A data security breach is any leader’s worst nightmare. Having strategic plans compromised, financial information exposed or customer data hacked can not only halt operations but damage an organisation’s reputation as well. Because of this, data security and protection has always been considered a top priority of many companies worldwide.
There are several ways that data can be kept, but one of the biggest decisions executives have to make would be whether to stick to the traditional method of using hardcopies or paper-based files while keeping them in heavy metal cabinets, or to migrate to a digital platform. They are constantly faced with the question of which method of information dissemination and documentation is not only smarter, but more secure.
Placing the “Hard” in Hardcopy
Organisations have been handling paperwork even before they were founded. Business permits, contracts, and other foundational documents are necessary prior to opening, during operations, and even after closure. This is why many offices have invested in many filing solutions: from envelopes and folders to drawers and filing cabinets that need to be secured with locks. Sometimes, an added measure of keeping them in safes or vaults is needed. However, these measures can never really guarantee protection against security threats. On the surface, this type of solution allows organisations to control who has access to these files, but these can easily end up in the wrong hands even “under lock and key,” just like what happened to the Australian government’s files early 2018 as featured in a report by ABC.
By law, cabinet documents are to remain secret for at least 20 years. While the leaked files were safely stored away in two locked filing cabinets, to the point that no one could find the key; these cabinets were eventually sold at a second-hand sale in Canberra at a very cheap price. Once opened by force, the filing cabinets’ contents revealed to be more than your ordinary office paperwork—they contained top secret classified files; revealing not only the ins and outs of over a decade’s worth of government work, but repeated security breaches of some of Australia’s most sensitive national documents.
Australia’s The Cabinet Files is just one of the many paper-based mishaps that have occurred in the past. Because of this, organisation leaders have seen the need to go digital. They saw the efficiency of searching and updating files, as well as the ease of mobility, that digital document storage or management portal brings. It is important to note, however, that when migrating to a digital or online platform, one must still place and amplify data security measures. Unfortunately, this is what top executives seem to forget.
In a survey conducted by The Australian, they discovered that a good number of business leaders are quite lax when it comes to the protection of data nor do they have governance programs that specifically address the need for cybersecurity. They also found out that less than 30% of ICT staff agree that their company’s data is secure. This is quite alarming because sensitive information, whether stored on-cloud or on premise, is always vulnerable to security threats.
Take for example the Commonwealth Scientific and Industrial Research Organisation (CSIRO), Australia’s peak scientific research agency that experienced a Chinese data breach last November 2013. While most details remain a mystery, what we do know is that one of their scientists simply stopped going to work, thus posing the question of whether or not he ran away with pertinent information.
After the disappearance, the organisation has upgraded their systems, employing Canberra Data Centres (CDC) to secure their systems. Their first three-year contract costs them close to $30 million, with the succeeding three-year contract costing over $15 million. The organisation is also currently investing in their security measures and constantly upgrading their systems.
To digitise, or not to digitise?
Now, this brings up the question—which of the two data storing and protection methods is better? While both arrangements have their pros and cons, it ultimately boils down to reinforcement, maintenance, and due diligence. Companies should implement a data security system that not only works but detects and proactively prevents any instances of security breach.