We have read countless articles on data security, but not one about having a good relationship with the people you entrust with your data security. There seems to be a misconception that data security is something not easily understood or practiced, and so should be left to the skills of a limited few who work in isolation to "fix" the problem. This is not realistic. Data security is a daily issue requiring a high level of trust and constant communication between your company and those people. It is a work in progress. A marathon as they say, not a sprint. And you need hard working people on your team.
Do you have a data security partner or just a breach hotline—that number you call only when something goes wrong? Do you have a cyber-security insurance policy? If you do, it is comforting to know that you likely have a number to call and help will be waiting. What you are doing now, every day, to lessen the risk is what really matters.
You need a partner. Someone who will not only give you good advice, but will meet you in-person at your office and understand how your business really works. A trusted advisor lessens the burden placed on you to explain as much as you can over the phone, allowing you to focus instead on company demands.
To be clear, cyber-security insurance is critical. It is as
important as general liability or workers' compensation
insurance. The problem is that cyber-security incidents are
generally not one-time, unique events like an accident. There is no
simple one part solution to fix the problem. This is why knowing
and actually meeting on-site with those giving you advice is
important. The U.S. Department of Homeland Security has a motto:
"Stop. Think. Connect."" It is simple, and condenses
important concepts into these short, directive instructions. Data
breaches exist because we have not stopped to think and discuss
data security. We are so used to just plugging something in and
expecting it to work that we don't consider the consequences
when technology fails and leaves us vulnerable.
The manufacturing industry was an early technology adopter. That
same practical approach continues today with projects being done
with hand-held tablets and powerful computer servers to manage
everything from three-dimensional software to completely integrated
on-line build schedules. All of this technology is aimed towards
the single purpose of manufacturing safely what was promised, on
time, and within budget.
Technology makes the process more efficient. It does not replace individuals still doing the work. That is why, for example, a computer does not handle safety meetings. Effectiveness in that area requires one person to say to another, "don't do this and if you do I am going to remove you."
All of this might seem overwhelming, but it doesn't have to be. To borrow a phrase from the Federal Trade Commission—start with security. Think about data security just like a morning safety meeting. Make it top of mind so it becomes a part of the daily practice and so it is reflected in your business and growth strategy. Include trusted partners that not only provide you advice when a problem arises, but also help in the prevention of problems before they occur. This should be a working relationship. One filled with meetings, calls, and thoughtful discussions about what protections you need to keep your business running and keep your team focused on your core work.
Originally published by The Goods, Kentucky Association of Manufacturers, July 2016
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.