Information governance is an incredibly important topic in the ever expanding world of Big Data. If we are honest with one another, it’s not the stuff dreams are made of and it’s unlikely to be anyone’s dream job. It is however, critical.
Information governance is all about managing data to keep it safely tucked away in our systems and away from unauthorised individuals. To do that, we need to put systems, processes and policies in place to keep our customer data secure and to protect the reputation of the business.
We have seen a lot of data breaches in recent times, even big companies with departments dedicated to the task of protecting customer data are falling victim to large scale data breaches – damaging customer trust in the brand and incurring very large fines. Talk Talk; British Airways; and Yahoo are some examples of large breaches in recent times.
We are never going to stop data breaches, but we can work to reduce the frequency and limit their impact by implementing appropriate governance processes and policies and by driving a data culture within the business – holding everyone accountable for the safety of your customer data.
Making employees accountable may sound like a bizarre approach to data governance, because it’s all system-driven, right? We just need an additional layer of security, some encryption and we’ll be ok, correct?
No. Kaspersky reported in 2019 that 90% of data breaches in the public cloud were a result of social engineering, which is all about using deception to trick individuals within a company into divulging information that they shouldn’t. An example may be a phishing email, which prompts the user for a password on a fake website, giving the hackers direct access to the data.
So indeed, the human element around the systems are just as important if not more important than the technical solutions that we use to secure our data.
Through this book, we will talk about ways to prevent data breaches happening; protecting your customers and brand. These methods will fall under four main headings: laws & regulations; people; processes & policies and technical security.
From all this information, you should be able to start to put together a data governance strategy for your business and work towards a well governed environment.