You’ve done everything you feel is needed to secure your information assets and keep them safe from the prying eyes of hackers, crackers, and the practitioners of corporate espionage. You have access codes, passwords, encryption, and a thousand other tools in place to prevent outsiders from getting at your company secrets. Whether that be software, hardware designs, recipes for your secret sauce, it is protected and safe within your information ecosystem. From a technology perspective, there really isn’t much more you can do, but what about the weakest link in your security system, the human element.
According to AIIM in their Industry Watch titled “Governance and Compliance in 2017: A Real World View“, 10 percent of those polled reported data loss in the previous 12 months due to staff negligence and bad practices”. So I ask the question again, how secure is secure? When you designed and implemented a comprehensive security plan and infrastructure, did you take into consideration the human factor and the possibility that employees may be of great concern even if unknowingly?
As a real world example, let me paint this picture for you. There is a conference, seminar, or networking session taking place that is relevant to your business. Some of your employees are in attendance for the purpose of gaining new knowledge and expanding their industry network. During the course of a casual conversation, it is revealed that your latest project, product, service, or activity within the company is having issues – something that should be kept confidential. It could even be a reference to a new product in development. It may not even be a conversation with outsiders but two individuals from your organization having lunch and discussing these thing. (I have witnessed this first-hand.)
Close by, not intentionally listening but able to hear this discussion is an investor, or the competition who now has some information that could be damaging to your organization and future business. How do you prevent that from happening. Is it due to staff negligence, bad practices, or poor training in the importance of governance in relation to risk.
In my view
Many organizations are focused on the information ecosystem and technologies to prevent information from being hacked by outsiders and leaked by insiders sharing information via email, shared drives, and even from being copied to memory sticks. Many times where it falls short and fails is the human factor. Employees and contractors are shown how to utilize the technologies, but not made aware of the importance to adhere to the governance policies and processes. If they are made aware, is it in the form of a mention that this is important, or through formal training on the policies, processes, and risks related to this information.
Some organizations function like a military operation with security levels assigned, training provided, and consequences in place should the individual fail to adhere to and comply with the governance and security policies. Others have no formal policies in place and leave it to the discretion of the individual as to how the information in-hand should be managed and secured.
There is no reason for businesses to focus solely on the technology side and believe the human factor will be taken care of as part of technology implementation. The only way to manage that is begin with providing formal education about governance, security, and risk related to corporate information assets. How secure is secure? That is up to you to decide and take action the strengthen the security chain.
Bob Larrivee is President and Founder of Bob Larrivee Consultancy, and a recognized expert in the application of advanced technologies and process improvement to solve business problems and enhance business operations. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.