Digital businesses must telegraph hygiene policies

Published on the 08/06/2015 | Written by Beverley Head


Digital business

With data security, digital enterprises need to determine “acceptable risk” because absolute security is unattainable…

Felicity Ruby, ThoughtWorks’ director of global internet policy and John Stojanovski, lead security consultant, say organisations which rely heavily on digital business models should determine how much risk they could bear, and then work out an appropriate security hygiene policy.

Ruby likened this to the digital equivalent of hand-washing routines that prevented infection and spread of disease, noting that; “Every person in the business could be the vector.”

Stojanovski said four questions an organisation needs to ask to determine acceptable risk are: what are the security obligations (compliance); who are the most likely adversaries; what assets are at risk; and what are the security disasters faced.

The answers can be used to craft digital hygiene policies, and also formulate response plans in the form of disaster recovery and business continuity strategies.

This is particularly important for organisations which made use of big data, according to Ruby as, “The flip side to big data is big security issues,” she warned, adding that it was particularly important for employees in HR, marketing and retail to understand the importance of good digital hygiene – such as never sharing access passes, or passwords, or opening unexpected email attachments.

“Each business would have a different set of basic digital handwashing – for example how they respond if someone calls for this information only give it under these circumstances.”

Stojanovski reinforced the message that the most vulnerable part of a business revolved around people and interactions with computer systems and data.

Both presenters, who shared a stage at the ThoughtWorks user conference in Sydney and Melbourne last week, however noted said other people’s mistakes should serve as a warning to Australian enterprise to security harden their systems, processes and people.

Ruby however warned that while security could become a digital market differentiator organisations would be “wise to not scream from the rooftops because someone will want to test that.”

Post a comment or question...

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

MORE NEWS:

Processing...
Thank you! Your subscription has been confirmed. You'll hear from us soon.
Follow iStart to keep up to date with the latest news and views...
ErrorHere