There’s nothing like that refreshed feeling that takes over in January. New month, new year, new hopes and new plans. Gym membership lists prosper from the annual goals of getting more exercise, while retail chains clean up from post-boxing day chaos and order in roses and chocolate for February. In the office world, January means kids are back in school, staff have returned from holiday gatherings and everyone is ready to pick up where they left off and get things done. What a great time then, to pick up new resolutions for your business, and start charting the course towards successful operations for the next year. Whether you celebrated on the 1st with champagne, or will be lighting firecrackers for the rooster on the 28th, here are three goals to get those databases and documents into shape for the new year:
1. Audit Your Information Holdings
If you want to improve information and data management, privacy and security practices but don't know where to start, an audit is that first step towards taking control. At the core, an information audit is intended to identify what are your company’s current information holdings, and what are its information needs. It’s an opportunity to step back and decide what your business wants to achieve with its information and data in the new year. Do you want to improve compliance with regulations on how your information is handled? Do you want better security, better privacy for your customers? Is there a metric you want to identify, or start keeping track of, for use in future business plans?
With an information audit, your business is taking the much-needed step of recognize what information you have on board, how it's currently being used and curated, and where things fall apart. Once you’ve identified what your business wants to achieve, auditing your information pinpoints where practices are failing, and what steps need to be taken going forward. In addition, a good audit can take the results to perform a SWOT (Strength, Weakness, Opportunity, Threat) analysis on your information and data, potentially opening up what you could do, or what would be wise to add, for a much more robust next year.
2. Invest in Staff Security Training and Awareness
I've already written about how information security needs to be integrated into business culture, but I'll repeat here: hackers aren't going away, and the easiest route to your private customer data is by piggybacking on those who already have access. If you want to make an improvement in your businesses security practices which will allow you and your customers better sleep at night, knowing that threats are being proactively stepped on by the team is a great way to start. Test staff phishing awareness and response, get serious about the consequences of poor password practices, and put policy in place so that people pause and check before giving access to even legitimate-looking requests. Don't wait to be exploited: protecting your digital assets is a team effort, and as hacking attempts become more and more difficult to identify, you really do want all hands on to protect the business. Everyone needn't understand the fully definition of a DDoS attack or know how to monitor network logs, but they should handle information with care, knowing what to do & who to contact if something looks off.
3. Place a Priority on Privacy
We're going to see some big changes in 2017. In Europe, companies now have only one more year to comply with the new GDPR. In North America, there's a new U.S. administration with very different standpoints on personal privacy and information access than any before it, and in Canada the law on voluntarily reporting data breaches is changing. Already HIPAA has given its first fine for inadequate notice of data breach, and to $475,000 it's nothing to sneeze at. Meanwhile, your customers want privacy now, more than ever; all of the data breaches and political changes have even more benign users questioning how much information they should hand over, and where it will be going. New 'smart' technology means a more personalized experience than ever before... but it also means a massive data headache unless privacy and security are implemented right from the design stage.
Make 2017 the year your business is going to start taking privacy seriously. Use an information audit to determine what you're collecting and where it's going, while getting staff on board that your business reputation requires respecting the data your customers entrust. A policy for users to sign off on is a start, but ask yourself what can you do, what more will differentiate your business from the pack? Are you classifying data to quickly identify risk and when safeguards are needed? Are your networks and repositories encrypted; if an outside party gained access to internal networks, how much could they fully access? What measures does your business put in place to encourage a relationship of trust, setting up a stellar reputation that will keep existing accounts and have more users picking up your product over an uncertain competition?
It's time to plan your information and data's workout regimen for the year to come. Like a resolution towards a healthy lifestyle or getting rid of winter weight gain, getting your intelligence in shape won't be achieved in a day: it requires commitment to the goal. Once you get going however, those small starting steps add up to a big difference, and by next year your information will be feeling fit, fine, and ready to take on whatever next challenges are in store.