2. Herd valuable data
Many organisations have intellectual property and company records stored inappropriately in ﬁle shares or email attachments. Records managers and end users alike struggle to ﬁnd the time to ensure records are always ﬁled correctly. Information governance technology can locate these records 'in the wild' and move them to controlled repositories with appropriate security, access controls and retention rules. This makes it much harder for anyone to gain unauthorised access, and makes them easier to gain use or value from.
3. Enforce data security
Increasingly strict regulations around data privacy and ﬁnancial information make it imperative to hold personal, ﬁnancial and health details of your employees and customers in the strictest conﬁdence. But even when organisations set up controlled repositories for this information, it regularly escapes, whether through poor policies or employees not following the rules. By conducting regular sweeps of email, ﬁle shares and other unprotected systems, organisations can quickly locate and remediate unprotected private data. High-risk data should then be protected with appropriate encryption and access controls.
4. Maintain appropriate access controls
Organisations should apply policies to ensure the only staff members who have access to important data are those who need it to do their jobs. It is also essential to regularly audit access controls on important systems and employees' security proﬁles to ensure the policy theory matches reality.
A change of mind-set
Through these efforts organisations can minimise the opportunities for malicious or accidental breaches of important information. If you know where your data is, you can respond efﬁciently to breaches by ﬁrst targeting the high-risk storage locations. This in turn means you can close information security gaps quickly before they can be exploited again.
[i] Ponemon Institute, 2013 Fourth Annual Cost of Cyber Crime Study: Global, October 2013, www.hpenterprisesecurity.com/ponemon-2013-cost-of-cyber-crime-study-reports This survey of 234 organisations in six countries found the mean annual cost for cybercrime incidents was $7.2 million per organisation, with the average attack taking 27 days to resolve.
Sign up for CIO Asia eNewsletters.