Whenever I’m asked to speak about Information Governance, I tell the audience that InfoGov is a lot like diet and exercise. Everyone talks about how they should do it, but many don’t actually begin, until something bad happens, and they have no choice but to get started.
But like diet and exercise, InfoGov can be implemented more effectively and efficiently if it’s done proactively, as opposed to in response to a problem like a breach, investigation, or discovery mishap. And like a successful diet or exercise regime, InfoGov is more likely to be successful if the company starts small and builds off its successes.
Let’s be frank. The idea of implementing InfoGov policies can be overwhelming. If companies don’t know where to begin, they can default into not beginning at all.
But if the most critical areas are addressed in a piecemeal way, they become much less overwhelming and the project is more salable to decision makers who might otherwise be afraid to get started.
Here are 5 small and manageable steps companies can take to get started on the road to good InfoGov:
- Control Access to Information
Access to corporate information should be on a need-to-know basis. Make sure that each employee’s access to information is appropriate and evaluated when their job responsibilities change.
- Improve Employee Training and Awareness
Training employees to be aware of their role in the management and safeguarding of company information is crucial. There are many ways to train employees in a cost-effective way, and awareness can be increased simply by alerting employees to examples of the latest phishing scam and other emerging concerns. Since experience indicates that most data mishaps are related to employee negligence, employee training and awareness should be a high priority project.
- Control Removable Media
Companies should consider blocking or implementing controls on the use of removable media. USB drives and DVDs can store massive amounts of data, but they can easily be lost or misused by rogue employees and bad actors. This threat can be mitigated in large part with better controls.
- Focus on Patch Management
In this era of malware, interconnectivity, and protected data, good management of operating system and third-party app patch management is critical. There are a number of ways to accomplish this, but the key is to recognize the need and ensure that the issue is managed.
- Require Strong Passwords
Employees may gripe, but improving the strength of passwords, changing them regularly, and training employees not to share them are relatively easy steps all companies can take to significantly improve their security.
Information Governance does not have to be overwhelming. By starting with small projects and building a track record of success, companies can improve their efficiency and security, reduce costs, and build momentum for solid enterprise-wide Information Governance.