Posted on Oct 4, 2018
In recognition of October being Cyber Security Month, this blog post will cover IT risk management practices relating to data protection.
The saying goes that “cash is king” and when it comes to risk management and fraud, it often is. A fundamental risk management technique is to prioritize the protection of assets that either are cash or can easily be converted to cash. As a result, inventory or equipment with “street value” are frequent targets for theft because they have a readily available market. And, while many of the things found on a balance sheet do need to be safeguarded, some of the company’s most valuable assets won’t show up on the balance sheet. Your company’s data can be one of the richest targets for cyber criminals.
In the age of speed and convenience, data can be easily converted to cash. Consequently, risk managers need a bigger dashboard to stay ahead of the thieves.
The Importance of Data Security
Data held by a company is a relatively new risk of theft, and it needs to be managed. Reports of data theft are splashed across the newsfeeds on nearly a daily basis, and it is certainly on the minds of executives and board members. Protiviti in their 2018 Executive Perspectives on Top Risks survey noted that 2 of the top 10 risks being discussed by C-Suite executives and board members are related to IT threats: unpreparedness for cyber threats (ranked number 3) and the amount of resources needed to adequately provide for security and privacy of data (ranked number 7).
Basic Principles of Data Security
Virtual assets need the same rigorous protection as physical assets; thankfully, many of the same tenets apply. Picture a vault that contains anything and everything a thief might want to get their hands on, physical or virtual. Someone responsible for the safe custody of those assets would certainly be considering the following, regardless of the form of the asset:
- Location – Knowing the location of physical assets has long been a basic principle in risk management. Are those assets in the vault or not? What needs to be in the vault? Understanding the location of assets and the relative level of security of each location is critical to managing risk. With the advancement of technology solutions, RFID tagging for equipment and furniture has specifically become a much more prominent tool for understanding the location of physical assets. Do you have as strong of an understanding on the location of your virtual assets as you do your physical ones?
- Security – How strong is that vault? What additional layers of security do you have around the physical structure? Do you have a human guard? Do you have monitored cameras? What is necessary based on the contents of the vault and the relative risks? The same questions need to be answered for virtual assets.
- Access – Who has access to the vault and its contents? How do they get access? Do we need two-factor authentication? Are we tracking what comes and goes from the vault? Now, this last question can certainly be challenging. With physical goods you would likely notice if something was missing from the vault, data not so much. Not only that, virtual assets are much easier to copy than are physical assets. Nevertheless, these measures are just as important with virtual asset risk management and need to be monitored.
Answering these questions and implementing solutions is complex and will require the expertise of skilled IT security professionals. However, whenever tackling a new and/or challenging problem, it is always made simpler when you can visualize the solution in your mind’s eye as a first step.
If you have questions about protecting your data, please contact me or any of our IT Services team members.
© Clark Nuber PS and Focus on Fraud, 2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Clark Nuber PS and Developing News with appropriate and specific direction to the original content.