Protecting your business in a data-driven world
Businesses need to be aware of developments and possible weaknesses in their digital environment so they are protected from cyber attacks that could derail them.
Information technology is now the cornerstone of nearly every business. Management can no longer adopt an ‘out of sight, out of mind’ mentality and delegate data security to the procurement or IT department.
The data governance triangle: process, technology and people
Good data governance is built from a solid foundation of sound business processes, the effective use of technology and a well trained workforce. Business processes are often vulnerable when new IT systems are implemented in a company. They are particularly susceptible if the management team does not communicate with IT when the infrastructure is being upgraded, or if the business does not consider existing work flows when new software arrives. If new compliance requirements are thrown into the mix it can lead to gaps in previously well established processes.
Implementing new technology is supposed to revitalise a company and improve efficiency, but it can also open a backdoor to expose confidential information. Promises of radical improvements to system bottlenecks can prove to be an irresistible temptation. There can be a huge pay off if carried out correctly.
The people who execute the processes and create and manage data in a company are the third key to good data governance. Hackers often target the weakest links and rely on untrained people in the workforce clicking on bogus links to create a domino malware effect. They may also have their identity stolen through unsecured webpages, or neglect to protect their passwords and other personal data. Ransomware, phishing emails and social engineering scams are now not just IT jargon, but daily newspaper headlines.
Safeguarding the business and its data
Cybersecurity is a recognised global concern and many governments around the world have introduced legislation to limit the risk and raise awareness of cyber defence and hygiene. Yet the fine line between ensuring transparency and managing the burden of compliance can be difficult as attacks step up in scale and volume.
In addition to meeting regulatory requirements, businesses should of course also consider whether their use of technology is effective and efficient for their purposes and factor new technologies into their risk planning. This could include:
- Artificial intelligence and machine learning.
- Cloud solutions, remote access to data and other tools enabling a mobile workforce.
- E-commerce, e-wallets and cryptocurrencies.
It is critical to consider the existing environment and potential scalability when implementing these new technologies, as this can make the difference between a successful launch and a flop.
Having considered compliance and IT security of the business, management may feel that the remaining risks need to be mitigated. This is where cyber insurance may be useful.
A holistic view
The responsibilities of management and boards of directors have grown along with developments in technology. The challenges can be daunting. For example, it is vital that customer databases are stored in a secure location and suitable backups are readily available.
Shareholders will want to know the potential cost implications of IT infrastructure upgrades if expanding to another country.
For charities and non-profit organisations, there may be additional reputational risks that can affect the willingness of donors to support their causes if personal data is not seen to be secured properly.
While no industry or organisation is safe from the lure – and threat – of a fully digital organisation, an ounce of prevention may be worth several million dollars’ worth of cure.