Stored correctly, protected, mined, and optimised, data has become the currency of the digital age and one of the most valuable organisational assets today. It therefore stands to reason that safeguarding it from threats, man-made and otherwise, should form a key part of a risk management strategy.
By Paul Morgan, business unit lead for data, planning and analytics at Altron Karabina
Thanks to compliance requirements such as those set out in the local Protection of Personal Information Act (POPIA) and the General Data Protection Regulation (GDPR) of the European Union, data protection is a legal necessity. But more than that, it is crucial to maintaining the growth and competitive advantage of a business.
Decision-makers therefore must ensure that internal processes are robust enough to handle data risks while keeping them optimised to unlock the full potential processed data can deliver to the company. Irrespective of whether data is stored on-premise or in the cloud, there is a significant concern about the accidental and malicious ways that can compromise it.
For example, poor connectivity when accessing enterprise resource planning and customer relationship management systems remotely sees some employees extracting sensitive data onto their personal devices. But the reality is that laptops get stolen, mistakes are made when sending emails to the wrong people, and so on. Fortunately, vendors are developing innovations to counteract this. Microsoft, for instance, has a feature in Power BI (in conjunction with Microsoft 365 Compliance Centre) which marks sensitive content when downloaded to a PowerPoint slide, and retains access restrictions to that data in the extracted document. So, if the laptop is stolen, credential management is still required to unlock that data.
Value of data
In the competitive market, data provides important understanding of customers, their preferences, and their patterns. Furthermore, every business needs to keep transactional records and use data from a variety of systems for analytics to identify business problems and drive performance. This can also be used to highlight customer pain points and develop ways to address them. Without data and the ability to combine it and process it, an organisation loses significant value from this resource.
Now imagine the negative impact if the company fails to recover a backup or not identify a security risk resulting in compromise. The resulting loss of customer trust can never fully be restored. For their part, retailers can use the data from their loyalty programmes to understand their customers better and develop products and services tailored to suit them. However, the risk of on-selling that data to third-parties will always remain, despite regulatory restrictions. This is when data ethics can play an important role where organisations and the individuals managing data regulate themselves to a certain extent. It helps to think of data assets as people behind the records instead of the cold, faceless numbers and characters in a database.
A company should therefore embark on an extensive de-risking strategy when it comes to data. As a starting point, it will need to identify all the data assets in the business and the likelihood of an incident happening as well as its impact. For example, if it loses the Net Promoter score data of its customers it will not be the end of the world. However, if all its CRM data is compromised then the impact on the business will be massive. It is about remediating against this from happening and planning how best to respond in each scenario.
Given what is currently happening globally, decision-makers must use their imagination and think what can possibly go wrong. A few weeks ago, nobody could have anticipated that businesses would be locked down for such a long time. The way forward is to start thinking creatively about problems, potential scenarios, and how to survive them from a data protection perspective.
In addition to this planning, companies should share their grand data vision with their employees. In this way, everyone can work towards realising it and adjust quickly if market conditions change. There must be guiding principles around data usage and protection at business. Without it, the risk for compromise remains too great.