Data risk exists in all businesses, but do you have the right control framework in place to manage it?

If the front office is the brain of an investment management organisation and technology the skeleton that supports, protects and enables it to operate; then data is the blood pumping through its veins. Without the right data an investment management organisation does not survive. It may have the best brain there is but without that blood it will inevitably die. Data is therefore fundamental to the existence of an investment organisation but something of such importance comes with associated risks. It is critical that we protect that data and the quality of it, in order to continue to sustain the businesses’ future existence.

There are three top risks that present themselves to a business’s data and therefore need to be appropriately managed in order to protect the health of the organisation

  • Loss or leakage of data. It is critical that businesses manage any loss or leakage of data as it could be their prize asset walking out of the door
  • Integrity and accuracy. Data is fundamental to the operation of the business and ensuring that the data being used is accurate and reliable is essential
  • Misuse. Businesses often consume data from multiple sources and suppliers; there are varying rules and restrictions surrounding the usage and distribution of third party data that businesses need to ensure they do not breach

Data loss prevention is not a new concept but in a business landscape where data is king and cyber threats are becoming more creative and complex, ensuring that you are protecting your assets appropriately has never been more important. The impact of the pandemic has seen a significant shift in ways of working with a large number of businesses now operating a hybrid working model. Organisations, now more than ever, need to ensure that they have the right data loss prevention tools in place to protect inadvertent or deliberate extraction of information out of their perimeter. The IBM cost of a data breach report 2021 states that the average cost of a data breach was $1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not1. With hybrid working most businesses are offering staff between 2 to 5 days a week working from home, it is not unreasonable that staff will expect the same technical capability whether at home or in the office. An example is that businesses need to consider whether they offer staff the ability to print at home and accept the data loss risk that it presents. If businesses choose to disable printing from home for staff then they need to consider whether they have appropriate technology in place to mitigate the impact; front office and legal teams are notorious printers and annotators of documents, the technology on offer needs to enable this.

Data leakage is not the only threat presenting itself to businesses, external actors are readily lurking in the cyber shadows looking to pray on organisations by either stealing or disrupting their data flow. Alongside their data loss prevention tools businesses need to ensure that they have the right technical security controls in place to protect their data and any threats against it. Organisations need to ensure that they classify their data appropriately and where required ensure that the necessary encryption and technical security controls are in place whether the data is residing inside the businesses perimeter or in transit between themselves and a third party.

Maintaining the integrity and accuracy of the data that resides in the business is the next challenge. An investment management organisation needs to be able to depend on the accuracy and reliability of the data that it is using when making investment decisions. Fund Managers will always look to manipulate and transform data on the desk but this can create significant issues if trading from inaccurate positions or if errors occur in the process and other teams are required to investigate. An investment management organisation needs to identify its critical data elements; these are fundamental data sets that the business relies upon to perform its day to day activities. The journey that these data elements then take through the business on a day to day basis need to be mapped and documented. The journey must identify the source of the data, what teams or departments it touches, transformation that takes place and finally where it is consumed and for what purpose. In the event of an issue with a core data set these Data Lineage maps will allow businesses to be more effective in identifying and fixing problems before they become disruptive.

Data flowing through a business needs to be validated and cleansed before it is distributed downstream.  The creation of a golden record for operational data each day continues to be a major defence for organisations in protecting against data risk in their business. The implementation of an enterprise data management platform and subsequently ensuring that core technology applications are all fed by the same validated source data continues to be best practice for businesses in preventing trading from inaccurate records and maintaining integrity and consistency of data used in the investment lifecycle.

Investing is a data intensive business and there are a plethora of vendors supplying data to the industry today. All of these data providers have varying rules around the usage and distribution of their data by investment companies and it is very easy to end up on the wrong side of the rules if your teams are not well informed. The issue is that breaches of these rules can often result in fines or sudden heavy increases in fees. Unfortunately, there is no silver bullet for ensuring investment teams stay informed on the rules and guidelines surrounding the data they are using. Businesses though can proactively train staff at the point of onboarding a new data supplier, and Supplier Management functions can top this training up at regular intervals. Data champions who sit in teams have also proven to be useful in helping to ensure consumers of data continue to understand and follow any rules or restrictions that have been set out by providers. Businesses can also proactively manage their data suppliers and look to optimise their service model, reducing wastage or bloating and in turn reducing the risk associated with using large numbers of data vendors each with differing rules.

A business’s data is its life blood but it can also be its differentiator. Organisations must value their data and protect it from the internal and external threats that present themselves. Mirador Solutions can you help your business understand its data landscape and identify risks that reside in your business. At Mirador we can help you to implement a best practice control framework to manage the risk surrounding your data.

 

1 Source; IBM Cost of a Data Breach Report 2021