Thanks for visiting the Digital Workplace Group (DWG) website. You'll see this post may refer to the "Intranet Benchmarking Forum (IBF)," the "Digital Workplace Forum (DWF)" or "IBF Live." But that doesn't match our website name!
In a nutshell, we merged IBF and DWF into one service and changed our name to "Digital Workplace Group." The new name represents the broader set of services we've grown to offer, beyond an original focus on just intranets. We also changed the name of our monthly webinar from "IBF Live" to "Digital Workplace Live."
Although we've relabelled things, we're proud of our decade+ history and have left this page intact. Enjoy your time on our site and please contact us with any questions or comments.
In Paul Miller’s new book “The Digital Workplace: How Technology is Liberating Work” we cover both the ups and the downs of digital working. Arguably one of the negatives is an increasing nervousness about the potential for data security breaches amongst organizations.
There are a number of trends which have the potential to make IT departments feel a little twitchy about data security. Some might benefit from learning more about privileged access management to improve their data security. These include the increase in mobility and related devices, the growth of the cloud, the sheer number of online transactions, use of consumer tech in the workplace, social media, the interest in ‘big data’ and the growing sophistication of hacking groups. For more information on cyber-attacks and data breaches in the past have a look at this infographic published by the University of Alabama Birmingham.
There’s also some evidence to suggest that senior management are getting just as jumpy as IT and compliance department. For example a 2011 Websense survey of 1,000 IT Managers based in the US suggested that 35% of CEOs had got involved in talks about IT security having not previously been involved before after high-profile data security breaches, particularly WikiLeaks and those involving Sony.
Are they right to be nervous about security?
But are IT departments and leaders right to be a little nervous? The frequency of stories regularly appearing in the media about data breaches might suggest so. Various research surveys also strongly support this view. For example a recent Forrester survey of 2,300 IT executive suggested that 25% had experienced a data security breach in the previous year.
A survey released this month conducted by PwC s suggested the figure was even higher. The survey found 82% of large organisations in the UK reported security breaches caused by staff. One in seven large organisations in the UK detected hackers within their systems, 70% reported attempts by hackers to break into their network, and the average cost of the most serious data breach between £110,000 and £250,000.
Can many breaches be avoided?
So if we’re right to be wary, what can be done to prevent serious breaches? There is a view that many data breaches are largely unavoidable if the right planning, tools and processes in place. For example Verizon’s Data Breach Investigations Report suggests that nearly 80% of organizations were victims of opportunity where they had an “exploitable weakness”. Moreover 96% of attacks were not “highly difficult” – in that they could be prevented, and the attacks that were more sophisticated in nature tended to be once the original data breach had been made.
Challenge of mobility and consumer tech
Mobility and the rising use of consumer technology within the workplace may present more of a challenge. The use of more mobile devices for work is undoubtedly fuelling the potential for more security breaches. For example the 2011 Websense survey found that 27% had experienced company data being taken from a unprotected mobile device. Similarly social media also has risk potential – with the same survey reporting that 17% had experienced confidential information being posted to a social networking site. PwC found that 47% of large organizations in the UK had staff who had lost or leaked data.
To a certain degree there will also always a game of cat and mouse going on between users who want to get round restrictions imposed on them by IT departments, and do what they need to do. For example if there is a 10mb limit on what you can send out by email then you just go and use Gmail. To a certain degree then organizations can never really keep a completely watertight ship.
Is it a user education issue?
Obviously there are a number of solutions which can be put in place, but with IT departments unable to control user behavior, education, training and highlighting personal responsibilities has to be one the approaches to minimize data security breaches.
Understanding risks and how not to compromise damaging an organization’s data security is important, although encouraging behaviors with such a dry subject isn’t necessary easy. For example some have criticized existing data security training programs suggesting that they need to be more imaginative in the way they deliver information to users.
I wonder if training and programs to spread awareness are placed in the wider context of working in the new Digital Workplace they have the potential to be more powerful? In general there is a woeful lack of training and support for this whole new shift in the way people work.
If the workplace is being transformed then employees should understand this new world, and new issues they face which cut across many different areas, including risk and compliance. There are many organizations that have yet to acknowledge that work is changing to a more mobile version. Those that do attempt to understand the change, grasp the opportunities and plan for the challenges are the ones most likely to succeed in the coming years.
What do you think? Does spreading awareness amongst users make a difference? Do you notice that employees who are more established in virtual working patterns tend to be more careful with their data? Is the problem going to get worse? We’d love to hear your views.