Digital transformation and information security
IT and business leaders are increasingly under pressure to find ways to apply digital practices to business processes and operations. However, many analysts point to a large divide between the goal of digital transformation and companies’ ability to achieve it.
Digital transformation efforts are underway to varying degrees at virtually every company, with projects typically spearheaded by the Chief Information Officer (CIO) or Chief Technology Officer (CTO). However, these efforts are often driven in pockets of the enterprise by individual employees with expertise and passion for digital, and a vision for how it can help their company become more competitive.
Dubbed “digital change agents,” these individuals come from different backgrounds and skill sets, but all advocate for the same thing: using digital tools and processes to improve the business.
These individuals in the organization are most likely not in a leadership role, and maybe not even in a management role, but they are exceptionally passionate, informed, and experienced in digital and its impact on business and markets. They’re going out of their roles to try to send that message up the corporate ladder.
CIOs and Chief Marketing Officers (CMO) often battle to spearhead digital transformation efforts, with the CIOs taking a technology-first approach and CMOs taking a customer experience path. Digital change agents tend to see how customers and employees are changing and that efforts need to be cross-functional.
However, these individuals are not experienced in change management—one of the largest barriers to digital transformation success. Digital transformation has less to do about digital, and more about good old-fashioned change management. The common challenges for digital transformation to go enterprise-wide are all related to the fear of executives and their colleagues—things like self-preservation, egos, politics.
Let me add, that digital transformation opens the door wider to information security breaches, affecting data privacy security and cyber security. However, as we all know, confidential information must be kept secure to protect the business and its staff. System or network breaches and data loss can result in severe consequences for organizations.
There are numerous real-life examples of publicized intrusions (we are just witnessing that two fast-food chains are investigated for severe data privacy breaches) that produced damaging results, and they have proven that technological safeguards and a strong employee commitment to policy are essential tools in preventing and responding to information security incidents.
With this perspective in mind, the proper channel and process for reporting security incidents that might compromise data integrity is of utmost importance for all employees in order to maintain business operations.
Given this scenario, it is essential that organizations create data breach teams that can act immediately when breaches are happening. The following examples are possible signs that an information security incident may be in progress or may have already occurred. Some of these may be legitimate occurrences that are a normal part of daily operations—but others may be a sign of a deeper threat. Employees should operate from the standpoint of whether these examples (or others not listed) are expected or unexpected:
•Strange application behavior, such as programs that mysteriously close or from which data is missing
•Excessive system crashes
•Abnormally slow or poor system performance
•Reports that they have sent out spam or unwanted emails
•Inappropriate pop-up ads
•Locked accounts or reports that they have attempted to logon unsuccessfully, especially when they have been away from their system
•Remote requests for information about systems and/or users (e.g., individuals claiming via phone or email to be help desk staff and asking for passwords).
If companies need assistance in implementing these processes, there are teams available that can reduce risks and provide systems management. Comments are welcome – contact me at Schumacher@eitsc.com