Ransomware has been a serious threat to organizations for years. And its reach only continues to expand as hackers find new and creative ways around security measures. The headlines around these incidents always put the number of records stolen or locked away front and center. But are these security failures also record management problems? The simple answer is no.
Some experts argue that if you dispose of old records, they can’t be held for ransom, making this a records management problem. While it's true hackers can't steal what isn't there, the most critical records are always the more recent ones, and you cannot delete those.
That said, records management includes information controls aimed at ensuring the organization does not prematurely dispose of a record. Information professionals need to broaden that requirement. Security is the key to both protecting and ensuring accessibility to records. So to succeed, information professionals and security experts need to work together.
Security and Information Governance Are Separate Disciplines
Organizations have finally realized the need to wrap security into all stages of system development. The evolution of DevOps into DevSecOps is a clear demonstration of the recognition of security's importance in the entire development process.
Organizations need to apply this same mindset to information governance.
I'm not suggesting information professionals become experts in security. Both disciplines involve too much knowledge for the average person to master both. But that doesn’t give information professionals a free pass in learning security concepts. They need to understand the basics and have enough wisdom to involve security experts in every aspect of information governance planning and execution.
The same principle applies to security professionals. They will never be information governance experts. It's therefore up to information professionals to make security experts aware of the value of the different information at risk so efforts to secure the information have the right priorities.
Related Article: Information Governance Is Boring, But Necessary
Security Shouldn't Come at the Cost of User Experience
The two professions share a lot of common ground. This is even more true as organizations digitize their processes. Digital transformation can really boost efficiencies within an organization. Unfortunately, it can also boost the effectiveness of a hacker exploiting a security hole.
The two groups need to work together to protect the organization’s information. However, they need to be careful as both groups share a common weakness: They both tend to apply so many controls on information systems that people within the organization cannot get their work done. Security professionals and information professionals need to work with the business to ensure the security of the systems, without hindering user experience.
After all, a secure system that nobody uses is a security vulnerability when people bypass it to get their work done.
Related Article: Guess What? User Experience Matters for Employees, Too
Make the Connection
When you look at it, security and information professionals have common goals. Though they focus on different threats and use different methodologies, they both protect the information assets of an organization. However, just like the security guards and file room records clerks of the past, their ultimate goal is making sure the organization can find and use information assets when needed.
So, go introduce yourself to your counterparts on the other team. Find that common ground. Help each other identify the information that needs protection and the threats that you need to defend that information against.
Successfully handling the evolving security environment requires all groups in an organization to come together. Hackers may not be an information governance threat, but they are threats to the organization that information governance professionals can help defeat.