The increased sophistication of internal and external threats, coupled with an overburdened IT staff, requires a culture-driven approach to data security. Here’s a three-step program for building internal data security champions in your organization:$0$0Build information protection into the culture: First, change the problem from “data security” to “information protection.” Data security is IT’s problem; information protection is everyone’s problem. Clear, simple policies for information access and usage must be documented “by the people.” Successful information protection programs require the right balance between security and collaboration. Anything less risks productivity and protection. If Draconian processes or technologies are imposed, users will work around them to get their job done. $0$0Empower the business: With IT budgets down, companies are leveraging existing investments and investing in solutions that place information protection in the hands of the business. Don’t force employees to protect data. Enable them with the right tools and processes to create policies which map to their workflows and transparently protect information persistently with access and usage controls. $0$0Communicate, communicate, communicate: Feedback sessions educate users on the latest threats and discuss ways to protect confidential information. Employees must be encouraged to debate opinions and help brainstorm solutions. Shared understandings lead to shared success. Display information protection in common areas. Post a “Top 10” most common mistakes end-users make when collaborating with information. $0$0Information protection should be everyone’s concern. Data loss can adversely affect a company’s overall brand, position and shareholder value. Remember to celebrate success as well as failure. Each adds a brick in the foundation of your information protection program. $0