Managing data to manage your risk
Do you know where your data is? In the event of a cyberattack, how fast can you reconstruct the data your business runs on? Every firm is fair game for cyberattackers, even if you think you don’t have “important” data? A cyberattack will do more than rob the firm of a few gigabytes of data; it can lock you out of your system, empty your bank accounts, corrupt your data, use it for fraudulent purposes, and just when you think you’ve got your network back on track, the hackers hit again – and you realise that when they came by the first time, they planted a virus that replicates itself and will continue giving you pain.
Cybercrime is more than just an inconvenience; unfortunately, it is not only costly but has far-reaching, long-lasting consequences for those who have fallen victim to cybercriminals. Technology has spurred trade across physical boundaries and continents, and opened up new avenues of commerce but it has also facilitated the rise of fraud and corruption, and the proliferation of unscrupulous people who have become extremely good at turning technology, which is neutral, into something that is feared and hated.
This general decline in morals has underscored one vital factor for businesses: the need for sustained vigilance – and it starts with an organisation’s own people. Staff need to recognise when the organisation’s systems are under attack; they need to be able to spot trends and patterns, and analyse them because hackers have been known to colonise a system for a long time, monitoring, mining and stealing data for a long time, before being detected. Firms should institute a cybersecurity policy, ensure that everyone knows what it is about, and that it is adhered to.
Knowing where your data resides is a major step towards protecting it. Surprisingly, it may be in places where you never expected – like on the thumb drives of sub-contractors who were using it as “test data” when upgrading your systems! Your data protection and cybersecurity policies should extend to those outside your organisation, with whom you have dealings. You may have employees who have greater access to data than others; make sure they sign confidentiality agreements and are aware of the penalties for breaching the terms and conditions.
Inventorise your assets, and determine which may be vulnerable to cyberattack. Understanding the business’ vulnerabilities will go a long way to identifying how to keep it safe. Older systems need to be updated as they are more likely to be hacked since they probably have lower levels of security. Make sure your firewalls are performing as intended. Ensure complete documentation at all times, and update them as necessary. Employees may come and go but equipment remains and vigilance must always be maintained. Less obvious, low-level operational security sectors are often overlooked by management, but may offer the best and least-noticed means of entry into a company’s systems.
Most importantly, the organisation’s people should be made aware of what appropriate data management means to them and their company; that’s the only way the firm will be able to get everyone on board and supportive of data protection policies. Staff must want to protect what they have, as it is in their best interests to do so. Data is vital to the organisation but it’s the people who are going to use it, so they should be aware of how, where, when and why it should be used – and in doing so, make the organisation’s people truly its greatest asset.