By Dana Simberkoff, Vice President, Risk Management & Compliance, AvePoint.
With privacy breaches and security threats making headlines around the world each day, it’s becoming increasingly obvious to most enterprises that the personal information and sensitive data they hold is an extremely valuable commodity. Whether its personally identifiable information (PII), private health information (PHI), financial data, contract information, research and trade secrets, intellectual property, or contract data (and this list could go on and on), this kind of information has become a new kind of “currency” – and some have even called personal information the new “oil”.
However, shared inappropriately – whether by accident or intentional breach – this disclosure of sensitive data can have dramatic financial impacts on an organization and erode consumer trust. Do you really want to be on the front page of your local business newspaper for losing people’s sensitive information? Of course not. Companies may be subject not only to regulatory fines, censure and potential civil/criminal liability, but also may end up with government auditors reviewing their practices for decades to come. Talk about a lump of coal in your Christmas stocking.
A recent study by Forrester Research found that the highest percentage of data breaches (approximately 38%) are caused by employees simply making mistakes. The good news here is that this should be highly preventable as you look ahead to the New Year. However, as with so many New Year’s Resolutions that are made with good intentions, oftentimes just thinking about “data privacy” is so broad that you don’t know where to start … and therefore don’t ever really begin. It’s like saying you’re going to “lose weight” and you sign up for a gym membership on January 1, only to realize by next December that you went once a month and actually gained 10 pounds. If you don’t break down your goals into specific actions, you’ll never attain them.
I urge you in this coming New Year to latch onto this one action to ensure your enterprise is well on its way to protecting the private data it collects and stores: Set enforceable data security policies that make it easier for end users to do the right thing than the wrong thing.
In other words, break down “data privacy” into attainable goals with proper milestones, monitoring, and accountability in place to ensure you meet them.
What do I mean by this? It’s really easy to make broad statements such as “we do not allow PII data in SharePoint”; it’s like saying that you’re not going to eat cookies on weekdays. However, if you don’t back that up with the ability to enforce this policy or measure your effectiveness, it’s as though you’ve made the declaration without removing the box of cookies in your desk drawer or asking any of your co-workers to make sure you don’t cheat. Without any way to enforce your policy, you’ll be stress-eating chocolate chip cookies on a Tuesday as your company undergoes an inquiry for mistakenly storing PII data in its SharePoint environment. Ensure that your policies for complying with specific statutory and regulatory obligations can be measured, monitored, and enforced.
You can accomplish this by scanning content with out-of-the-box or customised compliance tests that map to the requirements and legislation for privacy by which you must abide, as well as help you subsequently block, delete, quarantine, move, or protect offending content. Instill IT controls and automation that make common sense for end users to do their jobs effectively with the systems and controls you want them to use. Don’t set up policies that are so cumbersome and restrictive that your employees are pushed to work “around IT” to get their jobs done. Make it simple to use the systems you can control in order to achieve your goal of data privacy.
Research shows that only approximately 8 percent of those who set New Year’s Resolutions are actually successful in their pursuit. When it comes to an initiative as serious as data privacy, it’s important you don’t become one of the 92 percent come 2014.