Another week, another high-profile security breach. Yet for every organisation that makes headlines, many others are dealing less publicly with the fallout of experiencing an attack on their systems. In fact, according to an Experian study, around half of all businesses suffered at least one data security breach in 2014.
Fortunately for most organisations, they lack the tabloid fodder elements that have Ashley Madison making headlines around the world. Still, even if your business is unlikely to catch the mainstream media’s attention, privacy and data security issues can have serious impact on your reputation. Your customers, staff and suppliers entrust sensitive information to you. Losing that trust can be catastrophic.
From a technology perspective, data security is primarily about minimising risk. Many vendors are integrating enhanced security features into their products, which is a positive step. Making sure that there are no gaps, and that everything is correctly established, is another matter. That, in itself, is a good reason to have regularly scheduled security audits, preferably by independent specialists.
While for some, an external security audit is a matter of compliance, or a requirement built into an IT plan, it can be an excellent opportunity to see your environment through fresh eyes. After all, your security specialist isn’t the person who has just spent the previous evening wrangling with storage provisioning or cloud contracts.
The IT team has a role beyond the data centre though. Given that users, whether inadvertently or not, are among the most common causes of security breaches, education and policy are equally vital.This means initiating some important discussions with human resources and legal department colleagues.
When the worst happens, the way a breach is communicated to staff, customers and suppliers can be the difference between managing a crisis and digging a deeper hole. Unless you’re a technology business, chances are your spokespeople and public relations manager spend little time thinking about IT security. Now might be a good time to talk with them about how data breaches could be dealt with publicly.
Organisations can survive data security breaches, but they are costly, both in reputation and in dollars. A surprising number of organisations consider it to be purely the role of the IT team to prevent breaches, and many have limited awareness or the risks they face every day. By raising data security beyond the data centre, you could just save the day in your organisation.