Information governance entails the management and categorisation of data within an organisation. This involves establishing rules and assigning responsibilities to ensure that data is used and stored securely and in compliance with legal and operational guidelines.
Unclear communication may contribute to the emergence of mismanaged information. This mismanaged information then further contributes to communication breakdown, with a lack of clarity surrounding where to find resources, who owns data, how old data may be, and whether information has been duplicated. Information governance requires the development of a framework to clearly communicate how to handle data, reducing time lost searching for information and using tagging to effectively track how old data may be. This is where cloud applications can play a vital role.
Within the UK, organisations have a number of legal information governance requirements in the form of GDPR, the Data Protection Act 2018, and NIS regulations. Implementing an information governance solution allows organisations to achieve these regulations and avoid the risk of severe non-compliancy fines.
Information governance tools, such as MIG, allows your organisation to manage content. With MIG, you can archive third-party data, retain mailbox content from inactive mailboxes, bulk import PST files (data storage files containing personal information) to Exchange Online mailboxes, and manage records from declaration to retention or deletion. MIG also allows you to apply retention labels, controlling whether or when to delete content automatically using a workflow.
An integral component of information governance is communication. This is two-fold. It is important both to communicate regulation with staff, offering cyber security training, and to listen to teams and gain visibility into their operations, their knowledge, and their comfort levels as this can inform the communication circulated surrounding training and best practices. It is paramount that this information is directly communicated, rather than making what may be inaccurate assumptions.
So far, this blog has addressed how to manage content securely. However, it is important to consider what actions may need to be taken to mitigate damage should an account be compromised:
Cyber security certifications, such as Cyber Essentials plus, allow organisations to deliver real improvements and protect themselves from common cyber threats. By achieving a certification, organisations can also assure any external parties or customers that they are committed to protecting their stored information.
Compliance manager, a part of Microsoft 365, is a great tool to help implement and maintain legislative compliance. To also mitigate the impact of compromised accounts, organisations can find a number of tools within Office 365 and Microsoft 365.
DLP allows organisations to identify sensitive information (such as data containing personal identifiable information) across Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams. This information can then be used to automatically apply policies, controlling who is granted access. This reduction in accounts with access to sensitive data reduces the risk of a compromised account accessing this information.
ATA utilises behavioural analytics and machine learning to monitor working patterns and detect abnormal behaviour. These detections may be able to identify phished accounts and malicious attacks, allowing security teams to take the appropriate steps to mitigate damage.
IRM can be applied to lists or libraries to limit the actions users can take on any files downloaded, limiting read access and encrypting downloaded files, allowing only a limited number of users and programs the ability to decrypt these files. Again, this reduces the number of accounts with access to sensitive data, reducing the risk of a compromised account accessing this information.
Synergi are offering our recent webinar, in partnership with Evolve North, ‘Data Security in 2021 #1: Information Governance & Compliance’ on demand as well as the second webinar in this series, ‘Data Security in 2021 #2: IT Security in the cloud’.
Or check out our upcoming events in this Data Security series ‘Cyber Security as a System’ and ‘Data Protection & Business Continuity’.
Synergi is a Microsoft, Sophos, and Datto Gold Partner. To find out more about information governance and risk management, reach out to Synergi’s Managed Services team by emailing enquiries@teamsynergi.co.uk, calling 0191 4770365 or completing the contact form below.
Get in touch with our friendly team of experts. Start your digital transformation journey today.
Call: +44 (0) 191 477 0365
Design & Build by Mediaworks
