When considering the critical factors that could cause your organisation to be exposed to reputational or financial damage, are you thinking about the risk that mismanagement of information holds for your business?
A white paper compiled by Iron Mountain, based on a study conducted by Galaxy Research, has shown that many Australian organisations are experiencing potentially damaging ‘information mishaps’ as part of their day-to-day business.
Information mishaps are those events that are defined as lost, unauthorised access, theft or disclosure of confidential or sensitive information from a business or organisation.
The study, Taking charge of information security, has highlighted the alarming statistic that more than one in six Australian organisations have experienced an information mishap in the 12 months, to November 2013. In fact, more concerning is the fact that an additional 25 percent of organisations surveyed couldn’t say if they did or didn’t have an information mishap in the same time period.
Add those figures together and it’s possible that up to 40 percent of all businesses in Australia have suffered one of these mishaps in recent memory. And, considering the volume of business and customer data that goes through just one organisation, the potential for a large-scale impact from a lapse of this nature could be severe.
The survey also asked respondents where they believed these mishaps might have originated. More than two in three admitted that internal security lapses caused the leaking of sensitive information at their organisation. Of that group, 41 percent identified a failure of internal procedures or systems as the overriding cause for information mishaps. Interestingly, only 5 percent of organisations surveyed said they were the victim of a malicious attack.
So, what can organisations learn about improving information security from these insights? Firstly, and perhaps most importantly, is that the business community is not taking enough precautionary steps to ensure these risks are minimised before the damage hits. This is especially important when considering some of the larger information and data breaches of the past five years have resulted in companies and organisations suffering from damaged reputations and sometimes even being forced into financial reparation.
Secondly, the need for a clear and easy to execute information security and management strategy is apparent across the whole spectrum of Australian businesses. The need to prioritise information risk in large organisations across the country is not being addressed with sufficient vigour as many organisations struggle to find the right person or function within the business to take charge of this work.
Finally, the importance of creating an organisational culture where information security is embedded in every individual can be very helpful when it comes to mitigating internal security lapses. Many large organisations may not consider it as important to have employees on the same page when it comes to information security as it is to implement technology or other solutions. However, being clear with each employee about their role in the overall process of information security can prove far more beneficial in the long term.
The Taking charge of information security white paper details the survey results and provides important analysis of Australian business’ attitudes towards managing information risk. The white paper also includes a checklist of important factors for a strong information security policy. Download the white paper now from ironm.com.au/downloads to find out if your organisation’s policy could withstand information mishaps and the danger that mishaps present.