Last month, I told you that, in the past year, the number of large organizations citing compliance and risk as the largest driver for information management has risen from 38% to 59%, according to the AIIM report “Information Management – State of the Industry 2016.” Additionally, 44% of mid-sized organizations also cite this as their biggest driver. So, what does this really mean?
It means that there is a growing awareness and concern among business leaders that they can no longer take a wait-and-see attitude about preparing for potential breaches. It means that when challenged about their information management practices, they will have a defensible position. It means that they are trying to prepare for the inevitable moment when information is at risk of being taken or shared with those who do not have the right to possess it.
How bad is it?
At the time of this writing, the Identity Theft Resource Center reported, as of May 3, 2016, they had identified 348 breaches that exposed more than 11.3 million records, spanning every market segment. Additionally, the US Department of Health and Human Services cites more than 1,500 breaches reported, potentially exposing millions of patient records, since it began tracking reported security breaches in 2009.
Risk and compliance should be top-of-the-list topics for every business, regardless of size and market. It should cover not just digital information but legacy as well—paper and film. Governance policies should be developed to include all forms of media, management procedures related to the information, training for employees, and monitoring to ensure adherence to the policy.
What to think about
Begin with an assessment of your current policies, practices, technologies, employee training, and monitoring capabilities. Identify potential areas of weakness and improvement. Take action to move your business forward and do not wait until it is too late. Preemptive preparation is the best practice when it comes to managing risk and compliance.
In my view
All too often, I hear the words, “It will never happen to us.” Wrong! It will happen to you or may have already happened. It is just that you do not know it. Security breaches occur in many different ways. For some, it is being hacked. For others, it may be unauthorized information sharing, and still for others, it is inadvertent sharing of information without realizing it was wrong. Teach employees what security, risk, and compliance means to your organization and provide them the tools they need to comply.
Bob Larrivee is Vice President and Chief Analyst of Market Intelligence at AIIM and an internationally recognized subject matter expert and thought leader with over 30 years of experience in the fields of information and process management. He is an avid techie with a focus on process improvement and the application of advanced technologies to enhance and automate business operations. Follow him on Twitter @BobLarrivee.