Wednesday
Jun222011
What technology trends are having a huge impact on risk management?
Wednesday, June 22, 2011 at 3:59PM The latest trends in information technology have a huge impact company-wide, from the IT department implementing new resources to the managers and executives who utilize them. Each office, person, and device add a dimension of risk, cost, storage, and compliance. I’d like to focus on the risk component, and how the information technology trends we are seeing today are challenging risk professionals, more than ever, to know what they are dealing with. And like Charles Tremper once said, “The first step in the risk management process is to acknowledge the reality of risk. Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning.” So let’s get to acknowledging.
Social Chaos
You’ve seen this right? Over 300,000,000 views - a number not to be confused with the population of the United States. An incredible feat if this were a product launch marketing campaign, a terrifying one if this were an incriminating video of a company manager. The risks social media pose to a company are on two levels - individual and company-wide. While many employees like to keep their personal social media accounts and posts separate from their career, the social network has proved it impossible to completely isolate the two. Social media policies should be in place for personal accounts as well as a companies’ official accounts. Policies should specify what employees need to be careful about, if and how they can use the company’s identity, news, and information, and how the company will enforce its policies. This policy should be especially ingrained in, if not written by, those handling the company’s social media accounts. They are essentially the face of the company, from a social network’s perspective, and their presence should be managed with that in mind. Companies also face risks not only in what they and their employees are saying online, but in what their customers are communicating. Reputation management is critical in this age of rapid information transmission, and knowing what is being said about your company in all corners of online media is important to minimizing risk.
The Paperless Rush
“Paperless” became a buzzword as far back as the ‘80s and though there are still millions of tons of trees being pulped each year, people are finally realizing the cost reductions in less paper and less storage in an office. The federal government, for example, plans on issuing benefits checks electronically this year, with a projected cost savings of $120 million. However, having a green, portable document management system can be too good to be true if proper data security precautions are not taken. Data stored digitally, especially in web-based platforms and/or “clouds” means the risk attached to that data increases exponentially with every data touch point. For both providers and customers, online banking and account management makes life easier, but with such sensitive information being transmitted, you’ve created a giant, blinking, bulls-eye, beckoning to every computer hacker with an Internet connection.
Cloud Computing
Along with the previously mentioned risks of data stored and accessible over the web, the trend towards storing all data, externally, in “clouds” adds its own risks. When data is no longer stored on your computer, device, or in-house, it can easily be “out of sight, out of mind.” It’s liberating to put data into a space with seemingly endless storage and minimal management requirements, via web mail, applications, software, etc. The problem is the responsibility of the data’s security is not eliminated but simply shifted - usually to an entity outside of your company’s walls. It’s imperative to ensure all data is backed up and know the path it takes from your device to occupy it’s eventual cloud service. It’s also essential to know who is accountable for the data at each point in that transmission process or it’s very possible no one will be.
Smart(er-Than-You-)Phones
As the percentage of Americans on smartphones creeps steadily towards the 50% mark, companies are racing to make their services and products mobile-friendly. Anyone who has tried to access a webpage on their smartphone knows we only wait up to about 60 seconds and if the data hasn’t loaded we are on to the next thing. This pressure is employing app developers around the world, and expanding Droid and Apple app stores at an alarming rate. The problem is when functionality, design, and cost-reduction take precedence over data security. Risk managers recently named mobile applications and devices as number one on their list of concerns for 2011. There is a tendency to connect networks, people, and media via an app without considering who is monitoring the data at each step. While app users may seem unconcerned, they will still be quick to blame the app developers and suppliers should any breech in data privacy or security occur.
Teleconferencing/Skype/Telecommuting
I sincerely enjoy watching someone use Skype for the first time. It really is an incredible tool, connecting faces in real-time across oceans and continents, enabling group conferencing and calls to landlines and cell phones. Anyone who travels a lot can also appreciate how it enables you to continue working with those you depend on no matter where you are. But like the cloud, it’s easy to fall into the out of sight, out of mind routine when it comes to employees and information in different locales. An employee working from home may take every precaution they know of to back up and manage data securely, but ultimately the device they are working from is not under the carefully managed umbrella that is the company office building.
Unhappy Employees
We’re pretty used to seeing updated unemployment statistics on the daily news by now. It’s also not as surprising as it used to be to learn that a friend or family member has lost a job. Companies are taking every measure possible to retain workers but in uncertain economic climates, disgruntled employees, whether fired or watching their coworkers being fired, are plentiful. Bonuses and pay raises on average across all industries have decreased since 2009, and even as businesses have been getting back on their feet this year, managing employee morale has remained on the priority list. Combine unhappy employees with a sense of entitlement and power to company data and information and you get, you guessed it, data security risk. With workforces slimming and changing to manage expenses and company vitality, keeping up with which employees have access to what data is critical to risk and reputation management.
Updates, updates, updates
Seems like a new iPhone comes out every week, huh? New browsers options, new software versions, new applications, new and improved hardware. Thoroughly cleaning out the old is just as essential as revitalizing with the new, because conflicting versions of applications, anti-virus software, hardware with inferior capabilities etc. can keep your operating system from running smoothly and doing the best at whatever you have employed those applications and devices to do. And every new application or program installed, especially since these days most connect to the Internet for at least one function, is another route through which destructive malware can enter your system. Reminding employees not to approve every pop-up in their new Chrome browser, to not put their information in forms without a security certification or the latest spyware, or to properly dispose of old devices, is just as essential as monitoring company-wide equipment and program usage.
