We learned recently that more than half a million pieces of confidential patient data and medical correspondence had been mislaid by the NHS and mistakenly stored in a warehouse for five years.
Apart from the potentially life threatening nature of this incident, which of course makes it all the more serious and appalling, it begs the question for all of us – do you know where your corporate data is?
All organisations now have vast amounts of data, much of it confidential or involving the personal privacy of users and customers. But many of these same organisations are like the NHS and its suppliers – unlikely to be able to say with any confidence that they know where it is stored – on what databases, on what systems, on what hardware, where it physically is located and what the security of that data is.
On the face of it, this may appear to be an Information Technology issue – and it is, but it’s also much more than that; it’s a strategic issue, a corporate culture issue, a people issue and a process issue.
It’s strategically important because it can lead to significant reputational damage and tie up resources. It’s a corporate culture issue because it goes to the heart of what your firm’s values are and how you behave. It’s a people issue, because almost all problems like this are caused by and prevented by people, not technology.
And it’s a process issue, because failures like this have a lack of process, or a poorly applied process at their heart.
if your senior management care enough, then they should be working to put the strategy, culture, people, processes and resources in place.
If they don’t, then that says they don’t care enough.
Taking a Holistic Approach to Information Security Management
One of the biggest challenges facing firms who do want to make data more secure is in realising that they need to take a holistic approach and avoid a stove pipe or departmental approach. How do you know – this graphic may help you by identifying ALL the relevant areas you need to cover.
There’s a lot going on here, so do contact me if you’d like to discuss it further.