all unavoidably imperfect and, therefore, entirely susceptible to forgetfulness and error. Perhaps you forgot to set your alarm clock, spilled coffee on a colleague’s suit – or even left your work papers in a café or bar in your hurry to catch the train home.

It is not entirely surprising then that recent statistics from the Information Commissioner have revealed that data breaches in the private sector rose by 58% in the last year. The ICO says that it is satisfied with its progress in raising awareness around data security; but that public confidence in a business’ ability to keep data secure has fallen.

According to research released for National Fraud Prevention Week 2011, a staggering 96% of customers are not confident that firms are taking sufficient action to protect them against security risks and fraud.

The research, by Fellowes Europe, also revealed that only around half (52%) of businesses have policies in place to protect the identity of individuals who have presented their personal details.

A mistake in accounting costs money. A careless social media post or email can cost a company its reputation. A data breach could cost you both.

Common sense alone suggests that company-wide responsibility for data protection should therefore be concentrated in the hands of those with a good overview of all the information moving in, out and around the business.

This includes the paper. However, recent research carried out on behalf of the British Security Industry Association revealed that in more than a third of cases (38%) it is the IT manager who takes the lead in ensuring compliance with the Data Protection Act.

IT managers are highly skilled in co-ordinating and protecting digital files, but handling and managing paper documents often falls outside their area of expertise. This is hardly surprising. It follows that IT managers often feel overwhelmed and stressed by the burden of managing information.

A good way forward is to introduce a blended digital/paper approach, led by IT, and implemented in collaboration with departments that regularly handle paper-based data – such as HR, sales and finance. This should be actively and visibly supported by senior management. Training is essential: every employee who comes into contact with potentially sensitive data should be aware of the implications involved if this information were to fall into the wrong hands.

It’s crucially important that information security policies are introduced across the business as a whole. For paper documents, this could include restrictions on removing data from company premises (for example taking sensitive paper documents home or printing work emails from a home PC) and standard procedures for filing and storing paper records at the end of a working day.

Busy IT departments might want to consider using a reputable, legally complaint third party to securely remove, archive and, when appropriate, the secure shredding of paper documents for the business.

Making data protection an integral part of the daily routine of a business is one of the most effective ways of preventing a serious data breach. Placing the responsibility solely onto the shoulders of the IT department is unfair without the back-up and support of other departments.

Despite the best efforts in the world, there is little IT managers can do on their own to stop a member of the HR team printing off an email containing sensitive customer information, taking it home, and then disposing of it in the kitchen bin.

Effective document management is integral to customer trust and the survival and prosperity of your business. It is vitally important in these increasingly digital times that paper is protected too.

Tags: ,

Read and Discuss
LINK
,

World Paper Free Day: Let’s get paper efficient

By Phil Greenwood | Posted October 26, 2011 | 0

World Paper Free Day has returned this October reminding us that, despite an increased awareness of the damage caused by excessive paper production, business paper use is still on the rise across the world.

This infographic highlights the key figures showing increased paper use and invites the audience to rethink their companies recycling practices. How many trees could they save?

As a change in attitude is crucial to facilitate improvements, Iron Mountain has surveyed businesses to understand their attitudes to recycling and moving paper out of the office environment through digitising and off-site storage and secure shredding. The infographic contains some key figures to show the range of opinions across Europe.

Finally, it highlights the steps that businesses can take both on an individual and organisational level, to improve, from scanning and digitising their archive to securely shredding documents no longer needed.

”Paper

Related Links:

Tags: , , , ,

Read and Discuss
LINK
Next »