Creating a Culture of Information Security

Organizations need to start thinking about information security as an element that enables businesses, facilitating increased competitive advantage that allows them to manage risk and protect all of the dollars that have been spent on creating a brand. This is the first step in securing a business and ensuring compliance with the GDPR.

Phil Bindley is CTO at The Bunker.

In today’s sensitive security landscape data protection must be a top priority for every organization. An information security culture is particularly important, especially with the arrival of the General Data Protection Regulation (GDPR), as encryption technology, firewalls and other tactics can only go so far to protect an organization’s data.

The GDPR is designed to better protect citizens’ data and harmonize legislation across Europe. The regulation brings a number of new guidelines for organizations in relation to Personally Identifiable Information (PII). This means organizations must take security, compliance and good governance seriously. But how can organizations ensure that a cultural appreciation of good security hygiene is ingrained within their business?

Change the Business Mindset

Many businesses view information security as a function of information technology, rather than a function of business. This mindset needs to change.

Organizations need to start thinking about information security as an element that enables businesses, facilitating increased competitive advantage that allows them to manage risk and protect all of the dollars that have been spent on creating a brand. This is the first step in securing a business and ensuring compliance with the GDPR.

Disciplined Security Procedures

The next element is for businesses to introduce sound security procedures within their business by ensuring that all staff look at everything through a lens of data security. It’s vital to have a clear view of everything that could possibly impact security.

Everyone within the business needs to think about what they do day-to-day to make sure they behave in a way that is beneficial to the company as a whole and does not put security or compliance in jeopardy.

Security First Ethos

A culture of information security is really about a set of behaviors everyone in the business needs to buy into. Information security professionals have a huge part to play when it comes to cultivating this security first ethos.

IT leaders need to speak the language of the boardroom so that they can explain the benefits of behaving in a secure way. Non-executive directors need a firm grasp on the security hygiene of their company and the potential risks posed, as they are the ones who are accountable.

Pick a Trusted Partner

Organizations must do their due diligence when selecting a supplier. It’s critical that businesses get a handle of where their data is, how it is stored and who has access to it. Under the GDPR and with the introduction of the Data Protection Officer (DPO), supply chains are going to be tested to make sure data is being handled in the correct way.

Picking a trusted partner will bring major benefits as businesses can actually gain a serious competitive advantage by working with a Cloud Service Provider (CSP) that values security.

Protecting a business comes down to having the right people, processes, technology and most importantly culture in place. By embracing a culture of information security, organizations will be more competitive, can manage risk, protect their brand, and innovate in a controlled way. Security can no longer sit in the background, instead it needs to be an issue that is at the forefront of a business's operations and culture.

Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish