Chicago partner Ken Dort spoke with the Wall Street Journal for a recent article on the data attack against Sony Pictures Entertainment.  The article, titled, “Sony Hack Draws CIO Attention to Data Classification,” gave an overview of points that CIOs should consider when undertaking data classification and risk assessment actions.

One item on the list is to “Get broad-based, high-level support.” While classifying data and time consuming, Ken noted that “it needs someone at the C-level or close to the C-level to really put their political will behind it, because this is first and foremost essentially a glorified audit.”

Another item Ken discussed was “Keeping tabs on third-party vendors.” More companies are sending information to cloud-based companies, or allowing third-party vendors to access their systems. “Whatever confidentiality and data security protocols are imposed on you, make sure your outsourcer is equally robust, if not more so.  You’re the one that’s going to have to answer to it, so make sure they’re up to speed,” Ken said.

The last item Ken commented on was “Make education a constant, repetitive process.” CIOs need to help ensure everyone is up to speed on the company’s data policy once it’s in place.  “Essentially teach them to handle the company’s data as they would handle their own Social Security number,” he said.

Click here to read the full story.