Organisations everywhere are collecting, storing and using huge amounts of data which is shared across more users, devices and applications than ever
In focusing on its potential to increase business success, what is often overlooked is the latent value of mitigating and minimising the risks of a data breach or leak.
In an era of increasing regulation and a more public focus on compliance failures, risk mitigating strategies should be part of a rounded approach to protecting your organisation’s good name. But, given the scale and complexity of today’s data-led business strategies, the challenge for many organisations is knowing where to focus their mitigation efforts.
There are a number of key ways for you to improve data security and minimise potential risk:
1 – Automate Data Monitoring
Monitoring data quality is key to managing security, and automated data monitoring is a much more effective way to mitigate risk than traditional manual processes. By definition, automation removes the manual processing – and inherent points of failure – of identifying risk within organisational data.
For example, it can help to identify vulnerabilities that could make infrastructure susceptible to attack. And it goes without saying that removing those vulnerabilities mitigates against the potentially huge costs of a cybersecurity breach, including ransomware attacks.
In addition, automated monitoring also helps organisations identify critical data and potential areas of risk buried within what is called “dark data”. Dark data is unstructured data housed within your organisation and can actually constitute the largest share of an entire data estate.
Automated monitoring can quickly sift through dark data to help identify potential vulnerabilities and alert your administrators to take action. This not only mitigates risk, it also helps IT teams develop a broader view on the overall state of their organisational data. In-turn, this approach can be used to reduce content sprawl.
2 – Document Core Safety and Security Policies
Among the most often overlooked risks to the data security of today’s organisations is user error. The range of potential pitfalls is diverse – from unstandardised employee offboarding and unsecure passwords to employees that send sensitive information over email. Mitigating against these risks is key to maintaining effective security and compliance.
However, documenting safety and security policies is an effective way to help prevent employees from making unintentional errors. Take the risks associated with employee offboarding, for example. Depending on their role and responsibility, a single employee can exchange, store, and interact with an enormous amount of data. As a result, each employee has a risk profile when they leave their job, but a well documented process ensures offboarding is done correctly and completely, helping to keep data safe.
Offboarding is just one example. Each and every day, employees are exchanging information that could put your organization at risk. Clearly laid-out documentation on core safety and security policies can help to reduce the risk of an accidental data leak. Organisations should ensure that all policies are visible to the team as a single source of truth that is maintained in line with all current regulations. Every employee should know exactly how their role contributes to the organisation’s compliance efforts at all times, even as regulations and best practices change.
3 – Keep a Consolidated View of Your Data
Believe it or not, the average SMB stores 47.8 terabytes of data, with large companies housing many times more. This phenomenon is also known as “data sprawl,” and it represents a huge area of potential risk that is of increasing concern to organisational leaders.
For instance, multiple points of access to information can make it difficult to manage data and protect against cyberattacks. Maintaining a consolidated, streamlined view of data helps to ensure compliance and security by bringing data management under a single initiative. What’s more, it can also provide extremely valuable insight into the opportunities and challenges that impact business success.
4 – Eliminate redundant, obsolete, trivial or stale data
Every organisation will carry data that is redundant, obsolete, trivial or stale (ROTS), or in other words anything that’s no longer relevant to its current or future needs. Examples of ROTS might include old surveys, outdated project material, applicants’ CV for job postings, or personal data from former employees.
ROTS data contributes to the overhead of storage, management and risk that continues to make security a challenge. It can also adversely impact technology performance and workflows, and eliminating ROTS can be accomplished by efficiently managing files and governing data under a single platform. Mitigating the financial and security risk presented by ROTS can not only make it easier to reduce risk, it can also drive profitability through cost savings.
5 – Pay Attention to Industry-Specific Regulations
It’s incumbent on every organisation to understand and act on the regulations that apply to their industry-specific data, to reduce risk and avoid potential fines. Remaining compliant with regulations such as UK and EU GDPR means adhering to specific protocols to confirm that data exchange and communication is safe and secure.
The risk mitigation benefits are obvious – in the UK the maximum GDPR fine is £17.5 million or 4% of annual global turnover – whichever is greater – for infringements. And don’t forget, non-compliance can also incur wider costs and result in significant reputational damage.
Ultimately, organisations that view risk mitigation from a financial perspective are more likely to build better strategies that not only reduce their exposure, but also deliver business efficiencies and even boost revenue. In that context, it offers a win-win scenario for both internal and external stakeholders.
About the Author
Andrew Martin is Senior Sales & Marketing Director EMEA & Managing Director UK at Egnyte. Egnyte transforms businesses through smarter content allowing organizations to connect, protect, and unlock value from all their content. Our content governance platform delivers smart content collaboration and governance in the cloud or on-premises to thousands of businesses around the world even the most regulated industries.
Featured image: ©SasinParaska