A data security breach is any leader’s worst nightmare. Having strategic plans compromised, financial information exposed, or customer data hacked can not only halt operations but damage an organisation’s reputation as well. Because of this, data security and protection have always been considered top priorities of many companies worldwide.
Data can be kept in are several ways, but one of the biggest decisions executives have to make would be whether to stick to the traditional method of using paper files and keeping them in heavy metal cabinets, or to migrate to a digital platform. They are constantly faced with the question of which method of information dissemination and documentation is not only smarter, but also safer.
Placing the “hard” in hardcopy
Organisations have been handling paperwork even before they were founded. Business permits, contracts, and other foundational documents are necessary prior to launching; then it carries on during operations and even after closure.
This is why many offices have invested in various filing solutions, from envelopes and folders to drawers and filing cabinets that need to be secured with locks. Sometimes, an added measure of keeping them in safes or vaults is needed. However, these measures can never really guarantee protection against security threats. On the surface, this type of solution allows organisations to control who has access to these files, but these can easily end up in the wrong hands even under lock and key, just like what happened to the Australian government’s files in early 2018:
By law, cabinet documents are to remain secret for at least 20 years. While the files had been safely stored away in two locked filing cabinets to the point that no one could find the key, these cabinets were eventually sold at a second-hand sale in Canberra at a very cheap price. Once opened by force, the filing cabinets’ contents turned out to be more than your ordinary office paperwork — they contained top secret classified files, revealing not only the ins and outs of over a decade’s worth of government work, but repeated security breaches of some of Australia’s most sensitive national documents.
The Cabinet Files is just one of the many paper-based mishaps that have occurred in the past. Because of this, organisation leaders have realized the importance of going digital. They saw the efficiency of searching quickly through thousands of files, updating documents across all networks in real time, as well as accessing information anywhere on mobile devices. It is important to note, however, that when migrating to an online platform, one must still implement and fortify data security measures. Unfortunately, this is what top executives seem to forget.
In a survey conducted by The Australian, they discovered that a good number of business leaders are so lax when it comes to the protection of data that they don’t have governance programs specifically for cybersecurity. They also found out that only 28% of ICT staff agree that their company’s data is secure. This is quite alarming because sensitive information, whether stored on the cloud or on-premise, is always vulnerable to security threats.
Take for example the Commonwealth Scientific and Industrial Research Organisation (CSIRO), Australia’s peak scientific research agency, which experienced a security breach in November 2013. While most details remain a mystery, what we do know is that one of their scientists simply stopped going to work, thus posing the question of whether or not he ran away with pertinent information.
After the disappearance, the organisation upgraded their systems, employing Canberra Data Centres (CDC) to fortify security. Their first three-year contract cost close to $30 million, and the succeeding three-year contract cost over $15 million. They are continuously investing in technology, and thus have not experienced a breach since the 2013 incident.
To digitise, or not to digitise?
Now, this brings up the question—which of the two data storing and protection methods is better? While both arrangements have their pros and cons, it ultimately boils down to reinforcement, maintenance, and due diligence. Companies should implement a data security system that not only works but detects and proactively prevents any instances of security breach.
Article originally posted on CSO.