In-house counsel believe their data stored more safely than it really is. Kroll Ontrack’s 2016 Corporate Risk Survey of 170 in-house counsel, 76% of respondents reported that the company has effective safeguards for protection of IP and trade secrets, while 59% reported that their data breach response plan is nonexistent. What does this mean in terms of risk management?
Why data security is difficult
Data security has become the most significant risk companies face. A company’s information is a prime target for hackers since it contains valuable insights about the company’s trade secrets and behaviour. The sheer amount of data created and stored across sources and the way it’s managed makes it difficult to manage and protect. There is a gap in understanding between in-house counsel and the IT department. This means they don’t have a realistic view of the organisation’s data management practices – either they don’t have the right information or it’s not in a format they can absorb. Most companies aren’t in the business of information security so implementing preventative measures don’t directly correlate to an increase in profit. In addition, regularly updating incident response policies and training employees costs time and resources. Employees think that increased security means decreased efficiency. If the company makes it difficult for employees to access important files for business purposes they may attempt an easier but insecure route to access the same file.
How to manage the challenge
It’s all about striking a balance between protecting the company while empowering employees. Proactive organisations will want to create a roadmap outlining a number of responses. Responses can range from implementing new technology systems to bringing in security consultants and conducting training. The company should have a deep understanding of how data is managed. Not only can such a program improve the safety, reliability and access of the data. Appointing an Information Governance officer can help to improve the communication between the legal department and IT. An organisation should routinely assess their monitoring tools and conduct an analysis of employees’ IT assets and activity.
Even though data security doesn’t translate into profits, it’s imperative that solutions are put in place to prevent companies from losing profits. A report earlier this year showed that consumers take data privacy into account when making decisions. Consumers will take their business elsewhere if they believe a company is lax about data privacy. Legisway offers a secure web-based platform for storing and managing legal documents. Legal departments can easily access their information for instant business insights. You always know where your data is stored and who has access to it.