Companies are beginning to realize the competitive advantage that comes with digital innovation. What many do not realize is that with increased levels of digitization, there is an exponential increase in the volume of consumer and transactional data created. This data is both an asset and a liability, particularly in terms of risk management. The cookie jar or money clip that used to keep your money safe isn’t good enough to protect your bullion or stock certificates. Adopting the benefits of a digital business model will not prove profitable unless a parallel focus on security is included in the business plan. Organizations should understand the tools and best practices that are available to protect their brand and image from serious digital threats including identity theft, database hacks, and phishing intrusions. 

To successfully compete and maintain a good standing in the marketplace, a business needs to have good security hygiene. What does that look like? Here are some simple best practices to start with.

1. Learn where your data lives

As you embrace a more digitized approach to your business, you should be constantly mindful of where your data lives. You can’t protect your data if you don’t know where it is, and each medium — whether it’s cloud-based, a local disk, or a back-up tape or disk — requires a different approach when it comes to security. Also, don’t forget those hard copy files and old computers.

2. Establish who has access to your data

Not everyone needs access to everything. Establish clear guidelines for accessing data on a need to know basis. Ensure that there is a digital trail to keep a record of all data accessed. Always have security in mind.

3. Understand which data needs to be protected: the data security lifecycle

Always bear in mind that not all data needs to be kept. Destroying unneeded data is one step in a data security lifecycle that also includes creating, storing, using, sharing, and archiving it. Classify data so you know what to protect. Data runs the spectrum from highly sensitive customer data to simple emails exchanged between colleagues. Create categories of data and establish a security plan accordingly.

4. Educate your employees

Ultimately, data security is about the people who have access to your data. Make sure you have a continuous employee training program to ensure that all staff are aware of your data security policies and that they know how to deal with phishing, spam, and malware in unsolicited emails. Make sure all staff members understand the critical business value of your data.

5. Educate your board of directors

Many board members have a solid business background but may not be at all familiar with how to approach digital security. You should know how to educate your board about security risks and threat prevention.

At the CIO Association of Canada, our members — senior technology leaders representing every vertical across Canada — are well aware that security is a critical facet of our portfolios. The topic is central to our professional development activities. At our annual conference, the CIO Peer Forum (which will take place in Edmonton this April), for example, our sessions focus heavily on educating boards of directors about issues of digital security. Learning topics include information security and risk information, the types of resources that should be provided to boards, and best practices for minimizing risk, including leveraging an intelligence-led security operations approach.

At the CIO Association, we are cognizant of the increasing need for a strong emphasis on digital security. Like the businesses we lead, our association is adapting to a changing reality. At our most recent meeting, the board voted unanimously to open our membership to include Chief Information Security Officers (CISOs). 

All players in the digital world need increased levels of cooperation and collaboration to capitalize on business innovation opportunities. We equally need to continue to digitally protect millions of Canadians across our great country.