Disgruntled employees, hackers, incompetent personnel and competitors engaged in corporate espionage...
Disgruntled employees, hackers, incompetent personnel and competitors engaged in corporate espionage are all concerns for a business. Even more concerning is what they can do to your data. Theft, corruption, errors or complete data loss are reason enough to possibly lose some sleep at night. This is why every business must be cognizant of the potential risks to their information. This doesn’t just refer to financial data but also key information needed to continue being a viable entity. Customer lists, proprietary information about products or services, and contracts that give the business a competitive advantage all fall within this group. In order to ensure that data is safe, an information security
Even before a risk assessment is conducted, the business will need to determine a set of baseline standards related to data security that it should meet. These standards will look at things like access rights, password protocols, physical controls over equipment, policies and procedures for the business and many other items. Once these standards are set, then the risk assessment should look at the following areas:
- What information sources does the business have and what information comes from those sources?
- How sensitive is each data source? Does it contain information that if breached would become a legal issue (like credit card information or employee data)? Is it commercially important to the business? Or is it just “run of the mill” information that if disclosed would not cause any harm?
- What would be the business impact if the data source was compromised, lost or stolen?
- What is the level of threat and degree of vulnerability to each data source from internal attacks, external attacks, system malfunctions, process changes or regulatory requirements?
- What is the likelihood of an incident in each of these areas occurring?
- What are the specific risks in each of these areas that can be identified?
On the surface, this might seem a daunting task but if you assess the top four or five data sources for the business, this will usually flush out most of the major issues.
This process is usually driven by the Internal Audit department but if your company doesn’t have one, it may be the responsibility of ensuring the assessment is done will fall to the finance &
There is also another very good reason to involve others. It is important to get consensus from within the business about what data is most vital to ongoing
As the risk assessment is completed, it will highlight areas of concern and a list of things to be done to improve data security will result. Some of these things will be IT-related but the list may also include efforts by the
You can visit my blog, The Finance Compass, at: