Scribd
Upload
54 views

Best Practices For Data Risk Management - Talk Business

This document discusses best practices for data risk management. It begins by providing examples of data breaches at Facebook to illustrate the importance of data risk management. It then defines data risk management and identifies some common risks like inadequate data governance, mismanagement of data, and ineffective security systems. The document explains why data risk management is important to avoid financial penalties, legal issues, and reputational damage. It also outlines some potential data risks and concludes by recommending best practices like defining risks, identifying threats, evaluating impact, and assessing existing measures.

Uploaded by

Hoangdh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
54 views

Best Practices For Data Risk Management - Talk Business

This document discusses best practices for data risk management. It begins by providing examples of data breaches at Facebook to illustrate the importance of data risk management. It then defines data risk management and identifies some common risks like inadequate data governance, mismanagement of data, and ineffective security systems. The document explains why data risk management is important to avoid financial penalties, legal issues, and reputational damage. It also outlines some potential data risks and concludes by recommending best practices like defining risks, identifying threats, evaluating impact, and assessing existing measures.

Uploaded by

Hoangdh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

1/7/2021 Best practices for data risk management | Talk Business

Best practices for data risk management

Data can be a tricky business. While it’s crucial to rms


and businesses around the world, it comes with a whole
host of risks that threaten to damage companies.
Think of Facebook, for example. Earlier this year it was reported that over 540 million
records were posted publicly for everyone to see. Compromised data included people’s
user IDs, comments, reactions, and account names, hence data risk management.

This was hot on the heels of an attack last year that exposed data relating to almost 50
million of the social media giant’s users. If that wasn’t enough cause for concern, just
this month it turned out that the phone numbers and Facebook identifications of 419
million users had been stored on an unsecured server.

The company has already been hit with a record-breaking $5 billion fine for its security
breaches. On top of that, it has the damage to its reputation to contend with. We live in
a world where people are sharing more information than ever before. Companies who
are seemingly incapable of protecting this data are being viewed in an increasingly
negative light. It’s therefore imperative that firms take all the necessary steps possible
to protect important data.

The following article, analyses what data risk management is, the potential risks, and the
best practices for managing those risks.

What is data risk management?


Data risk management is the way in which organisations handle the data they are
responsible for and ensuring that any risks are kept to an absolute minimum. This

https://www.talk-business.co.uk/2019/12/27/best-practices-for-data-risk-management/ 1/5
1/7/2021 Best practices for data risk management | Talk Business

includes the way the data is acquired, processed, stored, and used for the entire time it
is under the control of the organisation. Some of the main causes of potential risks are:

Inadequate data governance


Data governance refers to the rules and policies an organisation has in place for the
management of any data. Without robust governance, businesses could end up with a
mishmash of disorganised data that will make regulatory compliance a minefield. For
example, the General Data Protection Regulation (GDPR) introduced a ‘right to be
forgotten’ when it came into effect last year. However, if businesses don’t know what
data they have and where to find it, they cannot guarantee that it’s all been removed.
This could then leave them open to both financial and reputational penalties.

Mismanagement of data
Mismanagement of data is about the mistakes companies make in their handling of data
through each stage of its lifecycle. A number of systems, software, and other tools may
be involved at various points during the collecting, processing, storing, and protecting of
data. If this isn’t handled correctly, however, it can become unusable or corrupted, which
can potentially result in expensive losses for the business. In addition to that, it can
incur unseen costs caused by inefficiency and lower levels of productivity. Well-managed
data creates a well-oiled machine, while mismanaged data is like throwing a bucket of
rust directly onto the gears.

Ineffective data security


Ineffective data security systems are one of the biggest – and most costly – causes of
data risk, which can lead to catastrophic consequences for a firm. With the number of
hackers and cyberattacks on the rise, organisations must remain vigilant in order to
protect against them.

Adopting a holistic data risk management strategy is the most effective approach. By
looking at the bigger picture and making sure all elements are working together in
unison, businesses can help to minimise internal and external risks simultaneously.

Why data risk management matters


There are a number of reasons why data risk management is greatly important to
organisations. Neglecting this process can have severe consequences, some of which are
detailed below:

Financial penalties imposed on businesses found to be in breach of any laws or


regulations.

Legal fees that may be incurred.

The reputational damage that could lead to loss of sales or share value.

Costs related to resolving an issue or breach.

Costs of replacing or repairing damaged infrastructure after a cyberattack.

Loss of productivity in the workplace.

https://www.talk-business.co.uk/2019/12/27/best-practices-for-data-risk-management/ 2/5
1/7/2021 Best practices for data risk management | Talk Business

Data risks can lead to data breaches. As a result, the earlier an organisation adopts a
watertight data risk management strategy, the less they stand to lose.

What are the potential data risks?


Anything that has the ability to threaten the security or quality of data is considered a
risk. Some examples include:

Dark data
This type of data is collected and stored but not used. It poses a risk on a few fronts.
Firstly, it’s a security risk, because the more dark data a company has, the more there is
to protect. Simply put, there is more data at risk in the event of a breach. Secondly, it
can leave an organisation wide open to a variety of compliance issues. For example,
many businesses are in breach of GDPR without even realising it.

