Data security is about challenging internal processes, says Paragon

So declares European print management firm Paragon's solutions sales director, Dimitrios Kyprianou. And he adds that this is not because of rogue employees but "those who are naïve to the technologies they are required to use for everyday work". He agrees that data sharing, secure storage, hacking and disgruntled employees can create risks but states that there are "far bigger risks to consider when you run a sizeable manufacturing business, employing hundreds of staff". Says Kyprianou: "These dangers are as a result of times changing and people having to use updated technologies, which they do not understand, to fulfil their daily roles." And he continues: "The tablet and smartphone generation have encouraged the sharing of IP with relative ease and, although this can be invaluable, it can also be extremely damaging and costly when due care is not a consideration. "The immediate problem is that people are not told how to use these technologies correctly and are left to their own devices, resulting in data being lost, stolen or simply misplaced." Kyprianou argues that manufacturers have a responsibility to provide formal guidance and regulations for use of company IT tools, to a level of detail that includes parameter settings to ensure that data remains confidential, including passwords usage. He also argues that CIOs should ensure that protocol are well understood, if information is incorrectly shared or misdirected to a third party. "As the office is becoming more mobile, businesses need to safeguard their intellectual assets from loss or copy," says Kyprianou. "It is more common than ever ... but what organisations need to ask themselves is what level of information could get into the hands of the general public and what real risk does this present?" Kyprianou is not advocating "strangling people's ability to do their jobs in the agile, mobile fashion that the modern age demands". As he puts it: "If you're a bank, it's easy: lockdown, nothing in or out, focus on the outside world. But for manufacturers, this process is far more difficult with customer engagement, real time reporting and the requirement for workflow processes that can be tailored to the clients' own internal systems." Kyprianou's advice: "A company should perform regular audits, as they would with finance and health and safety, to address the flow of data around the business, identifying users and those who have daily interaction with sensitive information. "Grading criteria should be created to allocate a level of sensitivity to all data and documents that are shared. This can be done easily with a colour coded system or via a points-based analysis. But, either way, there needs to be clear structure to the sensitivity of data and the risks, if improperly shared or misdirected."