Did you know the greatest threat to information governance and security is your own employees?
The 2015 Data Breach Forecast by Experian found that employees were the main cause of about 60% of security incidents. Although this type of breach doesn’t make the news in the same way that outside hackers do, the threat of malicious insiders, unauthorized use of cloud services and tools, or negligence of employees not knowing or following policies already in place must be taken seriously. The need for education and training in the workforce for applying practices consistently is evident.
Information is a business asset that is important across all functions of an enterprise as not only can the information lifecycle cross functions, but each function manages their own information with their own lifecycles. Coordination among departments allows an organization to make effective use of all of its information, regardless of ownership, particularly in this era of Big Data.
What are four ways to keep your workforce thinking wisely when it comes to information or data governance expectations – and practices?
Bring Your Own Common Sense
Bring Your Own Device (BYOD) allows employees to work and access enterprise data and systems using their own mobile devices such as laptops, tablets, and smartphones. BYOD has gained popularity in recent years as a way for IT departments to keep up with constant changes in technology and employees who increasingly want to work and access company information on their personal devices.
However, without formal policies and procedures in place, BYOD can be major security risk resulting in external and internal data breaches, lead to non-compliance during litigation or regulatory action, and threaten an enterprise’s critical systems and sensitive data. BYOD results in employees creating and using electronically stored information (ESI) on their personal devices that may be subject to electronic discovery (eDiscovery) in the event of a lawsuit.
According to the Cloud Usage: Risks and Opportunities Survey Report by the Cloud Security Alliance a quarter of respondents don’t have security policies or procedures in place to deal with data security in the cloud. Cloud security architecture is effective only if the correct defensive implementations are in place.
There need different types of cloud security controls such as Deterrent, Preventative, Detective, and Corrective controls in order to reduce the efficacy of attacks and defend weaknesses in the system.
Why? Cloud infrastructure must be governed and there should be audits for compliance to make sure the policies put in place are enforced and processes and tools are working as planned. These policies will also need to be updated regularly with the adoption of new technologies such as the Internet of Things (IoT).
Additionally, it’s imperative to make sure your team is aware of the many information security concerns relating to personnel associated with cloud services such as security screening of potential recruits, security awareness and training programs, proactive security monitoring and supervision, disciplinary procedures, contractual obligations part of employment contracts, service level agreements, and codes of conduct.
Communication Fosters Governance
Information Governance brings together the functional areas of Information Governance (IG) such as IT, Legal, Records & Information Management, Privacy, Information Security, and Compliance which often intersect. An organization that ensures the facets of IG across an enterprise are coordinated and working together by fostering communication between stakeholders to achieve the common goal of gaining value from information while also balancing risk is doing great things to protect governance.
The catch?< Effective information governance needs a leader who can own the information problem, coordinate information-related functions, and balance and prioritize the costs and value of information. Enter the Chief Information Governance Officer (CIGO), a senior executive who oversees gaining value and reducing risks of information across an organization – and serves as the communication conduit for all things information governance.
Social Media Smarts
Social media enables users to collaborate, create, organize, edit, comment on, combine, and share information. This often results in the creation of content that are, in actuality, official business records and need to be captured, managed, classified, retained, and disposed of after their retention periods are complete. If your enterprise already has a digital archives service in place you should be able to archive simple social media records – blogs, YouTube file in open formats – following your Business As Usual processes for digital archiving.
However, with more complex social media records – such as Instant Messaging or Facebook – you may need a technology that can capture, classify, preserve, and manage retention for all types of social media. Some of these include ArchiveSocial, Backupify, Erado, Smarsh, PageFreezer, Gwava, and more. Be sure to do a full assessment to determine which solution is the best fit for your enterprise – and consult experts in social media governance to ensure all you are doing to protect your social media records truly pays off for your organization.
According to Gartner, Information Governance is the specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.
To be on the smart side of information governance best practices and procedures today, progressive enterprises must tap the most crucial component of governance strategy – today’s increasingly digital workforce!
This article was published originally on the Paragon site: