Government research published earlier this month found that two-thirds of large businesses had been hit by a cyber breach or cyber attack in the last year. Security has now become a strategic risk management issue and needs Board level support.
Mobile working means that the nature of security has also changed. It’s no longer about protecting the network perimeter but about protecting business data, which is regularly accessed from, stored and sent outside the organisation. We suggest a four step process to develop an effective data security strategy:
- Work out and define what level of security controls your organisation requires. You will almost certainly need a policy and some controls. You need to ensure that these controls and enforcement are commensurate with the value of the data being protected and the level of risk.
- Assess the organisation’s data management strategy. Through assessment and gap analysis of current storage infrastructure, data management tools, processes and service delivery objectives, a long term data management strategy can be rationalised with other strategic data centre initiatives.
- Review IT governance: examine IT management processes, regulatory culture and best practice in terms of data value and security.
- Develop a business continuity and disaster recovery strategy: review the existing business continuity and IT service disaster recovery strategies and update them as appropriate to ensure that true data protection and security are maintained.
Finally, however much you spend on security, you will not be successful unless your employees follow security procedures. You need to define a clear security policy and obtain employee buy-in and commitment. Users need to understand why security is important, their role in maintaining it and the consequences of getting it wrong. They are much more likely to comply if they understand the risks rather than seeing security as a set of annoying rules which prevent them working as they wish.
For more comprehensive advice on how to develop your data security strategy you can download our Data Security White Paper
How Secure is your Critical Business Data?.