Businesses need to be aware of developments and possible weaknesses in their digital environment so they are protected from cyber attacks that could derail them.
Information technology is now the cornerstone of nearly every business. Management can no longer adopt an ‘out of sight, out of mind’ mentality and delegate data security to the procurement or IT department.
Good data governance is built from a solid foundation of sound business processes, the effective use of technology and a well trained workforce.
Business processes are often vulnerable when new IT systems are implemented in a company. They are particularly susceptible if the management team does not communicate with IT when the infrastructure is being upgraded, or if the business does not consider existing work flows when new software arrives. If new compliance requirements are thrown into the mix it can lead to gaps in previously well established processes.
Implementing new technology is supposed to revitalise a company and improve efficiency, but it can also open a backdoor to expose confidential information. Promises of radical improvements to system bottlenecks can prove to be an irresistible temptation – and can be a huge pay off if carried out correctly.
The people who execute the processes and create and manage data in a company are the third key to good data governance. Hackers often target the weakest links and rely on untrained people in the workforce clicking on bogus links to create a domino malware effect. They may also have their identity stolen through unsecured webpages, or neglect to protect their passwords and other personal data. Ransomware, phishing emails and social engineering scams are now not just IT jargon, but daily newspaper headlines.
Cybersecurity is a recognised global concern and many governments around the world have introduced legisation to limit the risk and raise awareness of cyber defence and hygiene. Yet the fine line between ensuring transparency and managing the burden of compliance can be difficult as attacks step up in scale and volume.
In addition to meeting regulatory requirements, businesses should of course also consider whether their use of technology is effective and efficient for their purposes and factor into their risk planning new technologies such as:
• artificial intelligence and machine learning
• cloud solutions, remote access to data and other tools enabling a mobile workforce
• e-commerce, e-wallets and cryptocurrencies.
It is critical to consider the existing environment and potential scalability when implementing these new technologies, as this can make the difference between a successful launch and a flop.
Having considered compliance and IT security of the business, management may feel that the remaining risks need to be mitigated. This is where cyber insurance may be useful
The responsibilities of management and boards of directors have grown along with developments in technology. The challenges can be daunting. For example, it is vital that customer databases are stored in a secure location and suitable backups are readily available.
Shareholders will want to know the potential cost implications of IT infrastructure upgrades if expanding to another country.
For charities and non-profit organisations, there may be additional reputational risks that can affect the willingness of donors to support their causes if personal data is not seen to be secured properly.
While no industry or organisation is safe from the lure – and threat – of a fully digital organisation, an ounce of prevention may be worth several million dollars’ worth of cure.
For more information, please contact:
Forensic & Litigation Support Services,
Cybersecurity & Technology Advisory
Forensic & Litigation Support Services,
Nexia TS is a member firm of the “Nexia International” network. Nexia International Limited does not deliver services in its own name or otherwise. Nexia International Limited and the member firms of the Nexia International network (including those members which trade under a name which includes the word NEXIA) are not part of a worldwide partnership. Nexia International Limited does not accept any responsibility for the commission of any act, or omission to act by, or the liabilities of, any of its members. Each member firm within the Nexia International network is a separate legal entity.