Information access and insight are the business enablers of our time. Giving the right people access to the right information is key to driving business value. But it’s not easy. Let’s be perfectly clear: managing how information flows in and out of today’s businesses is hard and the complexity of managing vast estates of legacy information in different formats, possibly across multiple sites is a complex challenge. And with complexity comes risk. Consequently, the responsibility for keeping key information assets secure and still providing access is huge. The very top of the business may not show great interest in the role of the records manager or the IT person responsible for keeping data secure. But when things do go wrong and the business is attracting adverse media interest, they are going to sit up, take notice and find someone to hold accountable.
Recognising risk mitigation
Despite the complexity, value and potential business (and personal) risk involved in managing ever-growing estates of digital and paper archives, the records and data management team – or, more likely, the individual charged with the task – go about their work with little recognition of how important they are on the front line of information risk mitigation.
Threats from every direction
Our research (you can download the research report here) shows that businesses worry about external threats to information. According to recent research undertaken in conjunction with PwC, one third of business leaders (34%) admit to being concerned about malicious attacks and hackers. Handing over information to third parties for storage is also a worry for 22% of those surveyed – an indication that businesses need relations ships with trusted third parties that bring the right levels of security and expertise to get the job done well.
The risk from within
When it comes to the internal threats, remote workers, ex-employees and the security of temporary and contract staff are of concern for business leaders. Add to this the relatively new threat to information management posed by social media and cloud storage and this all amounts to a significant challenge for our unsung information heroes tasked with managing it.
The perils of paper
The risk posed by information stored on paper was highlighted in our recent PwC research as a major information concern – in fact it was the major concern. This seemed strange at first, but think about it. Many businesses have been storing vast legacy archives of information. What started off as a simple filing system grew out of control. Mergers and acquisitions may have played a role. The business may now be looking to digitise the archive but may have no idea where to start. Asking people what they have, where it is and how to find it when they need it is a significant problem when the paper archive is no longer manageable.
To make matter worse, paper is easy to move, share and lose. Businesses shouldn’t only be concerned with the paper that people lose, leave on a train or dispose of insecurely; it’s the information that employees leave in plain sight that can also have consequences. In the political satire series, The Thick of It, former minister Nicola Murray found to her cost just how problematic stray paper can be when journalists inadvertently get a glimpse of some embarrassing meeting notes she is carrying under her arm. This is an example from fiction but there are many real-world examples out there.
From risk to resolution
Paper is vulnerable, easy to transport, quickly lost, over-retained (just in case) and very hard to control. Its risk profile make it a key business concern and, at the same time, an asset that requires businesses to work with the right partners, build teams that can tackle information risk and ensure that a business-wide culture of information responsibility is promoted at every level. Every employee should be part of the defensive line against information risk.