All reputations are built on trust. Let personal data fall into the wrong hands and that trust is blown in a single stroke. It's a risk that all businesses are waking up to. Not just those holding large volumes of customer data, such as credit card companies or government departments. Get it wrong and you can lose customers, contacts and key routes to market. Get it right and you'll reap the value of customers' well-earned trust.
Types of data, security and privacy risk
Security risks emerge from three operational areas:
People - according to their attitude to and awareness of roles and responsibilities, security strategies and training.
Processes - depending on the quality of your management reporting, monitoring and permissions controls, as well as Business Continuity planning, incident response procedures and GRC frameworks.
Technology - depending on how robust your network architecture, applications and network security systems are.
Getting it right
You need to understand how vulnerable you are. Do you hold large volumes of personal data? Do you work with governments or handle a lot of online transactions? And are you operating in high-risk countries such as China?
When you have identified areas of potential risk you need to be able to assess how exposed you are. How do your processes and controls compare with international standards (e.g. ISO27001)?
The next step is to plan and implement improvements. How worried are you about a data breach? What impact would a breach have on your organisation's right to operate? Have you done enough to prevent one?
Much depends on the awareness of your people throughout the business. Do users of your systems understand the need for the processes you have in place? Are they aware of how and why they need to respond to incidents and maintain the integrity of reporting procedures?
If your answers are positive then you'll know that your investment in data security, your incident response reviews and forensic investigations, your Business Continuity assessments and vulnerability tests, will deliver real value. You'll have a clear view of significant risks and a robust plan to defend against them. How's that for ROI?