Jonathan Armstrong, technology lawyer for Cordery and data regulation advisor here at Absolute, wrote an article for Business Matters on Three tips for avoiding a dreaded data breach fine. The post addresses how the increase in corporate mobile device use has expanded, introducing new ways corporate data can be lost, and how businesses haven’t caught up in terms of mitigating these risks.
"There are many more ways in which data can be lost; whether through employee mistakes or malicious theft and sale of confidential information.
As a result, GRC (Governance, Risk and Compliance) is one of the biggest issues facing companies at the moment. Unfortunately, the average business hasn’t realised this and remaining on the right side of the law can be a real problem."
Although the article cites specific outcomes of data breaches under the Data Protection Act of 1998 in the UK, organizations in other countries face similar fines, criminal prosecutions and costly notification requirements. As Jonathan notes, many device policies just cannot handle the current compliance landscape.
Jonathan recommends a holistic, 3-stage approach to keep data secure:
Each of these items are detailed in full in the Business Matters article. Jonathan notes that though there are only 3 items in this approach, execution is everything. For example, training that is not engaging is not going to be effective. And technology that isn’t the right fit - cannot manage and secure all devices or is not persistent - will not provide enough protection.
Proper data protection is the base of a solid data security program. For more on how Absolute can provide the base to your GRC program, visit our website.