Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

4 Ways to Keep Your Workforce Thinking Information Governance

Our post today comes from Christopher J Michael. Chris is a consultant at Paragon Solutions with expertise in Records Management, Information Governance, and Digital Archives. He is also an active member of ARMA International and serves as Secretary on the board of the Philadelphia area ARMA Liberty Bell Chapter. The orginal article can be found here on the Paragon Blog.

Did you know the greatest threat to information governance and security is your own employees?

The 2015 Data Breach Forecast by Experian found that employees were the main cause of about 60% of security incidents. Although this type of breach doesn’t make the news in the same way that outside hackers do, the threat of malicious insiders, unauthorized use of cloud services and tools, or negligence of employees not knowing or following policies already in place must be taken seriously. 

Information is a business asset that is important across all functions of an enterprise since not only can the information lifecycle cross functions, but each function manages their own information with their own lifecycles. Coordination among departments allows an organization to make effective use of all of its information, regardless of ownership, particularly in this era of Big Data.

What are four ways to keep your workforce thinking wisely when it comes to information governance expectations - and practices?

 

Bring Your Own Common Sense

Bring Your Own Device (BYOD) allows employees to work and access enterprise data and systems using their own mobile devices such as laptops, tablets, and smartphones.
BYOD has gained popularity in recent years as a way for IT departments to keep up with constant changes in technology and employees who increasingly want to work and access company information on their personal devices. 

However, without formal policies and procedures in place, BYOD can be major security risk resulting in external and internal data breaches, lead to non-compliance during litigation or regulatory action, and threaten an enterprise’s critical systems and sensitive data. BYOD results in employees creating and using electronically stored information (ESI) on their personal devices that may be subject to electronic discovery (eDiscovery) in the event of a lawsuit.

Cloud Cover

According to the Cloud Usage: Risks and Opportunities Survey Report by the Cloud Security Alliance a quarter of respondents don't have security policies or procedures in place to deal with data security in the cloud. Cloud security architecture is effective only if the correct defensive implementations are in place.

There need different types of cloud security controls such as Deterrent, Preventative, Detective, and Corrective controls in order to reduce the efficacy of attacks and defend weaknesses in the system. 

Why? Cloud infrastructure must be governed and there should be audits for compliance to make sure the policies put in place are enforced and processes and tools are working as planned. These policies will also need to be regularly updated with the adoption of new technologies such as the Internet of Things (IoT).

Additionally, it's imperative to make sure your team is aware of the many information security concerns relating to personnel associated with cloud services such as security screening of potential recruits, security awareness and training programs, proactive security monitoring and supervision, disciplinary procedures, contractual obligations part of employment contracts, service level agreements, and codes of conduct.

Communication Fosters Governance

Information Governance brings together the functional areas of Information Governance (IG) such as IT, Legal, Records & Information Management, Privacy, Information Security, and Compliance which often intersect. An organization that ensures the facets of IG across an enterprise are coordinated and working together by fostering communication between stakeholders to achieve the common goal of gaining value from information while also balancing risk is doing great things to protect governance. 

The catch? Effective information governance needs a leader who can own the information problem, coordinate information-related functions, and balance and prioritize the costs and value of information. Enter the Chief Information Governance Officer (CIGO), a senior executive who oversees gaining value and reducing risks of information across an organization - and serves as the communication conduit for all things information governance. 

Read Also: 8 Ways a CIGO Protects Enterprise Information Governance

Social Media Smarts

Social media enables users to collaborate, create, organize, edit, comment on, combine, and share information. This often results in the creation of content that are, in actuality, official business records and need to be captured, managed, classified, retained, and disposed of after their retention periods are complete. If your enterprise already has a digital archives service in place you should be able to archive simple social media records - blogs, YouTube file in open formats - following yourBusiness As Usual processes for electronic archiving.

However, with more complex social media records - such as Instant Messaging or Facebook - you may need a technology that can capture, classify, preserve, and manage retention for all types of social media. Some of these include ArchiveSocial, Backupify, Erado, Smarsh, PageFreezer, Gwava, and more. Be sure to do a full assessment to determine which solution is the best fit for your enterprise - and consult experts in social media governance to ensure all you are doing to protect your social media records truly pays off for your organization. 

According to Gartner, Information Governance is the specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals. 

To be on the smart side of information governance best practices and procedures today, progressive enterprises must tap the most crucial component of governance strategy - today's increasingly digital workforce!

By Guest Author

Related Posts

Why Should Records Management be Important to You

Why should an organization care about records management? When users throughout all departments are creating new records without a thought to how they are cataloged or tagged, the sprawl of records can become a real threat. Unstructured data can lead to compliance issues for highly regulated industries. When proper records management isn’t a top priority, content that should have been disposed of for security purposes is left vulnerable for anyone to find and distribute.  

Creating Compliance in Chaos: A Consultant's Story

Records and Information Management (RIM) is constantly changing and evolving as record managers begin to realize the benefits of automation in their daily operations. In my 6 years of consulting, I have seen everything from heavily manual business processes to automated document management solutions.  Even as time goes by, information professionals continue to face the long-standing hardship of trying to get end users to comply with either internal or external regulations when it comes to records management.  Lately, there has been an apparent shift from ridged business centric solutions to end user centric solutions. 

Gimmal at ARMA International InfoCon 2019

Once a year, members in the records management community come together for ARMA’s annual conference to discuss the latest advancements and best practices for modern information managers.  ARMA, the global authority of information management and governance, hosted this year’s conference, ARMA InfoCon, in Nashville, TN. While attendees were not in the typical “record” industry that Nashville is known for, the location called for a great mix of music and information management knowledge.