The features in this issue offer some excellent advice on how IT should approach compliance and guard customer information. The top-down, policy-based approach makes sense for organizations of all sizes. But as important as regulatory compliance is, it doesn't cover every avenue of potential data loss, so make sure you complete the job. There's a good bit of bottom-up education needed too.
For instance, a close associate of mine likes to tell a story of working in retail (can't say the name of the store, but it rhymes with Danana Depublic). The store prides itself on customer service, so it's not uncommon for regular customers to call and request new items be set aside. In one particular store, if the requested item was out of stock, sales associates wrote down the item details along with the customer's name, phone number and credit-card information. These slips of paper were then put in an unlocked drawer until the next shipment of goods came in. Talk about a disaster waiting to happen.
It seems that such compromises in the interest of customer service are more common than I would have thought. As I told this story to Network Computing publisher John Siefert, he related a similar story. John also worked in retail while he was in college, at another store that prides itself on customer service (rhymes with Bordstroms). Seems John had more than a few customers' credit-card numbers written in his planner.
Let's face it, though the disclosure of the loss of massive amounts of personal data--or, more usually, the misplacement of it--makes great headlines, the most likely source of actual monetary loss is minor mistakes made by well-intentioned employees at virtually any level of a company.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
