[vc_row][vc_column][vc_column_text]With the security threats around today, the sheer mass of information and the vulnerabilities to attack, it has to be admitted that information security is a challenge. But not an insurmountable one.[/vc_column_text][vc_single_image image=”2821″ img_size=”full” alignment=”center” image_hovers=”false” lazy_loading=”true”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]But not an insurmountable one. The right information security takes planning and organisation.
The advantages include prevention of loss and damage through information being stolen or compromised, as well as a more alert, capable workforce. So why does one recent survey show a downwards trend in implementing information security procedures?
The survey was done by Shred-It, a company specialising in on-site destruction of confidential paper-based documents.
Apparently, there is a perception problem to start with. The survey indicated that 40% of small business owners and 20% of C-level executives among the respondents did not consider lost or stolen data to be a problem for their respective companies. Percentages then rise respectively to 70% and 30% for respondents who did not have a web-security policy.
C-level respondents surveyed in 2014 also doubled compared to 2013 (11%) when it came to admitting a lack of any identified employee for managing data security problems.
However, 43% of c-level executives favoured the introduction of new privacy laws that would necessitate stricter compliance to information security standards, as well as heavier fines for non-compliance.
Although it may be unwise to jump to conclusions, this kind of situation begs the question: are companies giving up on good information security policies? Suggesting that the legislator steps in to force the hands of organisations in information security is like asking for companies to be legally required to exceed certain profit levels.
There are no laws about profitability – except the one that is called bankruptcy. Similarly, PR disasters and legal proceedings started by third parties are what sanction bad information security. Waiting for governments to pass laws simply isn’t on.
Enterprises and organisations can and should get their information security sorted out now or face potential damage, loss or even extinction.[/vc_column_text][/vc_column][/vc_row]