Whether you belong to a private or government organization, everyone can agree that information security is paramount to your success. Guarding your data should be a top concern for not only your company but also stakeholders or users. In the digital age where it seems like more and more personal information is readily available, following and upholding user’s rights should always be top of mind. The Internet can be the “great equalizer”, but in an unstable digital world, where do you draw the line on protection?
Education truly is powerful. Keeping your users abreast of increased security measures, will better inform and create peace of mind. Talk about the need for tighter security and what’s being done to address concerns. Create a discussion rather than trying to hide in the shadows. On the flip side, sharing vulnerabilities, incidents or breaches can also create awareness for continued support and funding for increased security.
Take your ego out of the equation. Collaborating with different companies can help shed light on where additional research on security perimeters is needed. However, before engaging in a collaborative project, discuss with your management team what you’re willing to share and if a non-disclosure agreement is needed for company sensitive matters and materials. Establish a forum or method with similar companies in your industry, where it’s easy to regularly meet and discuss.
Here’s where the lines between information security and spying are blurred. Under court orders such as the Foreign Intelligence Surveillance Act (FISA), organizations or businesses are legally bound to disclose pertinent information to government agencies; however, how the data is collected is currently not transparent (e.g. email logs and search terms). Companies like Google and Twitter have publically rebuked the government’s gag order to release how many users are being monitored by the National Security Agency and disclosing their collected data. On one hand, while it’s arguable providing this type of information can help aide and protect our national security, but on the other hand, unmonitored users could potentially be at risk of their personal data being collected and stored. Obviously this is a heated debate and requires each organization to create its own policies.
Further exploration is needed on where organizations, public or private, stand on the debate between protecting user’s private data and providing this information to government agencies. Clear information about continued security measures should be made available to the general public in order to better understand potential threats. Creating a collaborative forum within the industry should be considered when trying to solve advanced security breaches. While complying with official court orders is absolutely necessary, creating a stance on how or what information is gathered should be left up to the individual organizations.
Where do you stand? Share your thoughts and comments below.