We rarely assume we will be at risk of things. People living by the ocean in big houses with infinity pools and sun decks which have never seen flooding or extensive storm damage often worry less about king tides or floods with a “won’t happen to us’ attitude. Families don’t have an adequate bush fire plan and associated policy because they believe “The fires will never reach me, I am too far from the bush”. Yet unfortunately, sometimes we are bitten resulting in loss of property and sometimes loss of life. Either way, these situations have tragic results. Just recently a friend of mine rode through a small town which had been devastated by fire and shared with me the silence and desperation he felt there and how lost those people must feel after losing everything.
These risk profiles often extend into business yet staff and customers have little option but to trust in their IT departments to ensure any personal information is safe and secure. We assume “my information is safe, I can’t or won’t be hacked, my boundaries are safe” or “I trust my people to do the right thing by me”. Therefore, the onus is firmly on the business to avoid events such as data leakage, theft, or often devastating breaches in security.
Data is collected by people, machines, surveys, etc. But are we allowed to keep what we collect? Who sees this information and more importantly, should they see it? Consider this: A breach in security or a data leakage could result in personal liability, possibly resulting in punitive penalties. If we apply the logic of risk vs insurance as in the flood and fire examples, by having adequate insurance, you will be protected against such events. If you do not declare everything you own in your house on an insurance policy or add the correct “extra’s” to cover you for the expensive items or rare events like flood, fire, or an information breach, then your cover is void and/or conversely your insurance premiums are significantly increased to cover these things. It’s not fun sitting in front of a panel explaining why you did not initiate protection protocols. So how can you justify the significant financial losses and associated impact to both the business and your personal reputation?
The reality is you cannot cover every option – you can, however, adhere to best practices and mitigate the risks by protecting your assets with the right policies.
As insurance begins to enter the Information age, how can you define the information assets you have in order to (a) ensure you have adequate cover and (b) have additional cover for those acts of god, natural disasters, black hat attacks, staff error or even worse, internal staff sabotage? When assessing a business for information risk, an insurance company is forced to make a lot of assumptions which impact cover and premiums, often asking the client to define the value of their information. In order to drive down these premiums and increase confidence with reduced risk and improved compliance you first have to take ownership and become or employ a custodian or Data Protection Officer. Information is the crown jewels of a business and should be protected with a reciprocal level of diligence.
Having detailed knowledge of the information you collect and retain, where it resides, who can do what with it, coupled with the business, legal, and personal value is empowerment you simply cannot afford to ignore. With this knowledge and renewed focus, you’re now in the driving seat when negotiating the insurance premium and can sleep easy knowing your business and career are covered.
Over the recent years, Data Loss Prevention (DLP) has been very high on the agenda of global organizations who are based in more litigious geographies such as the USA. Over the recent 12 months, we have seen a tremendous increase in Australian companies wishing to protect their information assets which have led to Insentra creating DLPaaS – a simple and easy way to integrate DLP into organizations without the often large expense of licenses and services.
Get in touch with us today!
