Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

Cybersecurity, Regulatory Compliance and Information Governance

When it comes to cybersecurity and regulatory compliance, several factors come into play. First and foremost, the human element is important to consider. Basic best practices such as strong and continually changing passwords and ensuring the security of your wireless networks are essential. Also, creating an overall regulatory compliance plan that is understood by all parties.

There have been some interesting developments in the world of cybersecurity:

  • Criminals are starting to change or manipulate electronic information which could compromise its integrity, accuracy or reliability
  • Despite the increased attention around cybersecurity, most organizations have not changed their practices in a sustainable way
  • Ransomware has become a popular way to hold information "hostage" in exchange for compensation

In the wake of the data breaches at large organizations like Sony Pictures (check out our blog post about it), here are some best practices from Mark Pribish, VP at Merchants Information Solutions:

  • Annual employee education should be the No. 1 priority. Talk to workers about ID-theft and data- breach risks because the threat level is rising and you don't want it to sink your business.
  • Your business needs to complete and implement an information governance plan.
  • It will be no small problem if your data is breached and you're unprepared. Business owners who want to remain in business must take cybersecurity seriously and recognize that one of the biggest threats is within the organization.
  • The challenges of a data breach event can include complex federal and state breach notification laws and regulatory compliance issues, and most small businesses lack the financial and human resources to respond. Cyberinsurance can support your risk-management objectives.
  • Crisis preparedness is a significant issue weighing on chief financial officers, with cyberattacks cited as "the most threatening potential crisis.”
  • Create, test and update your business' written information security and governance policy annually, including penetration testing and a simulated data-breach event.
  • A company’s cybersecurity is a team effort. Coordination is critical because criminals will try to exploit weak links.
  • Crisis preparedness is a significant issue with “cyberattacks cited as the most threatening potential crisis.”

As we've talked about in the past, data breaches has become increasingly common and having a proactive plan is crucial for minimizing damage and protecting sensitive records. Making the IT group a part of the information governance discussion ensures all parties are aware of how the information is being stored and disposed. 

Posted by Andrew Borgschulte

Related Posts

Why Should Records Management be Important to You

Why should an organization care about records management? When users throughout all departments are creating new records without a thought to how they are cataloged or tagged, the sprawl of records can become a real threat. Unstructured data can lead to compliance issues for highly regulated industries. When proper records management isn’t a top priority, content that should have been disposed of for security purposes is left vulnerable for anyone to find and distribute.  

Creating Compliance in Chaos: A Consultant's Story

Records and Information Management (RIM) is constantly changing and evolving as record managers begin to realize the benefits of automation in their daily operations. In my 6 years of consulting, I have seen everything from heavily manual business processes to automated document management solutions.  Even as time goes by, information professionals continue to face the long-standing hardship of trying to get end users to comply with either internal or external regulations when it comes to records management.  Lately, there has been an apparent shift from ridged business centric solutions to end user centric solutions. 

Gimmal at ARMA International InfoCon 2019

Once a year, members in the records management community come together for ARMA’s annual conference to discuss the latest advancements and best practices for modern information managers.  ARMA, the global authority of information management and governance, hosted this year’s conference, ARMA InfoCon, in Nashville, TN. While attendees were not in the typical “record” industry that Nashville is known for, the location called for a great mix of music and information management knowledge.