Information Governance and Cyber Security – The evolving menace of Kirk!
When I first started my career in IT, I had to worry about a variety of things... mainly keeping things working (as I found out, the stress of the email going down was similar to that of being at war! As the full complement of office workers quite frankly gave up doing anything at all without the ability to email each other) and of course Kirk! I should point out that Kirk is not a real person, nor is he boldly going anywhere but he represents the threat to the company at the time.
Kirk was 14 years old, curious and a little bit naughty if I’m honest. He wanted to be cheeky and break or deface my website to show his friends how cool he was and also tell the world of my inadequacy as an IT Manager. To counter this threat we bolstered our security… the firewall! Come and burn your hands on that Kirk! My job was done and Kirk was out of my hair… it was 20 years ago so I did have some back then!
Anyway Kirk, over time, seems to have got into the wrong crowd and over the years he has become more skilful and the complexity of his nefarious activities. He’s now trying to steal user accounts, credit card details and databases in order to make a profit for him and his gang! As he evolved, so did I, building higher and higher walls (firewalls) for him to jump over and locking down devices, increasing password lengths to further enshrine all the stuff inside the business, but the problem was he kept coming and evolving. I had friends in “secure” environments that told me if you were connected to the internet that it could always be compromised.
A few more years on and Kirk has moved on from trying to take some key stuff to locking everything down so I can’t have it and then have the cheek to ask for a ransom for it all back. I don’t know what most of the enormous amount of info is but I definitely can’t do without it can I? I don’t know who Kirks friends are, but I don’t think they are particularly nice. Anyway the complexity of cyber security and me with the keys to the most complicated locks of the biggest gates outside our business is still being overrun by Kirk… the fact is he now has even more nefarious motives based on socio-economic results, stealing my intellectual property and the key secrets that make my business stand out, make money and thrive. The implications of this are huge but the truth is, I don’t understand what information he is after, I don’t even know what information we hold as a business really and here lies the problem.
Now bear with me here. Should you be lucky enough to own diamonds then you know that they are probably (for their size) the most valuable objects that you own. We understand this value and put them in a safe, lock the safe, put a picture over the safe, lock the door, lock the windows, lock the front and back doors and we lock the great big fence to the outside world. However, when it comes to our socks and pants we don’t give them the same treatment, in fact sometimes I hang them outside for all to see (the good ones) literally only protected by the fence on the outside. What are you talking about Dom? I hear you ask…If indeed you got this far! (Thank you if you have😊)
Well, in most of our organisations we don’t know the difference between our Diamonds and our Socks... or put it another way, we don’t know the difference between a trade secret, a vital contract, designs, Intellectual Property, canteen menus, the Funday Friday joke emails or other trivial – in a business context information. When Kirk raises his digital nightmare of a head and locks all our information, do you want to give him three million to get back your menus and your office photographs or would you choose to ask him to keep that and only give back the important stuff.
So with no end in sight from the threat of Kirk, Information Governance will help you understand the difference between your diamonds and your socks and all metaphorical items in-between and apply the right level of protection by understanding the content and the context. When Kirk is nosing around your manor he’ll find that you understand the value of your information and have applied the controls to make sure he can’t damage your organisation with encryption and protection of all sensitive information, retention and destruction of information in line with policies, protection from theft or misuse internally too; As the reality is we can’t afford to put everything in the safe but we can understand its value and treat it accordingly. Like a well organised house, when you know what everything is, you put it in the right place where you can actually find it. The benefits are clear at home and in business however with Information Governance we can automate the control, organisation and findability of your information automatically! As we all know the answer to these two questions… Who wants organised data? and who wants to organise their data?
I’m sure I finished the presentation with something more amusing so I’ll leave you with this… What’s the difference between Tags and Metadata? Your age!