While data is an undeniable asset for all companies, the General Data Protection Regulation (GDPR) reminds us to be cautious about individual rights. Like all wealth, data is desirable, and its increasingly frequent theft is harmful in more ways than one. A quick summary of the top 5 risks…
137 of the world’s 195 countries have data protection and privacy laws in place.
Companies that do not respect the law find themselves subject to sanctions: fines or prosecution, sometimes imprisonment with or without suspension for the manager. For example, a large hotel group was fined €600,000 by the CNIL for conducting commercial searches without the consent of the persons concerned and for not respecting the rights of customers and prospects.
It is better to know the legal requirements.
The next legal obligation is 2024 with the electronic invoicing obligation.
In order to avoid these legal risks, it is advisable to adopt a global approach and adapt it to the company’s strategy, for example, diversifying its activities or installing in new countries, which involves obtaining certificates for one or another standard for legal reasons, but also because it constitutes a competitive advantage.
The regulatory and normative clock allows to foresee the changes.
These rules and standards must be broken down into small digestible chunks to be translated into operational procedures and actionable processes by teams.
Once mechanisms are in place, they need to be certified and verified for compliance through internal and external audits. These audits can reveal deficiencies that need to be addressed through preventive and remedial measures.
A reputation can be tarnished by scandals, product recall campaigns, bad reviews on social networks, as well as information leaks. This was the case for a well-known sports store brand where 10% of its workforce was affected by the disclosure of personal information on the internet last year, and in terms of VTC drivers, a breach affected data. 57 million people, drivers and customers.
We must avoid data leakage from inside to outside due to unscrupulous employees or human errors, and cyber attacks by outsiders trying to access the company’s information system.
Be it routers, switches, storage, servers or operating systems, it is necessary to ensure that elements of the IT infrastructure are well configured and regularly updated.
An IDS (Intrusion Detection System) allows hackers to detect intrusions before it’s too late when they’ve been collecting data for months or years.
We can also build counter-attack systems to combat DDoS attacks that aim to flood servers with multiple requests. And of course, beware of malware hidden in emails.
An appropriate access rights policy based on metadata that is neither too strict nor too loose is more dynamic than a per-group definition.
Data Link Prevention features help limit the risk of data leakage.
The best answer for managing exchanges with the outside world is to use a secure collaboration portal. It avoids using online applications not approved by the IT department, called shadow IT.
Risk of loss of productivity / competitiveness
Information spillovers and bad work habits hurt productivity. As a result, searching for information becomes time-consuming.
At least 6 systems, accounts, or programs are used by employees every day, creating multiple copy-pastes. Similarly, the mailbox will be accessed 10 times per hour.
Poor information management increases the stress level of half of the employees. Almost a quarter affects overall professional satisfaction, and a third affects work-life balance.
Productivity problems can become HR problems.
In France, the absenteeism rate increased by 37% between 2017 and 2021, and among young people by 54% in 5 years.
We need tools that are easy to use and facilitate information retrieval. An accountant’s method of searching for information will not be the same as someone in IT or marketing, so you should not apply a single classification, but multiply classification angles without duplicating information.
Callbacks and workflows should be used to avoid failures.
The ideal is to provide a 360° view of information with a single interface.
Integration with Office tools and interaction with tools such as SharePoint are critical because they allow you to increase the power of the data management tool in these solutions. It avoids switching from one interface to another, wasting time, confusion and therefore errors.
Finally, it is important to measure good adoption of data management solutions and ensure that the adoption rate is optimal.
Human risk includes negligence and malice.
Whether it’s a lost professional USB key in a public domain or opening a spoofed email, human error is always possible despite IT protections.
Remote working increases risk with easy passwords, file sharing, phishing and hacking.
Another risk is the loss of awareness when an employee leaves the company, so there is interest in building collaborative workflows.
An access rights assignment policy prevents loss when an individual leaves the company. A good employee onboarding process can help prevent human error.
To see where the flaw lies, you need to have a good look at what happens when there is a data leak.
Companies do not realize how important it is to retain know-how, for example responses to tender calls can inspire future calls and be taken into account during project implementation. This is done by linking documents together: it forms a data graph.
Each company has its own technological heritage, systems that are expensive to maintain and manage, these systems no longer evolve, but they do not give up and eventually add SaaS solutions to create a thousand technological sheets. information that they then try to combat.
It is best to avoid multiple systems to avoid technical interference with operations, as each brings its own share of risks, to avoid service interruptions by guaranteeing high availability that requires redundancy, business continuity (PCA) and business recovery (PRA). In the event of an Internet outage in offices, for example, it is necessary to plan to switch to remote work.
It should be time-tested so that IT can scale and adapt to increased capacity, with extractable data, in a clear format, unencrypted, readable, guaranteeing some reversibility.
About the author
Malo Jennequin, Director of Pre-Sales and Solutions at M-Files