Implementing Your Three-Staged Approach to Data Security

I recently published a 2-part series for Finextra on Working With Your CIO to Negotiate GRC. In the first part in the series, I talk about the struggles organizations are facing with data security and the lack of board-support for the creation of mobile working policies. In that post, I advocated for a holistic three-stage approach to ensuring data is kept secure in order to comply with data protection regulations and to avoid fines.

In this second part in the series, I explore how companies put these three stages into practice. These stages include:

1. Implement a policy - ensuring it is clear and well communicated
2. Train and educate employees - since the ‘human factor’ is often a weak link in data security, as many of the recent posts on InTelligence have discussed. There is a lot of finesse to creating an effective education program!
3. Utilise a technology solution - to track, manage and secure all devices used at work, and the data on them. Employees will break the rules, willfully or not, so be prepared!

As the article explains, having both policy and technology in place will help organizations avoid the costly fines and fees associated with a data breach. It is up to CIOs to ensure that GRC becomes a board-level issue that should be discussed now. Feel free to leave a comment on the posts here or at Finextra to discuss this approach to data security.