I recently attended a webinar for accountants on the importance of IT security.  The webinar discussed findings from the newly released 2012 Global State of Information Security Survey®, a worldwide study conducted by Pricewaterhouse Coopers, CIO Magazine and CSO Magazine.  They used the information from the survey to make two important points

1. IT security isn’t just the responsibility of the compliance officer and IT department, everyone in the organization is responsible for keeping corporate assets secure - all of us, even those in accounting, customer service and sales play an important role in data privacy.  
2. IT security is not just a project with a due date for completion, it is something all of us must remain diligent about.  

Some of us have access to sensitive customer information or account numbers, while others may be collecting credit card information to process payments.  Sure, our IT department implements safety policies, installs security software and sets access rules and passwords to give us access to data we need to see.  But do we stop and think about what information is on our laptop before we take our laptops home or what files might be on that USB drive?  We need to think about the information that we email or send outside the company and think twice about the way we send it, especially if we think the information could cause damage if it landed in the wrong hands.

The companies used for the survey all felt they implemented strong controls around access to their data, but nearly all of them had some sort of budget allocated for additional resources because they know they need to do it better.  Interestingly, the confidence level these companies felt about their security strategy had declined over the years due to the increase in use of mobile devices and social media, which have introduced new risks and challenges for companies.  In 2009, 73% of the companies surveyed felt they had a good security strategy in place, however, in 2011 that fell to only 53% feeling confident about what they are doing.

It was very apparent to me after viewing this webinar that the adoption of mobile devices by employees and the acceptance of social media has made IT security everyone’s responsibility.  Key take-aways for me from this webinar – we all need to be thinking about how we keep information that our company entrusts with us secure.  We need to follow company policies and procedures and be diligent. We are all in this together.

For more information on data privacy, we have put together a podcast titled "Data Privacy for the Non-Technical Person."  Let us know what you think.