Reported data breaches affect everything from brand reputation to the bottom line. IT managers and staff are often wrongly held responsible for other colleagues’ gaffes. The UK government and the EU are expected to issue much tougher reporting and compliance guidelines in January next year and will demand proof of encryption. IT managers, information security and compliance officers should gen up now to avoid being the fall guy.
Data breach gaffes
The kind of gaffes that the Information Commissioner is determined to sniff out are typically well-intentioned bungles:
• Emailing data to a home email address, so you can work on a document to meet a deadline
• Copying data onto a USB drive
• Sending out the wrong information in response to a Freedom of Information request
• Emailing requested information to the wrong person
Unfortunately, data security is often mistakenly seen as the sole responsibility of you and your department. You technically secure all data that comes into the organisation and that’s where the responsibility ends, right? Wrong; you are the custodian and you need to get the business involved and to appoint data owners. There’s a new acronym going around for this role - information asset owner. Certainly, colleagues will tend to sit up and pay attention if the buck stops with them when their data goes adrift.
Tip: Call a meeting with the top brass and ask for data in order to protest company’s reputation and bottom line.
Compliance and governance can be a thankless task, especially in a recession when money is short. Because your work does not lead to any business outcomes, you may be denied the resources you need to train staff and comply with the Data Protection Act. Your job is viewed as back office and even a bit of a backwater. However your role will turn from backwater to big attention for all the wrong reasons if there’s a serious data breach, especially if this is picked up by the media.
Tip: Put data requests through the customer complaints department, that way there will be a procedure and audit log.
Information security officers
The complex task of managing network defence, reporting and compliance falls to information security officers. You have the high octane job of thwarting the global hacking culture, which has morphed from the lone individual seeking status and notoriety to sophisticated cyber gangs. Plus you have to appease business demand for ‘anytime, anywhere’ access and the proliferation of mobile devices, from laptops and notebooks to tablets and smart phones. Adopting open industry standard of Trusted Computing for devices and drives will bring them into a proven and trusted management system at the network layer.
Tip: Use embedded security chip – the Trusted Platform Module (TPM) and self encrypting drives (SEDs) and ensure emails are protected by approval systems.
Search and apply for information security jobs, IT manager jobs and compliance jobs