Conclusion
Technology is transforming our world faster than we ever thought possible. While we ride the wave and reap the benefits, it’s imperative to be watching for the consequences and monitoring the risks. What other technology trends are causing heightened levels of risk management for your company? Do you see any of the above becoming more or less of a risk as time goes by? Share your thoughts below.
Social Chaos
You’ve seen this right? Over 300,000,000 views - a number not to be confused with the population of the United States. An incredible feat if this were a product launch marketing campaign, a terrifying one if this were an incriminating video of a company manager. The risks social media pose to a company are on two levels - individual and company-wide. While many employees like to keep their personal social media accounts and posts separate from their career, the social network has proved it impossible to completely isolate the two. Social media policies should be in place for personal accounts as well as a companies’ official accounts. Policies should specify what employees need to be careful about, if and how they can use the company’s identity, news, and information, and how the company will enforce its policies. This policy should be especially ingrained in, if not written by, those handling the company’s social media accounts. They are essentially the face of the company, from a social network’s perspective, and their presence should be managed with that in mind. Companies also face risks not only in what they and their employees are saying online, but in what their customers are communicating. Reputation management is critical in this age of rapid information transmission, and knowing what is being said about your company in all corners of online media is important to minimizing risk.
The Paperless Rush
“Paperless” became a buzzword as far back as the ‘80s and though there are still millions of tons of trees being pulped each year, people are finally realizing the cost reductions in less paper and less storage in an office. The federal government, for example, plans on issuing benefits checks electronically this year, with a projected cost savings of $120 million. However, having a green, portable document management system can be too good to be true if proper data security precautions are not taken. Data stored digitally, especially in web-based platforms and/or “clouds” means the risk attached to that data increases exponentially with every data touch point. For both providers and customers, online banking and account management makes life easier, but with such sensitive information being transmitted, you’ve created a giant, blinking, bulls-eye, beckoning to every computer hacker with an Internet connection.
Cloud Computing
Along with the previously mentioned risks of data stored and accessible over the web, the trend towards storing all data, externally, in “clouds” adds its own risks. When data is no longer stored on your computer, device, or in-house, it can easily be “out of sight, out of mind.” It’s liberating to put data into a space with seemingly endless storage and minimal management requirements, via web mail, applications, software, etc. The problem is the responsibility of the data’s security is not eliminated but simply shifted - usually to an entity outside of your company’s walls. It’s imperative to ensure all data is backed up and know the path it takes from your device to occupy it’s eventual cloud service. It’s also essential to know who is accountable for the data at each point in that transmission process or it’s very possible no one will be.
Smart(er-Than-You-)Phones
As the percentage of Americans on smartphones creeps steadily towards the 50% mark, companies are racing to make their services and products mobile-friendly. Anyone who has tried to access a webpage on their smartphone knows we only wait up to about 60 seconds and if the data hasn’t loaded we are on to the next thing. This pressure is employing app developers around the world, and expanding Droid and Apple app stores at an alarming rate. The problem is when functionality, design, and cost-reduction take precedence over data security. Risk managers recently named mobile applications and devices as number one on their list of concerns for 2011. There is a tendency to connect networks, people, and media via an app without considering who is monitoring the data at each step. While app users may seem unconcerned, they will still be quick to blame the app developers and suppliers should any breech in data privacy or security occur.
Teleconferencing/Skype/Telecommuting
I sincerely enjoy watching someone use Skype for the first time. It really is an incredible tool, connecting faces in real-time across oceans and continents, enabling group conferencing and calls to landlines and cell phones. Anyone who travels a lot can also appreciate how it enables you to continue working with those you depend on no matter where you are. But like the cloud, it’s easy to fall into the out of sight, out of mind routine when it comes to employees and information in different locales. An employee working from home may take every precaution they know of to back up and manage data securely, but ultimately the device they are working from is not under the carefully managed umbrella that is the company office building.
Unhappy Employees
We’re pretty used to seeing updated unemployment statistics on the daily news by now. It’s also not as surprising as it used to be to learn that a friend or family member has lost a job. Companies are taking every measure possible to retain workers but in uncertain economic climates, disgruntled employees, whether fired or watching their coworkers being fired, are plentiful. Bonuses and pay raises on average across all industries have decreased since 2009, and even as businesses have been getting back on their feet this year, managing employee morale has remained on the priority list. Combine unhappy employees with a sense of entitlement and power to company data and information and you get, you guessed it, data security risk. With workforces slimming and changing to manage expenses and company vitality, keeping up with which employees have access to what data is critical to risk and reputation management.
Updates, updates, updates
Seems like a new iPhone comes out every week, huh? New browsers options, new software versions, new applications, new and improved hardware. Thoroughly cleaning out the old is just as essential as revitalizing with the new, because conflicting versions of applications, anti-virus software, hardware with inferior capabilities etc. can keep your operating system from running smoothly and doing the best at whatever you have employed those applications and devices to do. And every new application or program installed, especially since these days most connect to the Internet for at least one function, is another route through which destructive malware can enter your system. Reminding employees not to approve every pop-up in their new Chrome browser, to not put their information in forms without a security certification or the latest spyware, or to properly dispose of old devices, is just as essential as monitoring company-wide equipment and program usage.
Conclusion
Technology is transforming our world faster than we ever thought possible. While we ride the wave and reap the benefits, it’s imperative to be watching for the consequences and monitoring the risks. What other technology trends are causing heightened levels of risk management for your company? Do you see any of the above becoming more or less of a risk as time goes by? Share your thoughts below.
Reader Comments