Data breaches can happen anywhere, at any time; mitigation may be effected by instituting policies, practices and procedures organisation-wide to cover as much of the firm’s network, systems and devices (including storage) as possible. The SOPs may be as simple as logging out completely at the end of the day, or never divulging passwords to anyone, but having these in place may make it a little more difficult for hackers to breach the system.
Subject matter experts concur that where there is more difficulty than expected, hackers are likely to leave and move on to another, more vulnerable or open target. Companies need to consider a comprehensive data risk management framework that covers as many aspects of technology use as possible. Cyber risk, which is the possibility of any type of technology (or technological failure) disrupting the business, should also be a major focus. The framework for managing technology and data risk should include an appropriate assessment template for cybersecurity and data risk, so that the related risks can be identified.
One of the biggest technological threats today concerns systems breaches that result in stolen, corrupted or destroyed data which have serious, sometimes dangerous, repercussions. Technology and cybersecurity experts recommend that companies conduct a technology risk assessment to identify and prioritise the technology and data risks confronting the organisation, as a first step towards managing them. Firms should bear in mind that this is not a one-off process. Technology is dynamic; so are its risks. To be effective, identifying, assessing and mitigating risks associated with technology or IT and data, need to be ongoing activities..
Thus, it cannot be the job of just one person. A team is needed, with the prerequisite skills for identifying and assessing the risks, and developing plans to address them. The appropriate application of the correct tools will help teams categorise and prioritise risks, particularly according to levels of impact and probability of occurring. Careful documentation of these activities is important so that the firm will be able to react quickly when untoward events occur. Better still, careful documentation and analysis could help the firm anticipate these events before they happen. With technology and data risk, timing is critical.
19 The IERP® Monthly Newsletter September - November 2021