Reading Time: 4 minutes, 36 seconds
In any organization there is overlooked information that is never noticed and no one ever thinks about it. It includes, among other things, information captured in an image archive or document management repository, or it could be data housed in ERP systems, collaborative workflow platforms or any number of line-of-business databases. Even copiers and scanners hold cached images you may not know about. Things like social security numbers, financial and medical account details, addresses and phone numbers, are all found in these repositories, yet that information can be overlooked or hidden from view; especially as the volume, velocity and variety of information that must be managed continues to grow at unprecedented rates. This information can represent a treasure trove of opportunity for data hackers and cyber-thieves looking to steal sensitive and private data.
Can Your C-Suite Sleep at Night?
Data security and compliance are on the minds of C-suite leaders in all industries and it’s easy to lose sleep at night. It seems like every week there is yet another high-profile data security breach, and some of the world’s most tech-savvy companies are falling victim. Indeed, just recently Facebook, already facing scrutiny over how it handles the private information of its users, disclosed that an attack on its computer network exposed the personal information of nearly 50 million users. Some of the biggest victims in 2018 include T-Mobile, Quora, Google, and Marriott hotels, which recently revealed that hackers had accessed the information of an estimated 500 million customers.
At the same time, data protection regulations around the world are becoming increasingly strict. One prominent example is the General Data Protection Regulation (GDPR) that went into effect in Europe last year. The GDPR is an overarching data protection law that applies to all European Union residents and is designed to make companies more accountable for the way they process personal data. While the rule is European in scope, it influences compliance and liability for any organization dealing with the personal data of EU citizens.
For the first time, information security and compliance has entered the top three drivers for digital transformation..
Driver for Digital Transformation
For these reasons, data security and compliance are increasing drivers to organizational spending on digital transformation. In one AIIM International industry research report, “Governance and Compliance: A Real-World View,” organizations were asked to rank the top drivers for digital technology investment in their company. Improved process productivity (42%) and faster response (30%) remain at the top of common objectives, but for the first time information security and compliance has entered the top three drivers for digital transformation.
Costly Breaches
Is your organization at risk? Yes. Experts tell us that it’s not a matter of if your organization will be hacked, but when, and the chances that your organization will suffer a data breach this year are one in four. As the frequency of cyber-theft continues to grow, so too are the associated costs. One report from the Ponemon Institute reported that the global average cost of a data breach is up 6.4 percent over the previous year to $3.86 million. The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 percent year over year to $148. The direct costs include hiring experts to fix the breach, investigating the cause, setting up hotlines for customers and offering credit monitoring for victims.
The real impact, however, is found in the business that is lost and damaged goodwill in the market – both customers and Wall Street are wary after a breach. One good example is the archetypal breach at Target in December 2013, just weeks before the year-end holidays, which put the company in a tailspin. Five years later, the company still faces a number of government investigations and more than 80 lawsuits. Target incurred $61 million in costs associated directly with the incident at the time, but the total expense to the company is estimated to be between $500 million and $1 billion — and that’s on top of any sales lost as a result of customers avoiding its stores after the breach.
Tools to Battle Cyber-Theft
At Zasio, we’ve built some important tools to help battle cyber-theft, starting with Versatile Enterprise™, a complete records management solution that allows users to manage all corporate records (physical and electronic) in one system, and then apply consistent retention policies to those records. The system works in the background to automatically calculate disposition dates (or suspend them for retention holds) of relevant records according to retention schedules, and will notify you when they are ready for transfer or destruction. Versatile Retention™ is our application in which users can research retention and privacy laws, create and maintain up-to-date retention schedules that protect the security and efficacy of important, private and sensitive information.
Experts tell us that the chances that your organization will suffer a data breach in 2019 are 1 in 4.
It’s Not Always about Collecting More Data
The specter of security and compliance demands greater levels of information governance. And it’s not always about collecting more data…sometimes you need to get rid of data that is no longer providing value but may represent a great risk to the organization. That is where strategic records retention policies and practices make a real difference in reducing risk to your organization. Consider these aspects as you design your strategies. Look for tools like Versatile Retention and Versatile Enterprise that allow you to take the right actions to properly secure and protect private information.
Unsure if your company’s data security is where it should be? Talk to our experts! Contact us today for a free demo or assessment.
Disclaimer: The purpose of this post is to provide general education on Information Governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.