Everyone in the organization needs to be a mini-Security Officer these days. What does that mean? It’s time for each person to recognize that every action must be viewed through the prism of security, and activity must be conducted in accordance with defined, attendant, values and standards. It’s part of today’s BTW.
Consider: It has just now come to light that approximately 39,000 physicians and other health care providers in Massachusetts are being warned that personal information, to include Social Security numbers, might be compromised. This past August, a laptop containing data was stolen from an employee at the Blue Cross and Blue Shield Association’s national headquarters in Chicago. Thanks for the timely notification!
It’s easy enough to gauge the general extent of the problem: Just Google “data breach,” “data theft,” etc. In the face of these data thefts (and the vast numbers are hushed), the organization must value security: it must train to, and perform to, specific security standards as determined by the organization’s business, environment, risk, and related needs. Rather than representing an expensive burden, security becomes a weighted concern for new employee orientation, updated refresher trainings, internal organizational newsletters, and so forth. Security consciousness and performance becomes a rated area for every supervisor’s evaluation of every employee during the appraisal process – governance to intern. It’s the business of security as pertains to the organization’s technical assets and data: The Business-Technology Weave.
In the BTW, data security is not the province of IT. It is the province of the organization. Who owns the data? The organization does. IT most definitely can select, size, and maintain security systems – in the technical sense. IT can also train people for security awareness and best practices. But it really needs to be business, as the ultimate stakeholder, that secures business – and business must be intelligent enough to oversee IT and the related security measures there – as well as in the simple human realm. After all, most breaches are due to human error. Who at Blue Cross and Blue Shield allowed the laptop to be stolen? Were there standards for securing laptops? Cables and keys for cubicles? Secure docking stations? Locked doors for offices and protocols for stepping out? Was there security guidance for using, handling and storing laptops? There was? Then, what happened to the employee who “lost” the laptop? Sometimes, examples need to be made…
Any business will get it soon enough: preparedness and prevention guards against damage to the organization’s number one asset: its reputation.
As we’re fond of saying here at the BTW: In the realm of risk, unmanaged possibilities become probabilities. Start thinking about risk and liabilities now, and get security on the table before something like this happens in your organization. Research and educate yourself for all manner of data breaches and how they occurred – then survey your job, your activities, and your place of work for risk. Make suggestions and inspire or take appropriate action depending on your place in the organization.
Get started today.
Coming up: What the heck is a BiT?