Today, Cyber Security Risk is a term that encompasses networks, computers, programs, and data. Being it so, then any threat to these assets is an IT problem, right? No quite, not today. It used to be an IT problem, for sure, and if it is still dealt as such in your organization, then I suggest you consider moving it all the way up to the Boardroom. This is an extremely sensitive issue that should be included in the Board of Directors concerns because it has the potential of compromising the very survival of the organization. Consider, first, the responsibility of your organization in its custodial role of your customers’ data; then, add to that everything you are required to protect because of regulation, statute, or contract, and, to top it off, your company’s secrets that have to be kept like that, secrets. If we factor the money issue, then we add a new dimension: how to create a protection policy that doesn’t break the bank. Let’s take a closer look at the first one of these elements, because it is the one capable of producing catastrophic consequences – damage to your organization’s reputation, goodwill, and technological assets – and includes or affects all the others.
First, a necessary definition. In Data Governance groups we usually recognize a Data Steward and a Data Custodian, the first responsible for content, context, and policies, and the second one, the one that is of interest to us, responsible for the safety of the data and policies implementation. However, in the real world we may speak of a Data Overlord, still under formation but that will become a powerful entity responsible for everything that affect your customers’ data, privacy, and related issues: the general public. Regulations issues aside, there has been an important increase in the public awareness about data privacy and how corporations are handling it. One side of the coin is the increase in personal data collection; the other, how the organization is protecting it. My take here is that the organizations and the customers are converging on a mutually beneficial transaction which is the conscience and care of sensitive data. Large amounts of money, technology, and human resources are constructing the solution to this problem, and I say constructing because it is a never ending work. No matter how well your organization protects its customer data, there will always be a risk of being breached.
If we consider all the social and commercial implications of mishandling our customers’ data, it really helps to take this issue all the way up to the highest governing authority within the organization: the Boardroom. It is from here that all policies and directives regarding Cyber Risk should emanate. Being a Boardroom issue, its effects are felt all over the organization and that is the exact effect we are looking for. Businesses are being subjected to an increased scrutiny both from society and government; we have to be attuned to this and act accordingly, with the best interest of our customers as a guiding principle. A common characteristic of successful organizations is the care they take to foster solid ties with its customers through the quality of its products and services and, most important, through intelligent communications at all levels, supported by excellent performance and thorough compliance.
It is a major responsibility and also a major opportunity. A responsibility because the data of our customers data makes our organization a Data Custodian and we have not only to honor that role but to excel at it. No effort should be spared to protect the data and, of course, to comply with all our internal policies and government and international regulations. But it is also an opportunity to show our customers that we not only comply but that we are proactive in terms of protecting their data. To provide a secure environment and the policies that ensure this has to come from the Boardroom, where major issues belong and are aligned to the good of the organization and its stakeholders, of which the most important are our customers. We need to be proactive and open to suggestions and new technology that may help to protect our customers’ data and, most important, that our customers have confidence in our efforts and systems in place whenever they interact with us. We owe it to them and to our shareholders.
0 comentarios:
Publicar un comentario