Information security isn’t something that’s just nice to have. It’s a business imperative. In a previous post, we looked at some of the catastrophic consequences of failing to address this critical issue. Now we’ll identify six steps you can take to develop a coherent strategy that minimises your information risk.
1. Share the responsibility
Information management should be the responsibility of everyone in your organisation. If it becomes the sole responsibility of IT, there’s a danger that the people who create and work with information every day won’t understand the risks connected to it.
2. Know your strengths and weaknesses
Find out where your organisation’s most valuable and most vulnerable information resides. Determine who has access to it. Your data risk assessment should cover the entire business. Look at physical and digital repositories as well as the cloud and mobile devices, and don’t forget your third-party providers.
3. Engage your people
Develop and implement information training so your people are aware of the risks and empowered to change any unsafe behaviours. Communicate regularly to ensure training becomes part of everyday working practices. People leave jobs, and when they do, they often take valuable or sensitive information with them. Put a process in place to protect information and encourage good corporate conduct.
4. Remember paper
Paper is a major threat to data security. Consider investing in a combination of scanning and secure document storage. A hybrid solution can help you take control of your paper records. Iron Mountain’s expertise and resources have stood the test of time and may be right for your organisation.
5. Measure and measure again
To be meaningful, change must be measured. Define your key performance indicators, and establish reporting metrics. Ensure your people are aware of the measures you’re putting in place by communicating your aims to senior management and offering training to key teams
6. Plan for the worst
What will you do if, despite your precautions, the worst happens? Your business continuity and disaster recovery plans should include a strategy for handling the aftermath of an information breach. How you communicate with your employees, customers and the public will affect the outcome.
Information security is easier to manage with a comprehensive plan in place. Put your risk into perspective. Download the free white paper.