Taking care of data management and security best practice
Nkhumeleni Kutama, Senior Business Intelligence Consultant at PBT Group
Every industry puts different expectations on its businesses. But regardless of this, any successful data management strategy requires governance and security policies to be put in place throughout the data lifecycle.
The strategy must support the business cases for data management while still measuring data maturity over time. Clearly defined data roles and responsibilities in focused business units will ensure the seamless execution of tasks as aligned to pre-determined accountability. To this end, a company should define, articulate, and implement the short, medium, and long-term objectives of their data management strategies.
Data security standards, guidelines, and usage policies must also be defined and implemented. Furthermore, data must be classified according to risk. For instance, personal information is one of the most valuable assets in any organisation and must therefore be highly classified.
Only then can security roles be created on the various data platforms to ensure the limited and controlled access of any individual. In conjunction with this, data integrity must be maintained to avoid unauthorised additions, changes, or the deletion of data.
From its creation in authoritative data sources, when it is stored in databases and processed using different analytical and visualisation platforms, and until such time it gets disposed of or archived, data must be secured.
Regulatory driving force
In South Africa, the Protection of Personal Information Act (POPIA) has been put in place to primarily protect the personal information being collected and processed across all public and private institutions.
POPIA, in force from June last year, means organisations must exercise caution when collecting and processing personal information. This is even more so the case when managing access to personal information within the business.
Beyond this, there is also the Cybercrimes Act which came into effect in December last year. This restricts any unauthorised access to data by criminalising hacking and ransomware.
Digital tools are rapidly evolving thanks to the availability of more advanced technology. There are data storage platforms with advanced security features from various providers. Backup and recovery tools can be implemented in an event that the data is lost or corrupted.
Network tools like firewall security can be enabled across an organisation. Virtual private network tools assist employees to access the network from outside the premises. Anti-virus and anti-malware are essential tools for companies to mitigate against the risk of unauthorised access to their servers and endpoint devices.
Beyond the tools put in place, organisations must also embark on user awareness training. This is essential when it comes to the levels of data sensitivity and what people can access and consume via different channels. Employees need to be trained on identifying and avoiding the different types of cybersecurity threats that put data at risk.
Organisations must require people to set complex passwords and frequently change them. Tools can be put in place to set reminders to do so as well as provide suggestions on password length and special characters.
For data management and security policies to work, all employees must be adequately trained. A company needs to keep abreast of new threats and implement preventative measures. This will not only reduce the risk of reputational damage but also the resultant cost implications.
Accountability must therefore reside with the appropriate internal stakeholders to ensure data management and security are continually managed.