We’ve all been there; heart racing, palms sweating, and gasps of remorse while frantically pressing the email recall button and praying you haven’t done what you think you have just done. You guessed it, I’m talking about the “oops” email – the email that you should not have just sent. The email that could cost you your job, your reputation and a sizable amount of regret!
Suggesting that IT is responsible for protecting today’s data is like suggesting a car dealership is responsible for the safety of drivers. Ultimately, you can buy a car from a dealership, but it’s your responsibility to be safe and avoid accidents. IT alone can’t cover the “oops” email or any other user blunders. As we move forward in a world where users are responsible for creating and handling an organization’s most important asset – data – it’s imperative to make users aware of their responsibility. After all, users are often much more aware of the sensitivity of a file than a machine can be.
I hear you asking: “Why is it my responsibility when we have all these great security systems?”
The answer is context. Who better to determine how a file should be handled than the person who created it in the first place? Certainly IT can put technology in place to help protect us from our own mistakes, but ultimately the responsibility is ours. For example, once a user determines the sensitivity of their email (for example: public, partner confidential, internal only) then downstream technologies can handle it appropriately (for example: restricted documents can be encrypted or internal emails can’t be sent to external domains).
But as much as technology can do, it always comes back to the user. As my colleague pointed out a few months ago in this blog, your information can still simply walk out the door in paper form.
The key to any data protection strategy has to be the creation of a culture of security within your organization; make users part of the solution. I have worked with many organizations and seen their security training programs and manuals, but they all still struggle to keep security in the minds of their busy users. However, when they see the benefits of TITUS classification policy alerts and what can happen when users are involved in the identification of information, they take note!
Data security is everyone’s job. Just ask Dell.