Grab a Mitt and Get in the Game
“Shopper sues Amazon over Zappos hacking exposure” by Greg Lamm on Wednesday, January 18, 2012.
This is just one of several article or blog headlines I see multiple times daily regarding data breaches. It has literally become a “common” event. The challenge with “common” events is sometimes people become complacent or oblivious to the impacts or opportunities that extend from them; they get the “hasn’t/won’t happen to me” attitude.
I’m sure some of you have seen the Allstate “Mayhem” commercials that do a fantastic job of humorously bringing attention to the everyday accidents that “just happen.” The reality is many of them don’t just happen; they happen because people don’t pay attention or they maliciously do something. They happen because of process breakdowns, or they happen because of the lack or misuse of technology.
Just like the day-to-day “mayhem” we all face, document and data security is subject to the same risks. I would like you to think very carefully about whether you are doing enough, if anything, to reduce the risk of a document or data mayhem event? Do you think you are adequately covered by insurance or something else if there is a catastrophic breakdown in your organization or an organization that you partner with or rely on to serve your market and customers? Reality is that in the majority of cases, the answer is no! If that weren’t the case, you would not see the number of breach articles and blogs you see today, and this number is growing at an alarming pace.
What to do in the face of impending document and data mayhem? First and foremost, start with awareness. It is most likely not a matter of if, but when this issue (if it already hasn’t) will impact you or someone close to you professionally or personally – maybe even one of your most important customers.
No one is immune from this growing epidemic. Ironically, although people and organizations have spent billions of dollars for years on network, malware and virus protection, they are just starting to openly discuss and prioritize this important issue: protecting their most valuable asset, which is information.
From the federal government’s “WikiLeaks” episode to Google’s China breach to Amazon’s most recent Zappos event and the unbelievably fast-growing impact of identity theft, it is an explosion that we are all faced with today.
What has changed in such a short time? With the explosion of integrated environments (servers, desktops, laptops, PDAs, phones, printers, copiers, scanners, software applications and storage environments including the cloud), the risk of breaches has not multiplied; it has grown and is growing exponentially. You’re subject to risk from even the most remote parts of the world that you and our traditional protection agencies have little or no access to. Don’t lull yourself to sleep thinking that is even the biggest threat. The reality is that the number of intentional and unintentional breaches coming from within an organization through employees or one of their partners is growing at just as fast a rate – if not an even faster one.
Hopefully, I have sufficiently scared the heck out of you; however, my real intent in sharing this information was to create awareness – waking some up or expanding the thinking of those who are already awake.
In my first blog here on The Imaging Channel, I would like to leave you with some important thoughts that I, and other domain experts, will bring to the blog in the future.
I am aging myself here: Think back to Clarence Thomas’ appointment to the U.S. Supreme Court. It was an event that changed business and the world in general. (I am not in any way implying my position on the actual case, but rather using it as a milestone that changed how we all do business and behave in the corporate world and even our own personal environments.)
When Thomas was accused of sexual harassment, almost every company or organization reacted to new requirements for discrimination and sexual harassment in the workplace. They all created and implemented new hiring, orientation and continuous training processes and deployed technology to consistently address the issue. The most successful of these organizations realized it was not just these important tactical things that needed to occur, but most importantly, the creation of a zero-tolerance culture beginning at the top of an organization with its boards and executives as well as a proactive approach to and quick and appropriate action taken regarding an event.
Unfortunately, the reality is that discrimination and sexual harassment events still occur even in the most effective environments. The difference is the risk and reputation for those organizations that have taken the proper approach – starting with a culture is that determines the financial, brand and overall valuation – are much more controlled because of their ongoing proactive approach.
When it comes to document and data security, you and your organization need to think the same. Start with the following:
- Create culture, beginning with “the tone at the top.”
- Create “people programs,” beginning with recruiting and continuing with orientation, ongoing training and education, employee evaluations and succession planning.
- Consistently evaluate your processes, starting with identifying and ranking your most important and sensitive information, then looking carefully at the processes surrounding that information.
- Look to deploy and evaluate technologies that effectively protect the information itself – not just the access to your networks and devices, but also the transport as well as the other parts of the document and data life cycle.
In closing, for those of you in the business of managing documents and data not just for yourself, but for customers, look at your own organization first. Are you effectively protecting yours and your customers’ sensitive information? If so, look at this as an opportunity to extend your business models in an area that you are already touching.
Grab a mitt and get in the game!
I look forward to communicating with each of you in the future, providing valuable information and also helping you to consider and build an effective and profitable document and data strategy and practice.
Posted by David Anastasi on 01/24/2012