Cybersecurity: the word conjures up images of software engineers in lab coats feverishly analyzing cryptographic code in an effort to thwart an attack from a country somewhere on the other side of the globe. Seemingly daily reports of major data breaches are now coupled with warnings about a cybersecurity “talent gap,” meaning that there is a critical shortage of the highly technical professionals in the workplace who are specialized in cybersecurity.
This is true. However, much of the work necessary to protect business data does not fall within the purview of the technical cyber-specialists. The foundation of any good information security program is good information governance. In short, before you secure your data, you have to know your data. You have to know what data you have, where you have it, why you have it and how you use it. This may seem like a seductively simple task, but often … Continue reading “Good cybersecurity means good info governance”
A new age of records retention: good policy more than worth the effort
There are a number of potentially troublesome issues associated with retaining records. For example: there are storage and privacy concerns; organizations must ensure they keep records secure in accordance with relevant privacy laws. At the same time, organizations might not have considered the self-incriminating information that records might hold, and they will want to ensure they don't keep potentially incriminating records any longer than the law requires.