You can never reduce risks to zero. But, you can minimize them.
Getting out of bed in the morning carries the risk that you could fall, but staying in bed 24/7 has its own risk of muscle atrophy. Most of us get out of bed because we weigh up the risks:
- The small risk of falling and breaking our necks when we get out of bed
Vs.
- The certainty of muscle wasting and a gradual decline in heart health from never leaving our beds
You take the smaller risk, even though the potential consequence (falling and breaking your neck) is life-ending. Understand the risks your company is exposed to and reduce them as much as you can.
MEASURING RISK
There are two parts to every risk, probability and consequences. Reducing your organization’s risk profile will consume resources, so you will need to prioritize. If a possible event has a 0.1% chance of occurring in any year, should you put it to the bottom of your risk list? No, because you need to consider the consequences before you can de-prioritize it. If the risk event could destroy your company, or kill someone, you would want to reduce its probability to as near zero as you can.
There are five significant risks to consider:
- Data loss
- Loss of a key person
- The temporary absence of one or more staff members
- Accidents
- Burglary
Some risk probabilities can be quantified, while others are impossible to measure. However, considering the consequences of any possibility occurring will help you decide whether to spend money mitigating a particular risk. Of these five, data loss is by far the most significant risk for every business.
DATA LOSS
How likely is data loss to occur?
“90% of large organizations reported they had suffered an information security breach, while 74% of small and medium-sized businesses reported the same.” UK Government report.
The probability you will suffer a data breach is high.
What are the consequences of a data loss?
“Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher.” GDPREU.org
The negative consequences of a data loss are massive.
Read this Inside Big Data article for an overview of GDPR.
Preventing data loss must be your top priority because it will probably happen and the consequences are dire. Total data security isn’t free, but the cost is minimal compared to the risks that come with a breach.
STAGE 1 – DIY DATA SECURITY
Put basic security measures in place before you call in security consultants. Your consultants can then concentrate on serious issues you may not find or be able to fix yourself. HM Government has a free training slide presentation that you can download, and that’s where you should begin. Getting employees on board is the most important single thing you could do to reduce data loss risks.
The ico.org.uk screenshot below shows data breaches in the UK health sector in Q3 2017.
Source: https://ico.org.uk/action-weve-taken/data-security-incident-trends/
Data breaches in the health sector are mandatory, so this sector is the best bellwether of UK industry data loss.
The risk of cyber-attacks is significant, but you are more likely to suffer a data breach by an employee. Of 210 incidents, 205 were related to employee actions, and only 5 were classified as cyber-attacks. Given that many cyber-intrusions happen when an employee clicks a link in an email, the importance of educating your team becomes paramount.
STAGE 2 – PROFESSIONAL DATA SECURITY
Once you think your data security is impeccable, it’s time to put it to the test by calling in professionals to check your vulnerability and to try to penetrate your systems. You could search freelancing sites and find someone to check your business security for £5. However, there are two problems with going that route:
- How much faith can you have in their testing efforts?
- If they manage to hack in, how do you know they won’t steal your data?
There is a limit to what can be checked remotely, so you will have to pay for a site visit that may last several days for a large company. The cost will be significant, but you will be able to rest easy knowing your company is safe from GDPR penalties and the reputation hits that always come with data breach publicity.
THE SHORT READ
Data security might sound a boring subject, but your business health depends on it. If you take no precautions, you will have breaches of data security. Financial penalties and the loss of reputation with customers and suppliers will destroy your company.
You can educate employees and put simple security systems in place yourself, but for total security, you need to call in a professional data security company.
About the Author
Sheza Gary is a technical director at Algoworks, a global IT service provider which operates chiefly in United States from its California office. She was previously a technical manager at CloudGenix. Sheza has a MBA from California State University, Northridge and a bachelor’s from Boston University.
Sign up for the free insideBIGDATA newsletter.
Speak Your Mind