Current Filter: Network>>>>>Feature>

   

The increase in corporate mobile device use, fuelled by better technology and trends like Bring Your Own Device and enterprise focused apps, means there are many more ways in which a business can lose its data. Whether caused by employee mistakes, malicious theft or the sale of confidential information, the result may lead to misery.

As a result, Governance, Risk Management and Compliance (GRC) are among the biggest issues facing organisations of all sizes. Unfortunately, it has yet to find appropriate billing on agendas in boardrooms across the country, which is a big problem.

To be clear, according to the Data Protection Act 1998, when a business loses personal data the Information Commissioner's Office (ICO) has the power to fine it up to £500,000. Breach of the act can also constitute a criminal offence, meaning in extreme cases that individuals can be sent to prison, without passing Go.

What makes this an even bigger issue is that personal data has such a wide definition, because any information that can be used to identify an individual is by definition, personal. As a result organisations need to structure around three important initiatives. Using a structured and holistic approach based on the following three points, data can be kept secure, compliance assured and breaches of data protection regulation, and the resulting fines, avoided.

Implement policy - A clear data and device policy that is communicated to employees and other users is essential. It must provide clarity on data classification and the distinct data classification protocols. These must not be written in overly legal or technical language, but rather in a tone that everyone will understand. That way, all stakeholders can be kept fully aware on what they're allowed to do with their devices. Having a good policy in place ensures it is clear when employees have breached that policy and removes grey areas.

Train and educate users - The human factor is often the weakest link in data security, which is why it's so important that users are adequately trained and educated to avoid security slip-ups. It's vital to be able to demonstrate the impact that poor data security practices can have on everyone, making sure that they understand the importance of their full support. However, it's not as simple as publishing a list of rules or downloading a training package. Data security best practices need to be engaging, relevant and tailored to the jobs people are doing.

Deploy a technology solution - Despite setting out a cohesive device policy and thoroughly educating staff, there is a vital third element. Humans will break the rules, both accidentally and purposefully. This is why it's so important to have an underlying technology solution which can protect the business in the event of a data breach.

Businesses need to be able to persistently track, manage and secure all devices used at work, as well as the data they store. Most importantly this solution should allow the organisation to prove that compliance processes are being properly enforced and fully observed.

Essentially, GRC needs to be put on everyone's agenda. With the threats of fines, reputational damage and criminal prosecution, GRC has to be a boardroom issue. With new EU data regulation coming into force in 2017 this is becoming more urgent. Early preparation will ensure that the new laws are less of a challenge.

Business mobility can have countless business benefits, but it must be managed properly to counter risk and comply with regulation. If a breach should occur, the organisation may avoid sanctions if it can prove that it did everything it reasonably could, in terms of policy, training and technology, to prevent the breach.