IT risk management is an important aspect of a successful business, especially those that deal with financial and other sensitive information.
More companies in Ireland, for example, are recognizing that data protection is vital to retain customers, maintain an exceptional reputation and remain competitive with rival firms in the industry.
Unfortunately for these organizations, they are learning these lessons the hard way.
According to a study by the Irish Computer Society, IT risk management is becoming a more integral part of business operations not because of successful training and policy programs but because of first-hand experiences with data breaches. In fact, 58 percent of the more than 300 IT administrators surveyed said their company was victim to a breach within the past 12 months, the study noted. Interestingly, these incidents weren't caused by external powers, but instead were mainly derived from employee negligence, lack of awareness or internal operations failing to remain diligent.
As a result, more than one-third of survey respondents said their company places IT risk management too low on the list of priorities. Meanwhile, 28 percent of information technology administrators believe the problem is sheer employee negligence, as an additional one-third of respondents were unsure if their organization even had a form data protection policy in place, according to ICS.
"Employees might appreciate the importance of data security, but organizations need to instill a culture of compliant data management," ICS consultant Hugh Jones said in the report. "Clear policies and procedures are vital, with regular refresher training and timely reviews to ensure that [staff members] are complying with the structures. It is as much a case of protecting the organization's commercial reputation, as it is of protecting the individual's privacy."
Assessing and identifying the potential risks is an important part of managing the situations. Organizations should consider what data is sensitive and how they can protect it efficiently without disrupting the entire company.
This is especially important in transaction management for firms that deal with customer finances. PCI compliance is an important part of these organizations and administrators should ensure that regulations and guidelines for their particular industry are followed.
Taking a companywide approach to the problem is the only way to mitigate risk, as IT likely penetrates the entire business and will affect more than one aspect of it if something goes wrong.