This is my sequel to last year’s paper, Not if, But When You Get Hacked: Measuring and Proactively Managing Information Risk.
This year I attack one of the biggest contributors to information risk and provide an actionable roadmap to “Kill Your File Shares”.
There are many good reasons to kill your file shares, so what holds organizations back from tackling this challenge? When referring to corporate file shares, I am including shared network drives, personal file shares, cloud storage and file sharing applications.
Go check out the Active Navigation “Kill Your File Shares” page and you can download my new paper there.
Last year I released a white paper sponsored by Active Navigation titled: Not if, But When You Get Hacked: Measuring and Proactively Managing Information Risk which highlighted the contribution of information risk to overall enterprise risk and discussed steps to assess these information risks with the goal of creating an Information Governance Scorecard and provided recommendations for establishing proactive monitoring of these risks as a vital first step to reduce the organization’s risk profile.
Click here if you would like to download it.
Well, I am working on the sequel to last year’s paper and you won’t want to miss it.
What’s the single biggest thing you can do to reduce information risk and the impact of a data breach?
My next paper will address this question and provide a practical way forward.
This was a guest blog post at Leaders Press On:
I had dinner this summer with someone I respect as a thought leader and innovator. We had a great conversation and discussion about a new project I am working on to disrupt the traditional model for IT and Information Governance consulting.
As we talked and bounced ideas off each other, an innovative creative synergy emerged that resulted in some new and novel ideas. It was great! Each idea shared inspired the other to add to it and up-level the previous idea. It was almost like a game of tennis or ping pong. The only difference was the ball was the idea and each time it crossed the net it was better.
That experience exposed something for me that is transformational that answers the following question.
How do you create an environment that fosters innovation with others?
Well, first you try something that is new and different. We had dinner at a really great Indian restaurant in DuPont Circle, Washington D.C. Indian food was new to my friend and this promised to take him out of his comfort zone.
Next, don’t focus on the thing you are trying to innovate about. We spent most of the time catching up and talking about all topics unrelated to the project I am working on. That set the table for what transpired later.
So, what did I learn that evening that can help you be a pioneer — an innovator? Here are four simple actions that can help you innovate with others.
- Get Out of Your Comfort Zone – Get one, both, or the team out of their comfort zone. I think this helps access new neural pathways in the brain and causes you or the participants to think about things differently.
- Connect Then Collaborate – Spend time connecting with the other person or team. By focusing on connection and conversations unrelated to the challenge or opportunity at hand you are helping to build an atmosphere which encourages collaboration in a safe space.
- Just Let It Flow – Don’t try too hard in planting the seed. Let the ideas flow and complement each other. No idea is bad. It is just an idea. You never know where it might take you. That idea that seems unusable at first might be the catalyst for something great 10 minutes later.
- Capture the Key Ideas – The free flow of ideas is great, and rarely do you want to stop the flow. But every time there’s an uptick in the idea from whom you are collaborating, be sure to capture it. Grab the napkin. Write it down. Don’t let those thoughts disappear like your dinner. Savor them for as long as you can. The next step is executing on those ideas. Remember, they can’t be executed on if they are forgotten.
We had a really great dinner that evening and an innovative rich discussion simply by following those four actions. It resulted in a couple of potential $1 million ideas.
Oh, who was my friend? None other than the host of this blog, Paul Gustavson.
This past weekend the world was overwhelmed by the cyberattack that spread around the globe hitting businesses, hospitals, and government agencies in over 150 countries. The rapid spread of Ransomware based on WannaCry which exploits vulnerabilities in Microsoft’s Windows operating system has been characterized by Europol Director, Rob Wainwright, as “…something we haven’t seen before”.
Why did this happen? Was it a failure of Cybersecurity professionals? Or something more insidious?
