They are both the Pandora's Box and Holy Grail of electronic business. How to establish online security and trust for customers, suppliers and the wider digital community?
Gareth Neal from IT Governance discusses the awkward questions at E RADAR's recent Trust in Mobile Enterprise Summit.
In today's online economy, people, processes, technology and information are all interlinked together. So how we establish trust and security across the cyber world is a business issue - never just an information and communication technology issue. This fact requires entrepreneurs, boardroom decision makers and established business owners to manage the way online technologies impact upon their respective organisations. Growing identity theft, the misuse of personal data, and online fraud can all damage business reputation, lead to regulatory fines, and might actually shut down the business itself.
At very worst, someone could die as a result of an information governance failure. Think of the ambulance driver being sent to the wrong address because someone has hacked into the emergency services IT system!
Business leaders should design out an IT security to countenance many of the business threats: 'Acts of God' and accidents, disgruntles current and past employees, competitors intent on espionage and sabotage, litigants, The Press sniffing out a story, hackers, cyber criminals, even rogue governments, terrorists and political organisations.
Gareth Neal looked at a range of options for businesses in how they should approach security and trust.
- It is important to identify what data your business processes, where, in what format, and by whom
- Data should be categorised in terms of its sensitivity/ critical importance
- Data and data processing environments/systems should be risk assessed
- Controls should be put in place to manage data security risks
- Authorisation for new processing/working arrangements is important
- Training staff is essential
- Continual improvement, which includes internal audits is crucial to ensure good data security management