This week’s Tip of the Week dovetails with a guide released by ANSI and ISA, mentioned here and at NextGov, which was a response to a White House review of cybersecurity policy. In it, the point is driven home that data security is actually not a problem for “the IT department.”

It’s worth emphasizing repeatedly that when a data breach happens, the entire business suffers, and suffers greatly. With the enormous impact that data breaches have, and the extreme risk that each and every employee (and contractor) can pose, it pushes prevention into the laps of everybody in the business, not just IT. Though IT may be the group that implements solutions, they are often hamstrung by lack of sponsorship in upper management, and we all know that when the bosses don’t want it, it doesn’t get done.

So then, our tip is to gather those bosses. We’re gearing here for more of the small business types, as opposed to enterprises with more formal structures who already should be (but often aren’t) doing this. Gather the business’ key decision makers and at least begin the discussion of data privacy. Do not get technical, since the meeting will likely be full of non-techies. But begin the process of educating the whole swath of managers that this problem is “organizationwide.” It’s not an IT problem alone.