Data security has been one of 2016’s biggest topics. Major data breaches of several high-profile large companies came to light, including the Australian Red Cross where 1.3 million donor records were leaked online, Australia’s largest data breach to date.
According to the 2016 Ponemon Institute Cost of Data Breach study, the average cost of data breach to a company is $2.64 million, with the biggest consequence of data breach being lost business. The 2016 Ponemon Institute Data Protection Benchmark Study showed that organisations around the world deal with an average of 20 data loss incidents every day.
In most instances data breaches are attributed to ‘human error’ or even mistakes made by third party IT providers. However, in many cases the biggest contributing factor to data security is operational complexity.
Throughout organisations there are duplicated, contradictory and outdated processes for how data is treated, representing a significant risk. In addition to this, there are myriad of policies and regulations an organisation and its employees must adhere to, such as the Privacy Act, making it incredibly difficult to achieve a compliant and consistent approach to data management.
A need for transparency
This complexity leads to confusion, particularly in regard to front line employees who often lack a clear understanding of their roles and responsibilities in regard to the access, modification, management and storage of data.
When it comes to data security, clear processes around data treatment and management must be created. In addition, the treatment of data needs to be consistent and streamlined across the entire organisation to help build resilience against data breaches and cyber threats.
At the organisational level there needs to be full transparency across the operational environment of people, processes, systems and controls, and a robust framework which links this environment with data security polices and regulations.
A lack of clarity of how data management policies are linked through the value chain to employee actions, not only poses significant risk factors, but the extent of that risk will be difficult to assess.
For instance, for changes or updates on data security to be implemented, management needs to be able to see from a top level perspective, how those changes or updates will affect the value chain.
What systems will be impacted? What processes will need to be modified? Will compliance be maintained? What will be the associated risks?
Communication is vital
Standard operating procedures only go so far. In light of changing regulations and technology, communication is paramount in educating employees on the correct processes in relation to data management and security and ensuring compliant and secure practices. Employees should also be easily able to understand the processes, systems, policies and regulations that are linked to their role so they can understand how to mitigate data security risk but actually implement appropriate protective measures.
In times of change, whether it’s new technology or updated legislation, communication is critical. Before your people can implement the necessary changes, those impacted by changes or responsible for implementing change must understand them.
How can this all be achieved?
Data management and security will remain a critical issue. In the October 2016 Draft Report from the Productivity Commission on Data Availability and Use, ‘sharing of data across the public and private sectors could facilitate leveraging of technology to improve individuals’ and entities’ interactions with government, improve the integrity of systems and increase administrative efficiency. In taking advantage of great use of data, it is important to give appropriate attention to other interests such as privacy, security and intellectual property’.
It’s an issue that affects the organisation as a whole, and thus it should be managed in a holistic and integrated way. Utilising the right type of business management systems that links processes, people, controls and regulations, can help to maintain data quality as well as allow for comprehensive risk analysis.
Organisations that don’t place data management as a priority are likely to be the ones that struggle to gain efficiencies across their value chains, but that are also likely to be more vulnerable to data security risks which will have business, reputational and societal impacts.
Holocentric helps organisations to improve performance by helping them to understand how people, process and technology come together to satisfy client needs, meet regulatory obligations and achieve business outcomes. The Holocentric BMS addresses the gap between enterprise systems and business needs by acting as a dynamic model of your business operations that draws upon the relationships between all aspects of operations. http://www.holocentric.com/