Johannesburg, 10 Mar 2016
Today, shareholders, the press, the public and government have little patience for CEOs and boards of directors who preside over organisations that suffer data breaches, especially if those breaches expose personally identifiable information (PII) of employees or customers.
"Gone are the days when executive teams and boards of directors could delegate responsibility for data security to the IT department. Because data breaches can erode trust in fabled brands and scare away previously loyal customers and business partners, data security is now a board-level objective," says Sean Glansbeek, CEO of Private Protocol.
So, how should boards of directors approach this new, urgent, and challenging mandate? Here are some suggestions for improving the data security of IT infrastructure, wherever it is hosted:
* Choose IT systems that encrypt confidential data both in transit and at rest. Wherever confidential content is used, even on your employees' mobile devices, confidential information should be encrypted.
* Evaluate the strength of the encryption being used. Ensure it complies with rigorous standards, such as FIPS 140-2.
* Ensure your own IT organisation maintains control of encryption keys. Allowing third parties such as public cloud storage providers to manage encryption keys creates new vulnerabilities.
* Support two-factor authentication for critical systems, and make sure your systems can automatically shut down brute force login attempts that submit thousands of passwords to guess their way into accounts.
* Track the distribution and sharing of confidential data. Think of your data ecosystem as all the business users, inside and outside your organisation, who need to access content; then make sure you can monitor the flow of content throughout that ecosystem.
* Consider deploying private clouds managed by your own IT team, to deliver the same economic benefits and scalability of public cloud services while giving your internal organisation full control over data and services. If additional IT resources are needed, you can transform your private cloud into a hybrid cloud that complements the private cloud with trusted public cloud resources as needed.
* Segment your networks, so that a breach in one area of your network does not give attackers access to your entire network.
* Educate users about the risks of phishing attacks and other stealthy attempts to gain their credentials.
By taking a proactive approach to IT security, an approach based on best practices and continual oversight, executive teams and boards of directors can fulfil their fiduciary responsibility for protecting their organisations data, reputation, and financial standing. In doing so, they can ensure their organisations longevity and viability - every CEO, chairman and board member's responsibility.
To learn more about kiteworks, Accellion's on-premises, private cloud secure content platform and how it helps to prevent costly data breaches, please visit our solutions page.