Posts from ‘Person-to-Person’
Here’s a great article by Brian O’Connell of CPA Site Solutions on how to deal with email security difficulties. The context of the article is from the perspective of the accounting industry, but I’d say it’s an extremely universal topic that actually impacts almost every kind of company today.
The premise of the article is that email is generally accepted as a dependable way to communicate and share files…. And then he points out that in reality, email isn’t very safe. Sound familiar? – And for you encrypted email lovers out there (you know who you are), I’d like to quickly mention that while encryption can make it harder to open an email or attachment, it does nothing to prevent it from being intercepted.
Brian draws a very important difference between “security” and “privacy” that I want to highlight.
“Privacy is the shield that protects a person’s identity while actively sharing information via the web.
Where privacy is about keeping the door locked, security is about the lock itself.
Security is the actual online authentication and authorization protocols that networks use to protect information and the audit system used to verify the overall system’s effectiveness.”
While I agree that the distinction is important, I’d also like to point out that an organization must protect both the security and privacy of confidential information in order to comply with the growing number of data protection laws and compliance mandates. I wouldn’t worry too much about the distinctions, but instead focus on the need to have visibility and governance over all files, data and information that are being shared both within your company and also externally with business partners and customers.
Email is the world’s collaborative tool and is the electronic ‘sending’ system of choice between people, both within and across organizations.
While the capabilities of transferring files via email hasn’t improved much in the past 10 years, the size and sensitivity of files has multiplied ten-fold.
Email usage is ungoverned at most organizations, meaning that employees can attach any file they have access to and send it to anyone in the world. For CIOs, it’s about more than just security – it’s also about visibility. If you can’t see the files flowing within and from your organization, you can’t protect them.
And how about employees, who are bound and determined to quickly transfer needed information (which may be confidential) with customers, co-workers and partners? For the majority of workers, not sending that file for security’s and visibility’s sake is not an option. Employees will choose ‘productivity’ over ‘security’ if they are given the choice.
Please do take some time to identify and evaluate the tools your employees use to share information with other people and ask yourself if it’s being done in a visible, secure and well managed way. You’ll likely want to rethink how people are really sharing information at your organization.