What is the risk?
The recent data breach suffered by currency exchange giant Travelex will have sent shivers down the spines of IT data managers the world over, as hackers claiming to have downloaded 5GB of sensitive information demanded nearly £5m payment for its return.
The fallout from the incident was catastrophic and even descended into farce, with staff forced to carry out transactions using pen and paper because they were locked out of its computer system.
The lesson for everyone is that, while modern technology has made it easy to gather, store and share vast amounts of data, it is also all-too easy for companies to fall foul of problems.
For example, failing to use encryption when uploading data to a third-party cloud-based file-sharing services such as Dropbox or Google Drive means that you lose control over privacy settings and could suffer data leakage.
Another threat is the danger of home-working employees’ own devices being stolen or misused, with company data ending up in the wrong hands, or unwittingly using third party email platforms or storage apps without a thought to their security.
Then there is the danger of data not being backed-up properly, and it simply being lost.
What is included in an IT Risk Register?
The sheer number of possible dangers means that companies are taking a huge risk by not taking control, and the best way of doing so is drawing up and updating an IT risk register, which identifies the dangers, ensures that everyone is aware of them, and monitors their activity accordingly.
How to setup a Risk Register
Registers can be set up on spreadsheets or by using specialist software, and it should list all the places where data is stored and all the methods that are used to share it, whether it’s documents on Apple iCloud, Outlook emails on Office 365 or accounts on Quickbooks.
It should also set out and record what devices are being used by employees and identify all the other ways in which data is used.
All changes in practice or technology should be recorded, while the register should also identify training needs for employees to ensure that they know their responsibilities and best practice.
There are never any guarantees in anything, but simply by spending time looking into the possible risks and making everyone aware, it’s possible for companies to take control of their data and ensure that they don’t become the next Travelex to hit the headlines.
Feel free to get started planning your IT risks with our downloadable IT risk register. Please don't hesitate to contact our team if you have any questions or if you want to find out how Pensar can help manage your IT risks.