Last week, The Guardian reported that the Metropolitan Police’s Central e-Crime Unit (PCeU) had saved the UK economy £140m in the previous six months by cutting illegal trade and online practices – including preventing data loss through cyber crime.
Although it’s heartening to see that the Met’s e-crime team is likely to exceed its targets for the year, figures like this leave me wondering why so many organisations view information security as a burden to the bottom line, an additional cost that must be absorbed under infrastructure spending. It’s time for this perception to change.
There’s more to information security than in-bound threat detection; it’s about the values and benefits beyond it, some of which aren’t always immediately obvious if all you’re looking at is bottom line cost. Consider the following:
Your organisation’s ability to comply with increasingly stringent data privacy legislation doesn’t only affect internal policy, but also has a knock-on effect on your ability to trade and partner with businesses in other jurisdictions.
Our recent WorkLifeWeb research revealed that a significant number of businesses felt security concerns were hindering their adoption of new, collaborative technologies. Social media opportunities are a poster child for this: Security fears mean an increased number of businesses are blocking staff use of these services, even as management says it plans to invest more on social media in the coming year. With the right software and policies in place, social media doesn’t have to be a workplace dilemma – you can give staff the kind of access they need without having to worry about security.
You’ve got policy, you’re just not enforcing it. The really surprising thing about many of the recent, high-profile data breaches hasn’t been the fines, it’s been the fact that many of the organisations in question actually had data protection policies in place – they simply failed to enforce them. A comprehensive data protection policy is only as good as you organisation’s willingness and capacity to ensure it’s adhered to. You spent time and money developing your policies, why aren’t you extracting the value from your investment?
It’s time to view information security as an investment rather than a cost. The technology’s there: encryption, Data Loss Prevention (DLP), email and web gateways, anti malware protection...educate yourself and your employees and you’ll soon get a clear view beyond the bottom line.
Nick Peart
No comments:
Post a Comment