What could a data security champion do for you?
While our business is focussed on creating great customer experiences through compelling customer communications, a key part of our work is data.
Data fuels the work we do. Customer data allows us to personalise communications so that every customer feels valued and recognised.
But we know that this customer data is also prized by fraudsters and scammers, who will go to great lengths to steal sensitive information. Of course, they aren't just collecting data for kicks; the information is used to access bank accounts, place orders and conduct other types of fraud.
According to the 2017 Data Breach QuickView Report by Risk Based Security, there were 5,207 data breaches recorded last year. As more of our lives go online, this type of crime is only likely to increase.
The question is: what can we do to protect ourselves from the tidal wave of cyber crime?
Part of the answer is to have secure systems and processes.
At DocCentrics, for example, our security management processes are ISO 27001 certified. We also have Cyber Essentials accreditation and a PCI DSS certified environment, and encrypt data by default.
The other part of the answer is to ensure your people understand their role in protecting data. One way to support this requirement is to nominate data security champions to lead the fight against digital crime.
What’s a data security champion?
Data security champions are people that you nominate to play a leading role in defending data. On a day-to-day basis, this means:
- Advancing the cause of data security through different teams
- Overseeing data security across the entire organisation
- Creating a security culture
- Sharing knowledge and best practice
- Reviewing security
- Launching and leading security initiatives.
Nominating a data security champion
Before you nominate a data security champion – or champions – you will need to define the role, procedures and reporting. What exactly is the role of the champion? What does the organisation expect from them? And what are the limits of their role and their authority? Ideally, data security champions should have support from all levels of the company, and their work should be recognised and appreciated by senior management. Your champion should also have the freedom to cross departments and divisions if this helps to create a more secure company.
The ideal security champion is enthusiastic and interested in developing your organisation’s security. If the champion has little interest in cyber security, or does not recognise its central importance, they are unlikely to achieve any significant change.
Once nominated, your data security champion may need to begin with a review of the current state of security, compiling a list of issues, weaknesses and strengths.
Building a knowledge base
Given the complexity of data security, and the wide range of issues, platforms and people involved in maintaining security, a core task of your data security champion is to gradually build a knowledge base so that other stakeholders can get involved. This might take the form of a company wiki or intranet.
Champion the cause
Even if data security champions aren't right for your organisation, it's easy to see the value of having nominated team members proactively monitoring data security and advancing the cause. Data security is everyone's responsibility, so you could argue that all employees should be data security champions. Without all employees on board, data leaks and breaches are more likely to occur.
Does your organisation have a data security champion? If so, was it an easy role to establish?