This article is the first article of a three-part series focused on data protection for shared services. To access additional articles in the series, please see below.
Due to their transactional nature, Shared Services Organizations (SSOs) often control much of an organization’s confidential and restricted personal information. This is exactly the kind of information prized by cyber criminals. Because SSO employees must access this data to perform their jobs, there is additional risk of this sensitive data being compromised, either maliciously or unintentionally. While most organizations have enterprise security programs, this may not be enough. The sensitive nature of these operations merits additional measures, and it often falls to SSO leadership to implement them.
Data breaches are pervasive, hard to detect, and expensive:
Data ownership and protection require a proactive approach to mitigate the risk of data loss and its consequences.
SSOs operations include several risk factors:
Even with these risk factors, SSOs struggle to implement data loss prevention measures due to uncertainty of security responsibilities and competing priorities. But SSOs are data breach targets; data protection is an essential SSO program that needs to be prioritized in order to protect sensitive data.
Data protection is a strategy for preventing sensitive or critical information from leaving the corporate network. A shared services data protection program identifies the appropriate policies, procedures, and controls to prevent loss of important, personally identifiable information or other confidential data that may have negative legal, financial, or reputational ramifications.
The program may include supporting technologies with data protection capabilities:
These prevent distribution or leakage of sensitive data (either intentionally or not) and are a necessary component to a holistic, robust data protection program.
To begin building your program, you will need to determine the specific data risks your program must cover and identify the key stakeholders that must be engaged. Part Two of this series, Building the Foundation of Your Data Protection Program, provides a step-by-step guide.
ScottMadden can help you understand and resolve your shared services security issues by improving how you manage and govern cybersecurity. We provide a strategic, outcome-driven approach customized to your organization’s needs that entails four key actions: (i) identify the biggest security risks for your operation; (ii) assess the appropriate risk response; (iii) establish success measures for your security program; and (iv) determine how best to get you to the desired state.
ScottMadden is recognized as a shared services expert. We understand shared services operations, their risks, and the security practices that work best in these environments. Leveraging institutional knowledge and expertise, our experts can help you achieve your shared services security goals.
Please visit www.scottmadden.com to learn more about the services we offer.
Additional Contributing Authors: Jonathan Harb and Talha Sheikh
Sussex Economic Advisors is now part of ScottMadden. We invite you to learn more about our expanded firm. Please use the Contact Us form to request additional information.