Intalock Summit 2017 Sponsor –TITUS – How TITUS can ‘upgrade your employees’ – Why Australian businesses need to look introspectively before the data breach legislation catches them unaware.
How TITUS can ‘upgrade your employees’ – Why Australian businesses need to look introspectively before the data breach legislation catches them unaware.
It’s been a long time coming, especially now with the recently passed Privacy Amendment (Notifiable Data Breaches) Bill 2016, coming into effect by 23 February 2018. Having seen similar laws in effect in North America, and with the EU GDPR coming to Europe in early 2018, it is impossible for any business to ignore the issue of data security. Organisational change is necessary across the globe.
While I was in Australia, the new legislation was a very hot topic in meetings with both existing partners and new customers, bringing up a multitude of questions from many that we spoke to. From a general perspective, it’s fantastic that more and more organisations are wising up to security (and there are countless surveys to back this up), but from our experience, most seem to be struggling with the myriad of ways of protecting their data and the persistent threat of breaches.
As a result, we’re seeing organisational security budgets continue to increase, which is an indication that things aren’t working. Teams are feeling overwhelmed, with most feeling like they’re not making any progress. They’ve tried a lot of things, but with limited to no success.
Historically businesses have tried to solve their security problems by putting in point solutions or black boxes as a hopeful miracle cure. But after many years and much expense with limited results, are coming to realise that the people – the employees – are participants in the breaches, which is where action needs to be taken.
And what’s important to remember about the new legislation is that as well as the malicious activity it seeks to highlight; we can’t forget that it will also bring a new level of scrutiny in highlighting an organisation’s own internal mistakes. Human error – that accidental attachment, the sharing to personal email addresses, or the incorrect ‘Steve’ in an email means that organisations will be forced to take a closer look at the finer details of everyday working life across their workforce.
So it’s time to try something just a little bit different, which is where TITUS comes in. Through the process of data classification, we go after the root of the problem – that is, the people. At the moment, they’re part of the problem. We need to turn this around to make them part of the solution.
Classifying your unstructured data is a very visible way to enable a shift in accountability across an organisation, and to dramatically improve the effectiveness of data leak prevention (DLP) tools and encryption initiatives. It is successful because it brings about a shift in digital awareness of data. By adding ‘metadata’ to each file, such as author, “PII”, or a security classification “confidential” itself, any time that the data is saved, sent or shared, the value of the data is identified and clear to the user or technology interacting with it.
Ultimately, identifying where sensitive customer related data resides, across the mass of unstructured data in the environment, will significantly reduce the chances of that data leaving the organisation.
With TITUS solutions, organisations are happily shifting the responsibility of data protection down from a small group of information security professionals to the business units, content creators and content owners, because they’re the ones who are subject matter experts.
The objective is to bring about a security culture of information management that makes employees respectful and aware of the sensitivity of information they are handling. Getting the workforce involved in the discussion and holding them accountable is extremely attractive to those who are fighting the fight with limited success so far.
But haste makes waste as they say, and no organisation wants to risk even further errors. Cultural change won’t happen overnight and in our experience it is best to educate the workforce over time. Classification is an indispensable foundation to data security. Shifting to a culture of data security will only take place when all employees are continually engaging in corporate security policies.
Our ability to provide an immediate and tangible lift in user awareness as an integral part of the employee’s daily activity, is enabling organisations to harness our solution to hand-hold users through an uplift in education and accountability.
Appropriate policy, based on a proven methodology, first educates while also auto-identifying the creation or sharing of potentially sensitive information. Education is followed by enablement, and ultimately a balanced enforcement of policy on an ongoing basis. Experience suggests that users rapidly embrace the engagement and protection, and it becomes an unconscious benefit.
When data is classified, organisations can raise security awareness, prevent data loss and comply with record management regulations.
With such a digital and mobile workforce sharing data through a combination of platforms every single day, and with the legislation only shining a more intense spotlight on accuracy, it’s vital that businesses act now to strike a balance between sharing and protection to create a new security culture throughout their workforce.
Tim Upton, CEO TITUS