The unsung hero on the #infosec front line

By: In: Information Risk On: Oct 23, 2014
The unsung hero on the #infosec front line

Information access and insight are the business enablers of our time. Giving the right people access to the right information is key to driving business value. But it’s not easy. Let’s be perfectly clear: managing how information flows in and out of today’s businesses is hard and the complexity of managing vast estates of legacy information in different formats, possibly across multiple sites is a complex challenge. And with complexity comes risk. Consequently, the responsibility for keeping key information assets secure and still providing access is huge. The very top of the business may not show great interest in the role of the records manager or the IT person responsible for keeping data secure. But when things do go wrong and the business is attracting adverse media interest, they are going to sit up, take notice and find someone to hold accountable.

Recognising risk mitigation

Despite the complexity, value and potential business (and personal) risk involved in managing ever-growing estates of digital and paper archives, the records and data management team – or, more likely, the individual charged with the task – go about their work with little recognition of how important they are on the front line of information risk mitigation.

Threats from every direction

Our research (you can download the research report here) shows that businesses worry about external threats to information. According to recent research undertaken in conjunction with PwC, one third of business leaders (34%) admit to being concerned about malicious attacks and hackers. Handing over information to third parties for storage is also a worry for 22% of those surveyed – an indication that businesses need relations ships with trusted third parties that bring  the right levels of security and expertise to get the job done well.

The risk from within

When it comes to the internal threats, remote workers, ex-employees and the security of temporary and contract staff are of concern for business leaders. Add to this the relatively new threat to information management posed by social media and cloud storage and this all amounts to a significant challenge for our unsung information heroes tasked with managing it.

The perils of paper

The risk posed by information stored on paper was highlighted in our recent PwC research as a major information concern – in fact it was the major concern. This seemed strange at first, but think about it. Many businesses have been storing vast legacy archives of information. What started off as a simple filing system grew out of control. Mergers and acquisitions may have played a role. The business may now be looking to digitise the archive but may have no idea where to start. Asking people what they have, where it is and how to find it when they need it is a significant problem when the paper archive is no longer manageable.

To make matter worse, paper is easy to move, share and lose. Businesses shouldn’t only be concerned with the paper that people lose, leave on a train or dispose of insecurely; it’s the information that employees leave in plain sight that can also have consequences. In the political satire series, The Thick of It, former minister Nicola Murray found to her cost just how problematic stray paper can be when journalists inadvertently get a glimpse of some embarrassing meeting notes she is carrying under her arm. This is an example from fiction but there are many real-world examples out there.

From risk to resolution

Paper is vulnerable, easy to transport, quickly lost, over-retained (just in case) and very hard to control. Its risk profile make it a key business concern and, at the same time, an asset that requires businesses to work with the right partners, build teams that can tackle information risk and ensure that a business-wide culture of information responsibility is promoted at every level. Every employee should be part of the defensive line against information risk.

Download the PwC Information Risk Index Reports.

← World Paper Free Day INFOGRAPHIC | Paper the top infosec concern for many businesses Are you running fast enough to beat information risk? →

Leave A Comment

About the author

Phil Greenwood

Phil Greenwood is Country Managing Director & Commercial Director at Iron Mountain responsible for delivering information and records management solutions into the UK's largest Public, Private and NHS customers. Phil directs and runs specialist sector teams aligned to the sector specific requirements of Iron Mountain's clients. These requirements demand innovative solutions that deliver compliance and governance as well as efficiency and cost cutting in order to transform business results and improve the way organisations use their information. Phil has over 10 years' experience working with UK and International records management. He is involved with the UK Information and Records Management Society. Phil has worked within service delivery and customer facing roles, as well as in general management roles within the outsourcing and information management industries. Legally qualified, Phil has also spent time as a fee earner within law firms and has a strong understanding of the way that information and services drive the core business of client organisations.