Six Steps to Get Information Security Right

By: In: Risk Management On: Dec 14, 2015
Six Steps to Get Information Security Right

Information security isn’t something that’s just nice to have. It’s a business imperative. In a previous post, we looked at some of the catastrophic consequences of failing to address this critical issue. Now we’ll identify six steps you can take to develop a coherent strategy that minimises your information risk.

1. Share the responsibility

Information management should be the responsibility of everyone in your organisation. If it becomes the sole responsibility of IT, there’s a danger that the people who create and work with information every day won’t understand the risks connected to it.

2. Know your strengths and weaknesses

Find out where your organisation’s most valuable and most vulnerable information resides. Determine who has access to it. Your data risk assessment should cover the entire business. Look at physical and digital repositories as well as the cloud and mobile devices, and don’t forget your third-party providers.

3. Engage your people

Develop and implement information training so your people are aware of the risks and empowered to change any unsafe behaviours. Communicate regularly to ensure training becomes part of everyday working practices. People leave jobs, and when they do, they often take valuable or sensitive information with them. Put a process in place to protect information and encourage good corporate conduct.

4. Remember paper

Paper is a major threat to data security. Consider investing in a combination of scanning and secure document storage. A hybrid solution can help you take control of your paper records. Iron Mountain’s expertise and resources have stood the test of time and may be right for your organisation.

5. Measure and measure again

To be meaningful, change must be measured. Define your key performance indicators, and establish reporting metrics. Ensure your people are aware of the measures you’re putting in place by communicating your aims to senior management and offering training to key teams

6. Plan for the worst

What will you do if, despite your precautions, the worst happens? Your business continuity and disaster recovery plans should include a strategy for handling the aftermath of an information breach. How you communicate with your employees, customers and the public will affect the outcome.

Information security is easier to manage with a comprehensive plan in place. Put your risk into perspective. Download the free white paper.

← In their Own Words: Three Clients Explain Why Technology Escrow is Crucial The Cost of Ignoring Information Risk →

Leave A Comment

About the author

Phil Greenwood

Phil Greenwood is Country Managing Director & Commercial Director at Iron Mountain responsible for delivering information and records management solutions into the UK's largest Public, Private and NHS customers. Phil directs and runs specialist sector teams aligned to the sector specific requirements of Iron Mountain's clients. These requirements demand innovative solutions that deliver compliance and governance as well as efficiency and cost cutting in order to transform business results and improve the way organisations use their information. Phil has over 10 years' experience working with UK and International records management. He is involved with the UK Information and Records Management Society. Phil has worked within service delivery and customer facing roles, as well as in general management roles within the outsourcing and information management industries. Legally qualified, Phil has also spent time as a fee earner within law firms and has a strong understanding of the way that information and services drive the core business of client organisations.