Blog

“We don’t have data others would want”. I hear that statement quite often from executives and business owners regardless of size or industry. It typically prompts several data governance questions from me.

How do you know?  

What steps have you taken to understand your data? 

What information is important to you or your competitors? 

What information would be most damaging to your business if it became public? 

How do you plan to stop someone from stealing your data?

In the 2015 RSM Manufacturing & Distribution Monitor Survey¹, most businesses reported that their information is at little or no risk. Despite the concerns of some executives participating in the study, very few felt that their information is actually at risk. Although cyber-attacks and data breaches continue to make headlines, most companies feel they are immune to such a threat.

While many of the reported stories of information breaches involve large, well-known companies such as Target, Barnes & Noble, Nortel, Nissan, and others, in the world of cyber-crime size doesn’t matter – only information does. Just because an information breach isn’t splashed in the headlines doesn’t mean it isn’t happening. Companies large and small across the country and our region deal with this every day and the reality is that your business could be next. One company’s Internet footprint looks the same as another to anyone interested in finding something of value, whether it’s credit information, personnel information, intellectual property such as engineering drawings or processes, technology or other industrial assets.²

Cybersecurity is moving to a business imperative that is enabled by IT. No longer is this just an IT issue keeping your CIO up at night. Many boards and audit committees are finely tuned in to what is going on around the world related to cybersecurity and data governance. Executive leadership is increasingly being held accountable for protecting the company’s information assets. Regulators have continued to up their cyber game and pay closer attention to how a company’s information security program could impact the going concern of their business.

A strong information security program can facilitate business growth, create market advantages, and build brand trust. Data privacy and trust have become critical business requirements as exponentially more consumer and business information is generated and shared with your partners. 

What can your company do now?

Data governance is the foundation to implementing an effective information security program.  Unfortunately, there is no one size fits all approach. I would suggest that you kick start your data governance approach with three simple questions:

1. What is your most important data?
2. Who would want this information?
3. What are you doing to protect it?

Be thorough with the evaluation and document the findings. Performing this data inventory takes time; however the end result will provide significant insights in to the effectiveness of your current information security program. Cyber security and data governance are key components of your broader enterprise risk management activities. Taking a systematic approach to understanding, managing, and monitoring risk can give management better insight into company operations and may even allow your company to turn certain risks into opportunities.

A risk-management program can help identify, prioritize and monitor risks both inside and outside an organization.  Steps in such a program include the following²:

• Establish a formal, disciplined framework and governance strategy
• Formalize the process to identify all key risks within the organization, including their likelihood and impact
• Develop quantitative and qualitative measures
• Quantify risks, examine risk treatment and determine risk gaps
• Establish risk monitoring processes and continuous improvement opportunities

By implementing this type of program, executives can be justified in feeling that their information risks have been minimized.  With the rise in information breaches, keeping your data secure can be a competitive edge.

Just remember, you can’t protect everything, so be sure to protect what’s most important to you.

1 2015 Manufacturing & Distribution Monitor, RSM

2 Managing information security risk, RSM

Matt Hoverman is a director with Gilmore Jasion Mahler, LTD and leads the Firm’s IT consulting practice. He has spent his career helping businesses assess their risk level and creating a plan to secure their information.  Learn more about Gilmore Jasion Mahler’s risk advisory services when it comes to protecting your company’s data.