2014 saw some major data stories hit the headlines, with global firms such as Sony, eBay and the European Central Bank suffering very public data breaches. The CEO of Target even lost his job as a result of the breaches his firm suffered. We’re only a few months into 2015 and we’ve already seen US healthcare provider Anthem announce that it suffered a breach that could affect up to 80 million of its customers. There has been a high profile response to the Anthem breach, demonstrating how one incident can put a business at the centre of a massive media storm. For anyone on the board of a company, this is a complex situation to be in. Before you even consider the potential £500,000 fine the Information Commissioner’s Office can impose for a data breach, the public perception and business impact can be equally concerning. Whatever your business, your customers want to know that their personal information is in safe hands, and will think twice about entrusting it to companies that don’t have a good track record in this field.
However, while data breaches themselves should obviously be a board-level concern, it’s becoming increasingly important to look at the broader impact they can have. When a company or a competitor suffers a breach, often the first priority is to review how the overall business handles its data. However, the danger here is that a knee jerk reaction can result in draconian policies being implemented, severely curtailing employee use of data. In this scenario, the entire workforce can lose data flexibility, and this could impact productivity. This can range from being unable to access critical information through mobile devices, to making it impossible for employees to work anywhere other than directly in the office.
At the same time, a hasty reaction to a data breach could potentially have a negative impact on employee morale. Suddenly telling employees they can’t read digital files outside of the office, or are only able to work from home through approved devices can result in a lot of uncertainty. It’s this kind of atmosphere, where no-one knows what they can or can’t do with company data, which can result in further mistakes being made.
It is becoming increasingly clear that board level and senior management teams need to be aware of the dangers of positioning data as the bad guy. Change can only come from having a more data-led approach to business, not just at management level but throughout the company. From praising teams that have shown good data-centric initiatives, to equipping employees with the tools they need to embrace flexible and mobile working strategies, there is a lot the board can do to dispel the common fears surrounding data. However, that doesn’t mean the risks should be ignored – they just need to be managed properly.
There are a number of ways that this can be done, but it essentially boils down to three elements. The first is policy, which sets out how data and devices can be used, and allows your employees to clearly see when they’ve breached the policy. The second part of this is training and education to address one of the common causes of a breach – the human element. This training has to be engaging, relevant and tailored to the jobs people are doing for it to be truly effective. The third and final step is the technology that you use to protect the business if and when a data breach occurs. The key thing here is being able to prove that all compliance processes have been adhered to, and to securely track and disable any device involved in the breach.
Ultimately, a business’s attitude to data needs to be set from the top. A company culture that is scared of data and isn’t prepared to embrace a modern way of working will always lag behind its more forward thinking competitors. This information, in all of its forms, is one of the most powerful assets an organisation has. An intelligent, flexible and secure approach to information management will ensure businesses can make the most of its data, and guard against potential risks.