Today’s organizations are exposed to different kind of risks, such as cyber-attacks, plundering of intellectual property, stealth competition from grey and black markets, unconscionable acts of executive greed and corruption, identity theft, fraud, and terrorist threats. For protection, many businesses turn to powerful information technology, state-of-the-art security systems, and zero tolerance policies. However companies cannot be perfect. Even the CIA and the FBI had spies in them, and they have rigorous security procedures. A company should strive to be better than most of their peers/competitors. Those seeking to steal or do harm usually look for the easiest target. If I have a burglar alarm, outdoor lights, and a guard dog and you, my neighbor, do not, which one is the burglar going to hit? These people may be crooks, but they are not idiots. Currently the priority is the human dimension; people not machines are the key component of a good protection strategy. People, together with money and intellectual property are important things to protect. It is essential and possible to show everyone that security and integrity are everyone’s responsibility. Even if you have specialized risk and security units you cannot have the attitude that “it’s not my job.” It is a question of balance between your main job, but also being aware and informed about risk. Protecting intellectual property is a major challenge. It is a multi-billion dollar problem in the US alone and requires special measures. We have industry statistics that show fraud accounts for about 6% of revenue for any organization, be it public, private, government, or not-for-profit. Intellectual property is a particular concern, because once it is stolen it is still there. If I steal your car, it is gone when you look for it. If I steal your intellectual property they are still there. You do not know they have been stolen until much later. In the current world data management and data protection are crucial. So the issue is not to ignore data, some of it is quite useful, the issue is, rather, to focus upon a strategy that will identify that which is critical, from that which is merely nice to have or perhaps even interesting, but not critical. Physical property is certainly important, but data is much easier to steal, move, and sell. I can carry a million dollars worth of data on a disk or a million dollars worth of TV sets in a truck. Which is easier? Poor data management practices are just a form of intellectual property. Again, you cannot be perfect, but you can be better. The number one defense in civil actions involving loss of data is that you (the victim) did not treat as important when you had it in your control. In summary, this is a complicated area, and involves matters such as the Economic Espionage Act of 1996, a Federal law which makes various forms of data misuse a crime. Also, many states now place what is called “an affirmative responsibility” on companies who hold data on others, be it medical information, financial information, etc. For example, if you have a million customers and learn the data on a hundred has been lost you may well have to notify all million and offer them remedies. Tough standard. Data security can be improved, but this could be the topic for a future article.
Published in the hard-copy of Work Style Magazine, Fall 2010