Media turning a spotlight on companies that have experienced some compromise to their data.

Data can provide a source of knowledge leading to a commercial advantage or, if handled in the wrong way, can create negative brand impact of such gravity that it has the power to discredit an organisation, or be the cause of such financial distress that it can lead to its eventual demise.

The information security officer, friend to the business
Data is the distilled asset derived from customer relationships. It is used to measure profits, cash flows, and the health and value of assets. It is used to report on the logistics, activities and qualities of suppliers, the capacity and tolerances of resources. Even when humans make decisions, they will increasingly rely on insights driven by data to do so.

As W. Edwards Deming  wrote, ‘Without data you’re just another person with an opinion.’ Data is central to the decision making equation in a digital business. Risks to data will generally fall into two categories – best articulated by Hanlon’s razor aphorism, ‘Don’t assume bad intentions over neglect and misunderstanding’ – where either:

1. Data is unintentionally exposed by an individual through an error of judgement, inappropriate user behaviour, a poor governance policy, or a poorly constructed technology architecture - or an unlocked door or access point that gives a third party access to data.

2. Data is intentionally targeted by a third party conspiring to use it for inappropriate reasons. These individuals will use hacking attacks, bribery and corrupt means to acquire the data they seek.

In both cases, organisations have a vested interest to establish clear security governance protocols and ecosystems to master control over who can access data and to what end. Accountability for the design, implementation and operation of such a regime will normally fall to an individual charged with the Information Security role.

Finding consensus on your risk appetite
In an environment where data is both intrinsic to success and essential to the continuity of business, how do you keep it safe?

As a provider of office technologies, Canon contributes widely on a daily basis to the security provisioning of thousands of large, medium and small businesses around the world.

Its core message is that securing your data starts by focusing on the simple things first; and that by implementing a small number of initiatives, information security officers can go a long way to protect the organisation they serve from internal and external security breaches, quite possibly without any significant impacts on the intrusiveness of security systems and protocols in the day-to-day lives of data users.

Assume you’ve been breached
It’s easier to be knowledgeable after the fact, but information security is much more difficult to put in place, or indeed to put right, once a breach has occurred. As the American cryptographer Bruce Schneier put it, ‘If someone steals your password, you can change it. But if someone steals your thumbprint, you can’t get a new thumb.’

At Canon we encourage business leaders and information security professionals to reboot their mind-set to that which would exist in the aftermath of a security breach. When data is trusted to be secure, that’s one thing, but when you have to assume data is corrupted, that’s an entirely different agenda.

How Canon helps to keep your data safe
Digital businesses run on data and, as a result, the security of data is a business-continuity topic that resonates in boardrooms around the world.

Organisations want their partners to contribute to their inclusive security story without adding additional risks. Canon is a pro-active partner to businesses seeking to keep their data safe and adopt resilient information security protocols. We want our customers always to know that with Canon they can do better business and the peace of mind that we will always seek to highlight and proactively address