IT Risk Management – What you need to know
Monthly IT Support Update – November 2016
This month I’d like to talk about IT risk management. Traditionally, for the majority of businesses, IT risk management has been an afterthought, or not thought about at all. However, with most businesses almost complete reliance on technology to function, realistically it should be front and centre on any well thought out business strategy.
IT risk management covers a range of areas, but its primary goal is to identify threats and vulnerabilities within the organisation’s information resources, take measures to reduce the risk to acceptable levels while balancing cost, security and productivity to the needs of the organisation.
To give some basic examples of potential risks:
- Compliance obligations for confidential and/or client information.
- External emails sent with internal pricing, or editable pricing data – Word documents Vs. PDF documents.
- Bulk unsolicited email falling foul of the spam act.
- Staff having access to company files that are not necessary for their role.
- Remote access from non-approved devices, or unrestricted remote access.
- Mobile devices with unencrypted company data.
Due to the continually changing nature of business, and the IT systems used within it, risk management is a recurring process. This should be carried out both on a schedule as well as during the implementation of any new system or process.
If you’re interested in having a risk management audit performed on your environment please let me know – these are generally done holistically in the first instance and can then be broken down into single systems depending on the remediation required. This keeps costs to a minimum and allows higher priority items to be addressed more quickly. We also recommend that annual audits be conducted to ensure all systems remain compliant.
About the author:
Eden Freeman is Intuitive IT’s Director of IT and outsourced IT manager to our clients. Eden’s no-nonsense and practical approach to IT Management ensures his clients receive the best possible solutions for their IT needs. Eden works across our many and varied clients, ensuring best practice is implemented from a technology perspective and can communicate risks and ideas to the business at the same time. A unique and highly regarded set of skills that make him invaluable to the IIT team. Contact Eden here