Unlike many previous Ransomware, this attack doesn’t spread by phishing emails or infected websites (browser based attacks) but uses the EternalBlue exploit developed by the U.S. National Security Agency to spread across networks and attack vulnerable computers which have not had recent security updates installed. Microsoft issued a “critical” patch on March 14, 2017, to remove the underlying vulnerability for supported systems. Surely, Cybersecurity professionals jumped into action and started patching all the machines on their networks to prevent an infection by WannaCry! Right? I guess not! So, why not????
I point to the lack of effective information governance as a root cause. I recently wrote about the importance of information governance and “Why Cybersecurity Pros Should Care About Governance”. A strong Information Governance Program would ensure that remediation and quick action is taken when a significant vulnerability like WannaCry is identified and a patch issued by Microsoft to protect against it. Most of the machines infected by this Ransomware should not have been affected. They should have been patched and widespread communications sent out to all members of the organization to be on alert for suspicious emails and to take protective actions for their personal machines at home.
Also, a strong Information Governance Program would ensure that end users are trained appropriately, and often, to recognize emails that serve as conduits for Ransomware and viruses and act appropriately to report it their Cybersecurity team while not infecting their machine and the network. I cannot stress the importance of a robust Information Governance Program which addresses the processes, procedures and human behaviors of managing information safely and effectively. My two articles address the cultural aspect of creating a culture of information management excellence: What Does Culture Have to Do with Information Management? and Creating a Culture of Information Management Excellence.
These are scary times and shoring up the “castle walls” or improving the “moat” around the castle is not enough by itself. The first step is to conduct an information risk assessment which will identify gaps and vulnerabilities that should be addressed immediately. If you need help with an information risk assessment or creating a robust Information Governance Program as well as a culture of Information Management excellence, don’t hesitate to contact me.
This post originally appeared on the John Maxwell Team blog.
When I started my career as a Naval Aviator after graduating from college, my training and development continued for many years. First, there was flight training for 18 months culminating in earning my “wings.” Then, onto another six months learning to operate the P-3C Orion aircraft, I would fly operationally in the fleet. By the way, I am flying the aircraft taking this picture of a P3-C with the Sicilian Mount Etna, Italy in the background.
Last year, I wrote an article titled, “What Does Culture Have to Do with Information Management?” which made the case for addressing culture as a part of any successful information management implementation project. Today, I wanted to offer some practical advice on how to create or install a culture of information management excellence.
So, how do we actually create this type of culture? Borrowing from John C. Maxwell’s definition, let’s look at the behaviors, symbols, and systems of an organization—the three components that make up culture.
Check out my latest article which was published in the December/January 2017 digital edition of Today’s General Counsel titled: “General Counsel Can Spur Legal Hold Success”.
I coauthored the article with Doug Deems, General Counsel, The Claro Group.
One of the biggest challenges posed by legal holds is getting compliance by the employees who are subject to it. Because they are asked to alter their normal handling of information (including emails, documents and papers), the success of a legal hold program may depend on how well an organization implements “change management.”
Our article provides three things that general counsel, specifically, can do to lead their organizations toward legal hold program excellence. Read the article here
One of the big challenges for information governance professionals is getting buy-in from business stakeholders and sponsors for funding projects. Often, there is a perceived poor return on investment (ROI) that creates a lack of urgency or the impetus to move forward.
Frequently, this is a result of projects being positioned as compliance or workplace efficiency initiatives. I attended two recent presentations that offered some practical strategies to help information governance professionals align and present project initiatives in a way that will help get them funded. Read More…
If this is true, then what are organizations to do? These increased cyber security threats corporations face today is a big concern for Board members and CEOs. The Chief Information Security Officer (CISO) along with help from the Chief Privacy Officer, General Counsel (GC), and CIO are tasked with keeping the company safe and addressing this risk.
This new white paper sponsored by Active Navigation, discusses steps to assess these information risks with the goal of creating an Information Governance Scorecard and provides recommendations for establishing proactive monitoring of these risks as a vital first step to reduce the organization’s risk profile. Download Now!