Your riskiest data asset. The asset in your organisation that has the most risk from a data security point of view.
“Oh! Er… well my computers I suppose…”
Probably not. Try again!
“Um. Well.. my servers and laptops…”
Still probably not. Let me help. What about data sticks? Do you think they are the riskiest?
“Oh, I see, yes, they are certainly risky as everyone seems to use and lose them!”
Not very reassuring – but still not likely to be the riskiest. What do you think about mobiles?
(Beginning to get the idea) “Well, I suppose that mobiles are risky but they are private”
Yes – but your staff use them for company business and have company related data on them, not to mention contact details, files that have been transferred and possibly passwords for sites checked on the internet etc. But even then, these are not usually the riskiest data asset types for most businesses.
“Well, what is then?”
Your people themselves.
“My people – you mean, the staff. But we are not computers with data files in our heads (apart from John in Accounts perhaps – but that is another story)”
You don’t need a data ‘file’ to be a data asset. Your people know passwords. They know corporate IP, they know client lists, they know price lists, they know access routes, office layouts, where specific data is stored and so forth. Moreover they have access to data and it is what they do with it that is the riskiest of all activities.
“What do you mean?”
People are very bad at keeping data safe. It is not just the ability to lose it – like leaving a file on the train or forgetting to pick up a data stick from when it was last used. It is more that they are bad at looking after data security overall. For example, they click on spam emails and let viruses in, they forget to lock doors when they go out, they let outsiders into the office without checking that they should be there and that someone is with them at all times. They also lose papers, data sticks, laptops, mobiles and consequently data. They forget passwords so use the same one continuously, or write them on the pad on their desks. They pass files to people who are not on the authorised list … and so forth.
“I see what you mean…. But how can you change people – you cannot get them to have a virus check or sign them in and out?”
No, that wouldn’t work – but what about some awareness training to give them an idea of the scale of the dangers that they can avoid, the ease with which this can be done, the potential legal, reputational, financial and ultimately job-security issues that this can cause if they don’t take it seriously?
“Yes, but looking at it this way, one of the key problems is our CEO Fred. What do we do about him?”
If this was the most expensive piece of kit you had on your inventory, would you not want that protected too? Of course you would. So Fred gets to go on an awareness training too. And if he does not take it seriously, you will have a great deal of difficulty getting others to do so. And what does that say about your corporate responsibility to look after the data details (credit cards, addresses, bank details for example) of your clients, suppliers and staff. If Fred’s bank details were lost, he would be furious with whoever lost them wouldn’t he?
“Well, yes, but he is the CEO – he founded the business – and owns it. You can’t get him to do what others do.”
That certainly makes it trickier. But it does not reduce the risks involved if he does not take it seriously. You would have to emphasise that the value that he has created would potentially be lost overnight if he does not. When does he want to retire – next year? – well that would not leave much time for him to build up the value again. Also the reputation would be damaged forever! Finally, any buyer would want to see a good data security system built in – so now is the time to do it so that it can be shown to be working too!
“Hmm! I see what you mean. Very well, let me see how we handle Fred – because I agree we need to. In the meantime, we need a way to bring the staff forward too. Can you help?”
Of course, just call 0345 600 6975 and ask for Carl Kruger, and he can get you on the right track. There are a number of ways you can do this – let him tell you about them!