The world is a new place – social networks are no longer fads for youngsters but have evolved into valuable business tools for the modern business. They include rich applications, real time interactions and all the user generated content you can consume. Local IT security expert and managing director of J2 Software, John Mc Loughlin, warns companies to act quickly and protect their information assets and the privacy of their electronic identity.
“You cannot go through a week without hearing about some major security breach – the news of which spreads globally in minutes in our inter-connected world. African companies are not even disclosing their breaches as we are not mandated to do so. With more than a billion active people on social networks around the world, it is crucial for companies to realise the importance of ensuring their information is protected and their risk is minimised,” he says.
“As we all have been taught, each opportunity comes with its own unique problems. Regardless of the technologies and software solutions that organisations deploy to mitigate the risk of information security breaches, the critical factor is always people. Internal staff remain the most feared information security risk and are the primary reason for breaches, sometimes unintentionally.”
Mc Loughlin says the only solution is to build information security into the DNA of the organisation and its employees. “Make your people the guardians of your information. Working with both large and small organisations, it has become evident that only a relatively small number of people are maliciously or intentionally non-compliant with a company's IT security policy. In the majority of cases it is found that non-compliance results from unintentional ignorance, often fuelled by unsupervised or misguided use of computers.”
Building information security into the DNA of any organisation is the key to achieving compliance and mitigating risk, but can also present the biggest challenge, especially for large and complex organisations. Even in organisations where other aspects of security are paramount, for example, national security in defence environments, the internal regulation of information security policies can prove to be more difficult to enforce.
“Compliance must be turned into competitive advantage, whereby the opportunity cost of being compliant is vastly reduced. When information security is embedded into an organisation's DNA, compliance not only involves observing the formal rules as laid out in the policy, but also includes observing the informal rules governing circumstances that may not be anticipated,” says Mc Loughlin.
“Observing these informal rules will demonstrate that security is well and truly embedded in the organisation's DNA. Once this process is initiated, a simple but effective test of how well security is embedded into the DNA can be illustrated by leaving a confidential document on the floor in a common area to see how it is handled by passing staff.”
Preventing staff from accessing social networks is no longer an option. Company executives merely have to apply sound security measures to ensure their information is protected and costs are controlled. It is critical for all companies to create the correct environment where all staff are empowered to be the guardians of information. “The days of ‘lock and block’ are gone and it is now time for us to gain total user visibility in order to instil a platform to ‘trust but verify’. Adopting this approach will increase user trust and productivity by limiting user constraints – all while keeping total user visibility,” Mc Loughlin adds.
The objective must be to identify the challenges that organisations face and implement all possible solutions to mitigate the risk that the human factor poses in an organisation's information security strategy.
“Employees must be confident in handling situations where they may not have the familiar security parameters around them and the informal rules or corporate morals will kick in automatically,” he concludes.