What do Fear, Bad Behavior and Hurricane Preparedness have to do with Hackers and Data Breach?
Answer: EVERYTHING. We all know fear sells. The Media (because fear sells) bombards us all with things to watch out for, things to be afraid of- headlines like: “5 steps to avoid getting killed while crossing the highway”, and constant news-feeds of people using sandbags to stave off the storm surge. And worse.
This is not unique to the consumer press- the business media does the same.
So what to do? First, as in all things living and breathing, learn the difference between fight, and flight.
Flight – if it comes at you head on- lights blazing- with sirens- pull over, well out of the way. That’s flight.
Fight – Where you can’t see what the garbage men do with your trash- shred all personal documents that contain ANY PII. That’s fight.
How does this relate to our world of data and technology: Common Sense or lack thereof. Common Sense is missing way too often. IT may have an amazing set of InfoSec Policies and protocols and procedures, but if the company that is contracted to monitor HVAC uses the same servers as all of your customer SENSITIVE PII, and IT is simply asked to provide a pipe for the building plant and maintenance team- AND there are no rules in place to question why?, for whom?, and is this aligned with how we manage use, access and control?- then things like the Target Breach will occur.
Simply put, we need to begin a dialog in earnest about public and private companies looking at customer data and information, and employee data and information, and prospective customer data and information as a business asset. Like a product or service. Stuff. On the books. With a named financial value. I have been preaching this for years- but now it is paramount. Whether your finance folks use ROI, RONA or RONAE- make data an asset. Then the current organizational structure can begin to apply its rules and business processes that include Risk, Compliance, Legal and Procurement- AND Marketing- the driver of data, the employer of data must have a seat at they table. They understand source, enhancement, use, access, process and processing when it comes to using the data for business GROWTH.
Then, and only then, will businesses be able to understand and actualize the very real problems that come from bifurcated silos and organization structures that revolve around the old drivers of sales pipeline, funnel and output. (I know this is painfully simplistic- but spot me a break- this is a BLOG, after all)
The 5 steps to avoid getting killed while crossing the highway or preparing for the next storm:
- Actualize Marketing Data as a business asset
- Create a formal Marketing Data Governance And Data Stewardship Roadmap that includes Privacy, Security, Provenance and Compliance. Include all parties at the table, the creators of the data, the users of the data, and the protectors of the data.
- Once you have a cogent and comprehensive plan- socialize the process across your organization- with everyone and anyone who touches customer data- internally and externally.
- Keep the process alive- not in drawer- this is not a ‘check the box’ exercise- it will be constantly adjusting to the innovations of your agencies, your marketers and your sales organization.
- And above all, learn where the holes are- the vulnerabilities- and make this a part of your new view of data- understanding that there will always be vulnerabilities- understanding where they reside, and with whom they reside.
And now you are ready for the storm.
Keep an eye out for Peg’s Next Blog- “What to do if you get swept overboard”.
Peg Kuman, CIPM
Vice Chairman, Relevate