Corrupt data
Data corruption can occur in many different ways. This can be through data breaches,
issues with a database, or basic human error. Corrupted data is a risk to organisations
because it costs money. These costs can be related to recovering the data or can be the
less quantifiable costs of losing time, productivity and repairing a brand’s image.

Compliance failures
There are far-reaching consequences for failing to comply with data laws. Regulatory
compliance failures are a big data risk, which can lead to hefty fines, high legal bills, and
ramifications in terms of reputation. As more rules are imposed on businesses, many
more organisations are falling afoul of the new and in most cast cases stricter
requirements.

Data remanence
Data remanence is data that can still be recovered even though a business might think
it’s gone. It’s common for organisations to replace or reformat their technology. The
assumption is often that any available data was erased along with it. However, this is not
always the case and without following the correct protocols, companies may find
sensitive information being exposed.

Storage device issues


Another common risk is problems arising with the storage device that holds an
organisation’s data. This might be a technical issue or a malware attack that then causes
storage devices to fail. When businesses don’t have adequate back-up procedures in
place, they are at a much greater risk of losing large amounts of valuable data in an
instant.

Vendor lock-in
This is where the current provider of services makes it difficult – if not impossible – to
switch to another provider. This is usually done by making the cost of transferring data

https://www.talk-business.co.uk/2019/12/27/best-practices-for-data-risk-management/ 3/5
1/7/2021 Best practices for data risk management | Talk Business

to a different provider prohibitively expensive. Data is essentially being held hostage in


such instances.

Incidents and accidents


Anything that removes, damages, or otherwise threatens data is a risk. This could be a
fire in a data storage facility that damages the hardware beyond repair or an
earthquake, which destroys offices and equipment. Any of these and more can pose a
risk to sensitive data.

The best practices for data risk management

De ning the risks


Each organisation is different. The type of data and the level of sensitivity will differ, as
will the software, systems, and tools in use. Carrying out a full appraisal of the business
to determine the scope of risk analysis that needs to be conducted is a good strategy to
adopt. Knowledge of what to look for before starting the process will also be highly
beneficial.

Identifying potential risks and threats


Once businesses have established what they’re looking for, they can effectively move on
to the actual risks themselves. By identifying potential threats to data, organisations can
place themselves in a better position to stop them from happening. Examining the
current situation and determining where the weaknesses are will make the areas that
require some work clearer.

Evaluating likelihood and potential impact


With a clear idea of potential data risks, organisations can start thinking about how likely
they are to happen. How often has a specific risk occurred in the past and how common
is it within the industry? Looking for reports or past studies and weighing up the
likelihood of a risk occurring is good practice. Thereafter assessing the impact a data
breach would have on the organisation will provide some direction on whether to
escalate the issue as a matter of urgency or not.

Assessing the existing measures


Chances are data protection measures are already in place for most large corporations.
But are the measures up to date? If software tools are in use, are they doing the job?
Are data governance processes as tight as they could be or is there room for
improvement? Are certain tools or methods being used because it’s easier than
switching?

Businesses must make a concerted effort not to let familiarity be their downfall. It’s
easier to implement a new system than it is to clear up after a major data breach.

Having a plan in place

https://www.talk-business.co.uk/2019/12/27/best-practices-for-data-risk-management/ 4/5
1/7/2021 Best practices for data risk management | Talk Business

When the main data risks have been determined including how likely they are to occur,
companies can then draw up responses. In an ideal world, management doesn’t want
anything to happen that they haven’t already foreseen. While that is not always possible,
contingency plans should be in place for all the major and potentially impactful risks that
have already been identified.

Adopting a holistic approach


Data risk management should not be approached piecemeal. It is often the case that an
organisation reacts to data breaches or software failures after the fact rather than being
proactive. This is a largely inefficient way of approaching such an important procedure.
Data risk policies and rules should be defined and integrated into the company’s
processes ahead of time. Having all factions of the organisation working together will
create the most bulletproof data risk management strategy possible.

Learning from any mistakes


Any incidents that have occurred in the past, can be used as case studies for the future.
If data is compromised despite the best of efforts, examining where the weaknesses in
the strategy were is a good first step. Thereafter a few adjustments where applicable will
ensure progress in the right direction. Learning from other people’s mistakes is very
helpful too. Keeping an eye out for reports from other organisations’ data risk incidents
and checking whether in-house contingency plans would have held up is a proactive
approach to consider.

Final thoughts
Technology is constantly evolving and only those who evolve with it will thrive. Data risk
management is not a static approach. For every new security software release, there is a
hacker relishing the opportunity to find a way around it.

As a result, the best data risk management plans are forever a work in progress.
Constantly monitoring processes and making adjustments where necessary, will
significantly reduce data risks and the severe consequences that come with failing to
comply.

This article was written by Henry Umney, CEO of ClusterSeven. Henry has over 25 years
of experience and expertise within the financial services and technology sectors. Prior to
ClusterSeven, Henry held the position of sales director in Microgen, London and various
sales management positions in AFA Systems and ICAP.

https://www.talk-business.co.uk/2019/12/27/best-practices-for-data-risk-management/ 5/5

You might also like