You’ve taken steps to ensure the security of your network. You’ve taken steps to secure devices including desktops, servers and mobile phones. You’ve even implemented software to manage and secure your content. Yet, you’re still not secure.
We’ve all heard that a chain is only as strong as its weakest link. Whether physical or intangible, the same can certainly be said for security. Today’s businesses spend an extraordinary amount of time, energy and money dealing with physical, network and information security. In fact, a recent study by Deloitte and the Financial Services Information Sharing and Analysis Center found that financial services companies on average spend 10% of their IT budgets on cybersecurity. That’s approximately 0.2% to 0.9% of company revenue or $1,300 to $3,000 spent per full time employee. Other industry sectors are not far behind. So, with all this spending, why is securing information in particular a continued problem for business?
There is no doubt that businesses are aggressively addressing this challenge. With new privacy regulations seemingly emerging daily businesses have embarked upon a continual review of their existing security practices and undergone significant changes in technology infrastructure and policy to thwart malicious intrusion into networks, set information access controls and actively monitor activities both within and outside their organizations. We are all familiar with the security controls being applied to network infrastructure whether it be port management, protocol utilization, or multi-factor authentication. Similarly, companies are taking a more proactive approach to securing their content. Whether through cloud content management software, which provides for detailed security controls and governance down to individual pieces of content or products that provide security for inbound and outbound email transmission, business is certainly taking security seriously.
And it’s no wonder when one considers the potential financial risks to breaches of security. For example, the GDPR regulations that went into effect in Europe in May 2018 include fines of up to 4% of revenue for specific types of breaches. The Ponemon Institute estimates that there is a 27% probability that a U.S. company will experience a breach in the next 24 months that costs them between $1.1M and $3.8M. These types of numbers are staggering, and this doesn’t even include the damage to a company’s reputation in cases where a breach results in lost customer data.
So, thinking of information security, we really need to ask the question, “Are we safe?” From my experience in the computer and office technology industries over the last 30 years, I would say we’re not. This doesn’t take away from the significant strides business has made in this area; it’s only an assessment that points out the fact that there is still more to do.
Apart from email, which remains the most significant security threat vector for any business, today’s businesses are generally safe against most types of outside intrusion, albeit need to remain vigilant. It’s inside breaches that are the most serious and the most challenging to fight. This is particularly true with so many employees now working from home and with inside breaches coming in multiple forms. They can come from disgruntled employees or the unwitting leaker who may not even realize they are putting corporate information at risk. Guarding against this is very challenging, but there are ways.
By establishing content management and retention policies, locking down access to external cloud storage services, limiting the use of USB keys and establishing rules and technology related to external collaboration, even these risks can be minimized. Let’s say that your organization has taken all of these steps. Survey 100 IT professionals and ask the question, “Even with this, are you safe?” Survey says … NO. You might think that after all this effort in securing your network, physical access and content (including email) that you’ve completely mitigated your risk. But what about the paper? You print things, don’t you? Yes, print — one of the often-overlooked risks related to information security. So many businesses make the investment to manage, secure and govern their content, but they neglect to deal with one of the easiest ways for information to leak, the printer.
How can you prevent documents from being printed and walking out the front door? This can be challenging, however, there are technologies available today that will help to audit what is being printed, faxed or scanned. Many customers have not invested in these technologies, but they do provide a means of establishing a deterrent against information leakage and they do provide an audit trail so that leaks can be tracked and identified back to the source.
As these technologies have matured, there are some that also use keywords as a means of preventing documents from being processed altogether. With artificial intelligence and machine learning, there is little doubt that these capabilities will improve, and these solutions will do an even better job of catching content before it can be created in the physical world and walk out the front door.
There will always be nefarious characters looking to cause trouble as well as the unwitting leakers we find in every organization. With today’s technologies and the innovation entering the office the future for security and information security in particular looks quite bright.
Dennis Amorosano is the president and founder of Dendog Strategy Insights LLC, a management consulting firm focused on strategic planning, new business development and go to market execution. Providing services in the areas of strategic business planning/execution, new business development, content creation/marketing automation and technology sourcing support, Dendog Strategy Insights brings 30 years of technology marketing, sales, product planning, software engineering, and professional service experience to help clients implement strategies that yield success.