Today, shareholders, the press, the public and government have little patience for CEOs and boards of directors who preside over organisations that suffer data breaches, especially if those breaches expose personally identifiable information (PII) of employees or customers.
"Gone are the days when executive teams and boards of directors could delegate responsibility for data security to the IT department. Because data breaches can erode trust in fabled brands and scare away previously loyal customers and business partners, data security is now a board-level objective," says Sean Glansbeek, CEO of Private Protocol.
So, how should boards of directors approach this new, urgent, and challenging mandate? Here are some suggestions for improving the data security of IT infrastructure, wherever it is hosted:* Choose IT systems that encrypt confidential data both in transit and at rest. Wherever confidential content is used, even on your employees' mobile devices, confidential information should be encrypted.
* Evaluate the strength of the encryption being used. Ensure it complies with rigorous standards, such as FIPS 140-2.
* Ensure your own IT organisation maintains control of encryption keys. Allowing third parties such as public cloud storage providers to manage encryption keys creates new vulnerabilities.
* Support two-factor authentication for critical systems, and make sure your systems can automatically shut down brute force login attempts that submit thousands of passwords to guess their way into accounts.
* Track the distribution and sharing of confidential data. Think of your data ecosystem as all the business users, inside and outside your organisation, who need to access content; then make sure you can monitor the flow of content throughout that ecosystem.
* Consider deploying private clouds managed by your own IT team, to deliver the same economic benefits and scalability of public cloud services while giving your internal organisation full control over data and services. If additional IT resources are needed, you can transform your private cloud into a hybrid cloud that complements the private cloud with trusted public cloud resources as needed.
* Segment your networks, so that a breach in one area of your network does not give attackers access to your entire network.
* Educate users about the risks of phishing attacks and other stealthy attempts to gain their credentials.
By taking a proactive approach to IT security, an approach based on best practices and continual oversight, executive teams and boards of directors can fulfil their fiduciary responsibility for protecting their organisations data, reputation, and financial standing. In doing so, they can ensure their organisations longevity and viability – every CEO, chairman and board member's responsibility.
To learn more about kiteworks, Accellion's on-premises, private cloud secure content platform and how it helps to prevent costly data breaches, please visit our solutions page.
Accellion provides secure access to enterprise content wherever it is stored to enable increased enterprise productivity and ensure data security and compliance. Accellion is the leading provider of private cloud solutions offering enterprise organisations the scalability, flexibility, control and security to enable a global workforce with the tools they need to securely create, access and share information, wherever work takes them. Accellion solutions are used by more than 12 million users and 2 000 of the world's leading corporations and government agencies, including Procter & Gamble; Indiana University Health; Kaiser Permanente; Hogan Lovells; Bridgestone; Harvard University; US Securities and Exchange Commission; and NASA.
Private Protocol is a data security provider offering solutions and strategies that cover mobile device and information security, secure data collaboration, SharePoint/O365 security and compliance, data classification, file share security and compliance, Web content compliance, data leakage prevention, endpoint security and cloud security. Private Protocol also offers data risk assessments so companies can understand where their data resides, where their data is going, who is using it and what devices are connecting to the network. Private Protocol covers Africa and Indian Ocean Islands and also has a distributed partner channel.
Web site: www.privateprotocol.com
Our comments policy does not allow anonymous postings. Read the policy here