How businesses can create a data security culture in the digital transformation era


In today’s fast paced business environment, the race is on for organisations to become fully digital, something which we saw backed up by The Economist Intelligence Unit’s recent ‘Digital Transformation Agenda 2016’ report whereby 77% of those surveyed agreed (somewhat or strongly) that digital transformation is their number one priority. However, 46% also said that they think their organisation has some significant changes to make before this can happen.

Organisations that own and manage their data correctly will be the winners in today’s business environment. Essentially, those leveraging their Big Data analysis to give internal insight that lead to savings, efficiencies and better customer experiences will see dividends in market share and increased revenue.

According to IDC, by 2020, 1.7 megabytes of new information will be created every second per every person in the world. If we think data management is complicated now, these figures give food for thought. It’s clear that organisations will need to determine how and what they store, manage and share (and on what platforms) in order to handle this influx correctly.

Today’s digital world has led to an increasingly mobile workforce that uses technology on the go, and from multiple locations. The use of multiple file-sharing and cloud platforms is an everyday occurrence in order to facilitate the sharing of information between internal and external sources. But with much of this sharing including sensitive data that could easily be intercepted, it’s vital that we strike a balance between sharing and protection.

Security Awareness Concerns

As our digital universe continues to expand, so too do our chances of attack. Netskope’s Cloud Report found that organisations have around 977 cloud apps in use at any one time, which opens up a huge opportunity for business harm. It was found that 43.7 per cent of malware found in organisation’s cloud apps delivered ransomware, and 55.9 per cent of malware-infected files in cloud apps were shared publicly.

But as well as external hacking and malicious threats, let’s not forget that a much more likely threat is our old friend ‘human error’, which is the result of an uninformed workforce. With legitimate employee access there is no hack whatsoever. Through human error, it’s common to see sensitive data mistakenly shared by email, attached incorrectly and rightly or wrongly, shared to employees personal emails and devices, opening up even more potential for attack.

Creating Digital Awareness

Whilst traditional security measures aren’t able to prevent accidental disclosure through careless or uniformed users, data classification is a saving grace. Data classification enables organisations to classify, protect and share their information and adhere to regulatory compliance requirements by identifying and securing their unstructured data. In doing so they are able to balance the need to share information with the need to protect their sensitive and/or critical content too.

Data classification is successful because it brings about a shift in digital awareness of data. By adding ‘metadata’ to each file, such as author, date, or classification ‘confidential’ itself, any time that the data is saved, sent or shared, the value of the data is identified and clear to the user interacting with it.

But no tool or policy is effective is users don’t know how it works, which is where data classification differs from other security methods. By requiring users to identify the sensitivity of their information every time they save a document or send an email, data security quickly becomes top of mind across employees, and employees become empowered with the responsibility for their data.

In addition to letting users classify their data, it’s also possible for a classification tool to monitor users’ folders to automatically analyse and classify data as soon as it is created, moved or modified within folder, which includes the interception of files as they are downloaded from web browsers or email.

One area where this is particularly useful is the common area of email error. By checking the selected classification against the email content and attachments, classification tools can identify possible breaches before the email is even sent – giving organisations the best of both worlds: user-driven as well as automated classification.

Data Classification is the Foundation of Digital Transformation

From our experience, businesses embrace data classification in order to transform their security culture and set the foundation for information protection and their strategic digital transformation. Their objective is to bring about a culture of information management that makes their employees respectful and aware of the sensitivity of information they are handling.

Classification is an indispensable foundation to data security and shifting to a culture of data security will only take place when all employees are continually engaging in corporate security policies. Once the workforce is on board in principle, it’s important to follow up with tools that are easy to use and provide immediate feedback with corrective suggestions in the case of violations. When data is classified, organisations can raise security awareness, prevent data loss and comply with record management regulations.

In light of Australia’s impending data breach notification laws for organisations, it is vital that action is taken now to help increase digital security awareness so that human error can be minimised, and for workforces to fully embrace a future of data security.


About the author:

Tim Upton is the founder and CEO of TITUS and provides the overall vision for products and services around information protection best practices.