Developing a Risk Aware Culture for Data Security

The digital data security risk landscape is evolving as rapidly as technology is. While it’s impossible to predict what new technologies will emerge and when, organisations can still be ready for them. How? With a proactive, partner-focused approach to risk management, organisations can create the kind of risk aware culture that will guide them through these challenging times with compliant and sustainable data security practices.

Andrew Brown, UK Head of Business Development, explored this topic in his recent plenary speaker session at Whitehall Media’s Enterprise Security and Risk Management in London. He noted that, “In an ideal world, strong leadership and an enabled staff can combine to create an engaged culture focused on data security awareness. With management setting rules and leading by example, employees can confidently combine their experience and judgement to make the correct risk management decisions as situations arise”. Getting to this point ­ where data security risk is constantly controlled and reviewed – is not impossible. But it does seem to be an uphill battle for many organisations.

Andrew cited a recent HM Government Technical Report which states that 33 percent of UK organisations feel responsibility for ensuring data protection is unclear and over one-third of respondents said they haven’t briefed their board on security risks in the past year- or ever. What is one result of this? Data breaches. The number of UK data breaches rose again in 2015, with 90 percent of large organisations reporting they were affected. Three-quarters of these breaches were related to human error, a troubling consequence when organisations aren’t risk aware in regards to data protection.

In order to decrease these numbers it is important that all staff understand what data exists, where it’s held and how it’s managed. Everyone must understand that unsecured data can lead to identity, intellectual property and trade secret theft or result in regulatory noncompliance. A great data security risk occurs when data-bearing assets reach the end of their usable life. In short, while attention is focused on malicious attacks coming in the front door, who is looking after the back door? Sensitive information becomes vulnerable when computers, mobiles, networking equipment and other IT are disposed of. Hard drives need to be securely wiped by a certified provider who will issue a certificate of data destruction. Then an organisation can be secure in the knowledge that data risk management during IT asset disposition (ITAD) is being handled in a compliant and sustainable manner.

Data security awareness should be part of everyday business within the corporate culture. Staff at every level and in a range of departments should be engaged in and talking about risk so that everyone is enabled to identify existing and potential risks. Once you’re clear about your position in relation to risk, you can analyse, understand and implement actions to control it.

Click here to learn more about ensuring ITAD data security and achieving regulatory compliance.