Questions businesses or enterprises need to ask themselves is how to protect, store and handle their data. What is just as important is how the data should be managed. Should the data be stored and for how long? What data is the most valuable and needs the most protection? What data is more valuable to the company today and what will be more valuable in the future?
Some companies do have a Chief Data Officer and systems in place to categorise data, but those who don’t can find these questions difficult to answer and therefore keep all there data in one lump to sort through later. According to a report, ‘Not All Data Is Created Equal: Balancing Risk and Reward in a Data-Driven Economy’ compiled by Gregory Fell and Mike Barlow, they interviewed a data strategy consultant, Q. Ethan McCallum, who said in doing this companies miss out on potentially useful data and also could be holding onto harmful data.
McCallum also said that the value of data would be different to different people and it is important to know the 5W’s and H of the data, which would let anyone know who is using it, what it is being used for, and where, when, why and how it is being used. Having this knowledge would help a company package its data correctly and help in identifying the data’s value to the company as a whole and how it should be protected. This can also be worked out by using the ‘golden rule’ of corporate data security, which was discussed in the report by Fell and Barlow, and boils down to not spending more than the data is worth on protecting it.
Another method utilised by companies to manage their data risk and analyse it in relation to the value of data is to use the CIA method, which stands for Confidentiality, Integrity and Availability. The confidentiality of data indicates the secrecy it requires, the Integrity would outline its consistency and accuracy and its availability would refer to the level of reliability needed in the systems that process and store the data. Each category is allocated a score out of three, with three being the highest and one the lowest. Once this is done, the company is able to calculate the risk and how much it will cost the company if that data was lost. Using this information, a company can make decisions on how to more effectively implement its BDR plan to protect valuable data.
Independent anti-fraud strategy advisor and former director of the Deloitte Forensic Center, Toby J.F. Bishop, suggests a company should visualise the risk/reward trade-off of data using a quadrant grid. The grid would measure rewards on the y-axis and risk on the x-axis. The data in the upper right quadrant would be high risk and high reward, which would prompt higher data control, while the data in the lower left quadrant would be of low risk and reward. Here the company could implement ways to increase the profitability or it may eventually become of too high risk and need to be purged. Using the logic in the above examples a company would be able to map out the risk/reward of their data and deal with it accordingly.
Regardless of the many methods a company decides to implement, proper data management is crucial to a strong BDR strategy, as data is a valuable asset, and all assets in any business need to be utilised to their full potential to increase profitability.