The CIO has secured the IT systems, expensive software programs protect against malicious intrusion, PCs are password protected and it seems like there is no chink in your business' armour.
But how secure are the devices that contain business information that find their way outside of your organisation's four walls?
Information is the lifeblood of 21st century business. It provides insight and business intelligence that drives customer engagement, productivity and competitive advantage. Such a resource can be invaluable to employees who need data on the move, or require it to work from home.
However as digital information becomes more mobile than ever and the line continues to blur between the ownership of that information, the risk of data breach grows considerably. For example, copying some useful company data onto a memory stick seems innocent enough, however, this changes when that stick is stolen, or is misplaced.
Greater Manchester Police was recently fined when an unencrypted memory stick containing sensitive data about serious crimes and witnesses was stolen during a burglary at a detective's home. Upon investigation, the ICO found that a number of officers across the force were guilty of using unencrypted memory sticks to copy data from police computers, which was then accessed away from the office.
The dangers of losing such sensitive police information are clear, but the loss of any information from any company can be disastrous. Studies have shown that more than 40 per cent of companies never recover from catastrophic data loss, and 90 per cent of companies that suffer a significant data loss go out of business within two years.
Data loss can affect market share, brand reputation, customer service and every day business processes. The impact of a data breach is only going to get worse as new EU data protection legislation promises to raise the stakes in terms of potential fines arising from non-compliance; businesses face the risk of being fined up to two per cent of their global annual turnover.
In a recent study by Iron Mountain, it was found that just 56 per cent of office workers in the UK are aware of company guidelines about what information can or cannot be removed from the office. The new legislation means that it is more important than ever for businesses to make their employees aware of data protection policies for it will be the company that faces the penalties, not the staff.
With so much at stake, businesses must put measures in place to reduce the risk of accidental data loss. Visibility is paramount; whether staff use personal, unencrypted or even secure and authorised data sticks, businesses need to know how and where they are being used.
Communication, training and support are key to achieving this. By ensuring employees at all levels are aware of the risks and repercussions, and putting clear policies in place for the use of data outside the office, it is possible to foster a culture of information responsibility across the business.
Instilling a culture of corporate information responsibility (CIR) also requires the backing of senior-level executives. The drive and direction for responsible information handling must come from the very top of the business and be backed up by example. How information is managed has become a boardroom issue, not just in terms of developing and disseminating company-wide policies, but as an example of best practice in information handling and accountability that sets the tone for the whole business.
In today's increasingly knowledge-based global economy, the success or failure of businesses could depend on how information is managed. CIR is about fostering a culture of care for information, underpinned by reliable business processes that treat information as an asset not a liability. If businesses fail to implement this, they are preparing to fail.
Christian Toon is head of information risk at Iron Mountain Europe