Cyber-Legislation Bill Approved by House, Senate Prepares Its Own
The following excerpt from an article titled “Cyber-Legislation Bill Approved by House, Senate Prepares Its Own” by Fahmida Y. Rashid says a lot about the need for every organization to assure that it is protecting its most important asset: its information: “The U.S. Director of National Intelligence James Clapper urged the U.S. House of Representatives and the Senate to pass legislation to increase cyber-security in both the public and private sectors during a hearing of the House Select Intelligence Committee on worldwide threats on Feb. 2. Clapper discussed intrusions on public systems that control major defense weapon systems, electrical grids and banking infrastructure. The U.S. economy is losing upwards of $300 billion per year because of rampant cyber-espionage, Clapper said.”
What this says is that those that provide any type of product, service or solution that touches important data need to have a strategy and a plan to support their customers in this endeavor. Understand that the $300 billion discussed is only regarding cyber-espionage – not day-to-day hacking or employee or partner breaches that occur on a regular basis.
The most interesting thing is that this is the proverbial elephant in the room that people are reluctant to talk about. When you ask many people what their organization’s data governance plan is, the majority will tell you that they don’t know if they even have one. Also, when I speak to many providers of printers, copiers, scanners, faxes, MFPs and managed print services, the majority of them do not note data security as either a priority risk issue or a business opportunity.
Current legislation and compliance varies from state to state, country to country and by industry. However, the U.S. Federal Government is going to continue to push additional requirements down the line, which will have significant impact on states as well as any organization that deals with government agencies or even nongovernmental but sensitive consumer or corporate data.
The article goes on to say that “as much as 85 percent of the country’s critical infrastructure is controlled by the private sector.” So the question is, are you offering security as a part of your business solutions? The main point I am illustrating is that if you are not, then you are either at risk of significant loss of future business or are not taking advantage of a very significant business opportunity.
There are several approaches to take, starting with making sure you are looking within your own organization to determine how secure your data is and whether your practices maintain a high standard of care for your own information. It is also a great way to learn and pass on the experience and knowledge gained from designing, implementing and executing an effective data governance program. Finally, it makes you much more credible when you are having a discussion with your customers and prospects.
From there it is important to have the right set of questions prepared regarding the critical information that you are touching or managing for your customers. Then, assure that your representatives are properly trained, prepared and consistently asking their clients about the information they are managing. Not only is this a best practice to protect your organization against any liability, it is a great prospecting approach to sell add-on products, services and solutions that are going to benefit your clients and expand your business model.
Your most immediate opportunity is in the data security offerings currently available to you from the manufacturers you represent, so determine what those are. Many offer secure print, print monitoring, secure file transfer, digital rights management and other solutions that are either built into devices or easily added. Some also provide additional software solutions that can easily be added to a monthly or quarterly payment.
Although some of these solutions may not add immediate extra revenue, they may be the difference between winning or losing a deal. However, once you have begun the security conversation and made that part of your regular customer dialogue, the door opens to a world of opportunity and, most importantly, you extend your credibility with your clients.
The key first step in security conversations is assessing and prioritizing the different types and categories of data that need to be secured. Also, examining the process lifecycle of that data is important so that you can follow the steps and identify areas of particular risk. Look carefully at the devices – whether they are printers, scanners, copiers, MFPs, fax machines, computers, laptops and servers – to determine the device and location security levels of any that you interface with.
It is also important to determine how to protect actual physical documents or electronic files; this is a people, process and technology issue. It is imperative to understand who creates or accesses them as well as what the processes are that are followed to assure that the chain of control is not broken and apply varying hardware or software technologies to add the appropriate level of protection based on the value of the information. Finally, you should consistently review and challenge the governance plan that is deployed to assure that it is being followed as well as updated as appropriate.
I think that the closing quote in the Cyber-Legislation Bill article speaks volumes about the future of document and data management. It should also hopefully get you to think about where you stand within your company and what role you can and will take in providing solutions for your customers: “Where the market has worked, and systems are appropriately secure, we don't interfere,” said Sen. Joseph Lieberman (Ind.-Conn.), chairman of the Senate Homeland Security and Governmental Affairs Committee. “But where the market has failed, and critical systems are insecure, the government has a responsibility to step in,” Lieberman said.
Posted on 02/13/2012