Topic Teasers Vol. 59: Plugging People Risks

Have a question you would like to submit as a potential Topic Teaser? Send a message to Barbee Davis today!

  Risk Management  

We recently had a data breach in my department that caused a serious problem with our public image, not to mention financial losses. Obviously, we want to be sure we are carefully protected going forward. This appears to me to be an IT issue, but I have been asked for my input about additional safeguards. What can I do at the project manager level to help insure that this sort of event is squarely in our past?

A. Do not allow employees to work on mobile devices or in a BYOD (Bring Your Own Device) scenario. The only reason most people want to work on their own technological equipment is so that they can take company resources and access codes with them when they leave.

B. Outsource your data to a third-party contractor. As part of the contract, make sure that they will take responsibility and pay reparations should a future infiltration happen. Transferring risk is one of the four suggested strategies for dealing with negative risk.

C. Set up an internal audit of employees and their usage of organizational systems, especially in times of personal stress. Insider risk is an often overlooked factor in data breaches.

D. Yes. While you don’t have the typical risk issues, you have new and potentially more damaging ones that are seldom addressed in most IT environments. Use some business analysis tools to assess and deal with them.

(scroll down for answer…

Please log in or sign up below to read the rest of the article.