How do I make sure my data is secure?

This is a question we are often asked by our clients.

The answer is to

Use a Pragmatic Risk Managed Approach

The first stage is to identify where all your information is being stored and categorise it between Public and Highly Confidential.

Next you should identify all threats and vulnerabilities to this data. This need not be technical threats as employed by computer hackers. Instead these threats may be simpler but also more damaging. Could you stop a disgruntled under performing sales executive take a document containing all of your client and sales information to a competitor?  Would you know if this had happened?

The next stage is to risk assess all of the threats and vulnerabilities you have identified to produce a risk score against each one.
for Instance a threat could be

Client Sales History files are accessible by all users therefore there is a risk of data leakage bya disgrunled employee

This could have a serious impact (4 out of 5) upon the business and  as we have a high churn rate of sales people then the probability could be high (3 out of 5).
We calculate the risk score by multiplying the probability by the impact giving us a risk score of 12.

Once all these risks are collated into a central point we can then sort each threat by risk order.

You can then produce action plans on high risk areas to lower these risks. This could be as simple as revising an internal procedure or as complex as installing new systems.

In the above example risk reducing action could be to

Compile list of all users who need access to Client Sales History. Restrict access to only those users that need it. Also split documents down by sales area

By limiting access then we can lower the probability to 1 and by splitting the documents down by sales area then we are reducing the impact of a data leak to 2. This then leads to a residual risk score of 2

With some items your company may not be able to reduce the risk. In this case you may well elect to accept the risk. However the fact that you have identified the risk and can review it at regular intervals will be an achievement in itself.



PragmatIT IT Services have extensive experience in Information Security

We have worked in Financial and Legal Services for 15 years and have experience in

ISO27001 as well as PCI-DSS

 We provide a pragmatic common sense based approach.

To arrange a free review of your Information Security

Call us on 07896 845022




Comments are closed.