Businesses of all sizes are subject to these cybersecurity vulnerabilities that can have a major negative influence on companies' customer relations, finances and legal standing. And while no organization has unlimited resources to offset these threats, a strong information governance program goes a long way to help alleviate cybersecurity challenges, said Diane Carlisle, IGP, CRM, executive director of content at ARMA International, during a recent SearchCompliance webcast.
"There are internal threats as well as external threats," Carlisle said, who was joined by fellow speaker Mark Grysiuk, CRM, CIP, during the webcast. "It's also clear that if the employees of an organization are making bad information governance decisions, that's going to have an impact on the security of your information."
The sheer amount of structured and unstructured data generated by the typical modern organization presents big challenges to a company's information governance program. From an information security perspective, all data must be processed and analyzed to avoid unauthorized access.
As a result, organizations that do not systematically delete information with no business value are setting themselves up for cybersecurity vulnerabilities.
"We might be losing the game -- companies are collecting and storing more information than they know what to do with," Grysiuk said, who is currently a senior advisor of information security governance at Bell Canada. "Retaining data that has zero value in a high-cost, active environment is a legal and operational liability. Why pay to protect information that is obsolete?"
Diane Carlisleexecutive director of content, ARMA International
This is where a strong information governance program is most beneficial to cybersecurity efforts, Carlisle said. Something as simple as data retention and disposition protocols can go a long way to protecting vital company information, she added.
For these programs to be successful from both a governance and cybersecurity standpoint, however, requires integrated perspectives from all of an organization's departments, including legal, finance and security. For example, Carlisle noted that many companies' legal and compliance processes rely heavily on data management processes to produce quality data as evidence.
Carlisle offered some common questions companies should ask when developing an information governance program, including:
- What are our legal and regulatory obligations?
- How do we need and use information for litigation purposes?
- How does the business itself need to use the information?
In other words, before the company can determine what data it can delete to avoid cybersecurity risks, it must first make sure the information won't be needed down the road.
"There is a real collaborative nature to information governance itself," Carlisle said. "Without all of these perspectives represented and being considered in any information governance decision, there will be significant gaps."
In this webcast, Carlisle and Grysiuk discuss the common cybersecurity vulnerabilities facing companies today, and how a well-planned information governance program helps offset these seemingly endless risks. By applying smart information governance principles to cybersecurity efforts, companies can better understand data threats and determine the best mitigation steps, Carlisle said.
"A good, strong information governance infrastructure is going to be a key part of addressing your cybersecurity challenges," Carlisle said.