Is it time to prioritise a culture of security in your organisation?
Your organisation’s most critical assets are its knowledge and its people; and the latter are likely the weakest link in the chain when protecting the former.
The 2022 Cost of Insider Threats Global Report from the Ponemon Institute said that insider incidents cost $15.4m on average over a 12-month period. Significantly, many of these incidents didn’t take place with malicious intent. The report found that 57% of insider incidents involved employee negligence, and 51% of those surveyed said a malicious outsider stole data by compromising insider credentials or accounts. Put simply, even honest employees can unwittingly put your collective intelligence at risk.
Cybercrime can happen when an organisation lacks strong employee commitment to security — and the policies to support it. The best way to get that commitment is by creating a culture in which good security practice is normalised because it is valued, and people make the right behaviour choices because they want to, not because they are told to.
A positive security culture both recognizes the need for strong security and enables the actions required to achieve and maintain it. While IT usually manages security processes, security culture relies on the organisation’s leadership to embrace it – at all levels.
It is therefore vital that senior leadership has a good grasp of the issues. Delivering mantras about why security is good, or even rehashing statistics about how much money security missteps could cost the firm, are not enough. Best practices and expected actions from users to maintain a high level of information security should be defined based on conditions specific to the data held by the firm. Questions to consider are: What data is considered highly sensitive? Who has access to this data? Where is this data stored – a central document management system (DMS) or various data repositories? And how are these systems supported?
Leaders must be able to demonstrate their understanding of these secure practices and model those behaviours in the workplace to increase adoption. Keep requirements easy and transparent because the more hoops someone must jump through to access particular documents or data, the more likely they are to find a workaround that bypasses them.
Storing business-critical documents and sensitive information in the cloud, with the right security protocols in place, can help lay the foundation for a strong security culture.
A cloud-based DMS should provide scalable, always-on data storage supported by a highly secure architecture across every aspect of work — from document creation and search to data sharing, conferencing, and co-authoring. Cloud systems don’t care where workers are based: three people can readily and securely collaborate whether they are working in the same building or on different continents.
Balancing security and accessibility
The challenge for legal firms is not selecting a DMS that is in the cloud, but one that is supported by a company with legal industry expertise — that understands your needs and gives staff and practice areas the ability to assure clients of complete, 24/7 data protection. iManage is that company — supporting its customers with a secure, non-intrusive, cloud-based knowledge platform on Microsoft Azure that integrates with the familiar Microsoft 365 platform, so that users can work and collaborate seamlessly within their day-to-day applications.
Success breeds success. A strong culture of security backed by a cloud-based knowledge platform with proven and continually evolving security capabilities gives workers the freedom to collaborate with far greater ease and confidence. As they experience the benefits, secure behaviours become the key to opening gateways once perceived as barriers. Streamlined workflows, democratised access to information, and easy collaboration empower people to achieve their full potential, adding real value and impact to the firm’s bottom line.
Looking to proactively establish a culture of security around your people, process and technology? In making knowledge work you must secure your infrastructure.
We created a Security Culture Best Practices ebook for people like you that want to get ahead of the times and the threats and the benefits of organisation wide buy-in. This ebook – written by iManage Security experts – will help you understand why adopting a culture of security, while achieving a balance between security and accessibility, is imperative in protecting your valuable data.
This article first appeared on Artificial Lawyer
About the author
Manuel Sanchez
Manuel Sanchez is Information Security & Compliance Specialist at iManage with extensive professional experience in information security, governance, and compliance.