A weak link in organisational security
Security continues to be a hot topic in 2017. To the legal profession, data security is of paramount importance. For this reason, legal organisations should have strict policies, procedures and technologies in place to ensure data is secure, writes Berys Amor.
However, even with the best policies and practices in place, they are only truly successful if they are followed by your people, in a way that enables them to still be productive.
In a recent BlackBerry security survey, it shows that 82 per cent of global executives feel that security precautions, specifically in mobile working, cause at least some frustration among their employees. Incredibly, 44 per cent of employees feel too much security could stop them from doing their job altogether.
The legal industry cannot compromise on security procedures, but if they create frustration, limit productivity and are not followed or understood, the consequences can be dire.
The ’human element’ is potentially a weak link in the chain for firms. When learning to overcome the ‘human element’ and ensuring employees are on board with security, there are four critical steps businesses should follow:
1. Educate and communicate
At Corrs Chambers Westgarth, we run an ongoing internal communications program to get staff to better appreciate the importance of security. Being vigilant and ensuring staff understand the threat landscape, potential repercussions and preventative measures are the centrepieces of a successful security strategy.
Without dialogue, we are limited in our understanding and therefore deficient in our solution.
2. Use technology
There are a number of mobile device management solutions available which allow employees to work remotely and securely.
These solutions allow organisations to establish a secure framework, ensuring employees stay productive while not breaching corporate policies.
Since Corrs introduced Good Technologies (now part of Blackberry), our people can access corporate data on a diverse range of mobile devices and be assured that all corporate email and associated information and attachments are encrypted and containerised.
This has provided the mobility and flexibility that allow the use of a personal devices while keeping work, personal information and data separate.
Improving productivity is not the only way that security technology can help organisations – it helps to protect people too. The CIO’s role has changed. No longer are we just responsible for protecting data and information, but also the employees within. As CIOs, we have a bigger sense of responsibility and so many of us are looking at technology solutions as part of a holistic solution.
3. Learn to adapt
One of the biggest challenges in the fight against cyber threats is that technologies are ever-changing.
Cyber criminals are meticulous in their understanding of new technologies, and can learn and adapt with swiftness and precision. So, too, businesses need to regularly monitor the landscape, educate their employees and adjust their strategy accordingly to help mitigate not only against current challenges, but against those still to come.
Similarly, employee behaviours can also change regularly. Five years ago employees were not as aware of security threats, and we’ve slowly been able to turn that around through ongoing awareness activity and making sure our approach fits the needs and expectations of the business.
It’s not just about ticking off boxes and thinking you’re done; it’s about understanding how people are or aren’t using security and deploying the most appropriate security solutions.
4. Highlight executive support
It is also not enough for an organisation to introduce a security strategy and expect employees to follow suit. Commitment is required right through the business.
It is only when the importance of security and data protection is driven from executives that staff will adhere and emulate the same behaviours.
With confidentiality central to the legal industry, organisations need to ensure they are one step ahead and being smart about the solutions they are using.
The impact of data breaches today – whether internal or external – can have the most devastating impacts. Organisations need to ensure employees understand the need for security measures and introduce the right technologies which safeguard private information without compromising productivity.
Data security concerns can be addressed when organisations start to think about how to prevent, recognise and respond to attacks.
Berys Amor is the director of technology at Corrs Chambers Westgarth.