Solving business problems: how to control data to reduce risk

26 Apr, 2019

As a business leader, you’ll recognise that data is both an asset and a risk. IDC estimates that by 2025 the world will create and replicate 163ZetaBytes of data! That’s a tenfold increase on data processed in 2016.

With the increase in data volume and complexity, coupled with the potential fines under GDPR when data is mishandled, leading businesses are making herculean efforts to manage their data before the situation becomes potentially more challenging and chaotic. However, many businesses simply cannot afford the number of staff required to fulfil the manual processes necessary to stay on top of their data as it is now, let alone as it grows. That is until now…

Clearview Systems, one of our ISO 9001 and ISO 27001 clients, has developed an information management platform, Infoboss, that automates and simplifies data management, freeing up staff for other business critical activities such as building stronger client relationships and improving products and services.

We caught up with Mark Hobart, Managing Director of Clearview, to find out what business problems Infoboss solves.

Discovering the extent of a data estate

Even for organisations with a good handle on their data, manual data handling is rife with problems as it is costly, slow and prone to human error. Clearview spotted a gap in the market for a solution which would take the hard work out of data management so organisations could regain control of their data.

Infoboss does this by finding, classifying and cataloguing an organisation’s data, whether within Word processor files, PDFs, spreadsheets, emails, databases, cloud storage (such as Dropbox, Google docs etc…) during a discovery phase which is often eye-opening for clients.

Mark explains, “Organisations often struggle to understand the data they already have. This is especially true when the data is in an unstructured format such as that within documents or free text fields in an application database. The discovery phase of an Infoboss implementation automates the identification of any files or data that contains personal, sensitive and other company relevant information and presents the findings in a visually engaging way…all without a member of staff having to open a single file. It’s a game-changer for Compliance Managers.”

Preventing the wrong people from having access

Infoboss can find HR files in public areas, duplicate copies of data extracted from CRM systems and other sensitive data, all squirreled away in hard to locate folders or emails. As over 50% of data breaches are carried out by an ‘insider’, eradicating such risk is a key step in protecting a business against the reputational damage caused by data loss as well as the financial cost of a data breach. Mark explains, “Without Infoboss, organisations are at increased risk financially; with the average cost of a data breach in the UK now at £99 per record (Source: IBM), the potential damage soon adds up. For example, an organisation with 10,000 records could be exposed to over £1 million worth of costs in the event of a breach.”

Complying with data retention policies

Infoboss can help staff identify files that should have been deleted to comply with data retention policies. Mark explains, ”If an organisation has a policy of only keeping, say, board meeting minutes for five years, any board meeting minutes over five years old located during the discovery phase can be easily identified for erasure. It only takes a few minutes to identify data retention issues in your data and then setup monitoring procedures to alert you if issues occur in the future.”

Making data migration easier

The discovery phase can also help organisations looking to migrate to new data platforms, such as Office 365, SharePoint and OneDrive in the cloud. Just as we cull our unwanted possessions when moving house, Infoboss helps to quickly identify Redundant, Obsolete & Trivial (ROT) data which can then be omitted from the migration programme. It is not uncommon for an organisation to find that over 33% of its data can be classified as ROT. The business cost of managing this data is estimated to be $3.3 trillion globally by 2020 (Source: Veritas 2016). Identifying and eradicating this data can therefore both save cost and reduce the risk of data breach.

Ensuring ongoing compliance

It is possible to use Infoboss simply for its discovery capabilities but its real power lies in its ability to enable cost-effective ongoing compliance.

Automated ongoing monitoring

Infoboss’s automated monitoring tools can check data against set rules, flagging up areas of concern, such as employees having access to data which should be restricted. Mark comments, “Under PCI DSS (Payment Card Industry) Regulations, all businesses should have identified where credit card information is stored and know who has access to it. However, it is common for customers to email in credit card information and this then gets stored in email systems and/or accidentally retained in CRMs. Infoboss can search for this hidden data so a Compliance Officer can take action to restore compliance. Similar searches can be run for passport numbers, NHS numbers and details of customer disabilities. The uses are endless, for example, checking consent for marketing, automated processing, child data, ensuring right to be forgotten is enforced and so on. Should the rules change, a new search can easily be setup and run to a schedule you decide.”

Tracking down potential data leak sources

Infoboss can be used to track who is looking at data. Should a firm suffer a data breach, it can easily identify any employees who searched for the data in question around that time. Mark comments, “With over 50% of data breaches originating from insiders, the need to monitor who has access to what and when is crucially important. Infoboss can help identify data erroneously stored in public employee shared storage areas, greatly reducing the risk of an accidental data breach occurring. Infoboss can also dynamically monitor application logs to identify what is happening on your systems and flag up any unusual activity.”

Managing missing data

Data quality is a big issue for many organisations. Infoboss can identify missing or inaccurate data, enabling data cleansing or improvement programmes to be put in place. It can also check data validity within mandatory data fields. Mark comments, “Ensuring the quality and integrity of data is a big issue for many. Data quality problems can easily take root and become well embedded in the organisation’s business as usual activity. For example, many systems have a mandatory date of birth field which automatically defaults to a set date, such as ‘1/1/1900’. Busy or untrained operatives will accept this date of birth, meaning that the data held is incorrect, i.e. your customer is 119 years old! It’s not very helpful when looking to undertake aged based segmentation or perhaps send a birthday greeting! Infoboss allows users to find out in seconds if such inaccurate data affects a handful or majority of records.”

Keeping on top of data that goes out of date

Infoboss alerts can notify users when data needs to be updated, reducing business risk. Mark explains, “Landlords can be personally liable if they rent out a property without a valid gas safety certificate. Obtaining the certificate is the landlord’s responsibility. If your only record is a digitally stored certificate then the ability to interrogate the file, derive the renewal date and alert you when it’s due would normally be a manual process. However, Infoboss can run an automated email alert which will highlight any certificates due for renewal, saving time and reducing risk of non-compliance.”

Checking that training works

InfoBoss can also be used to check that staff are consistently following company protocol and procedures. Mark comments, “Infoboss has a myriad of uses beyond those which are obvious. For example, a Customer Services Manager may wonder if recent training about addressing clients as ‘Dear Sir’ or ‘Dear Madam’ in letters had a lasting impact on staff. They can use Infoboss to search through thousands of letters within seconds to find out how many letters didn’t comply and, most importantly, whether specific individuals require further training. They can do a similar search to ensure that mandatory reference numbers are included or to check that sales people are including details of a new promotion or customer satisfaction survey in their emails. Each time we have a new client, they find a new use for it!”

Freeing up information

If your organisation receives Data Subject Access Requests (DSAR), you can save considerable time by using Infoboss to automate the data collation required to fulfil your obligations. Mark explains, “Infoboss is invaluable for organisations receiving frequent DSARs. There’s no longer a need to employ two or three people on upwards of £20k a year just to service DSAR requests. Infoboss enables you to search across your data and identify matches instantly. You can then export all of the matching data along with emails and document attachments into one place where it can then be redacted and distributed to the recipient. This can save a lot of time for many organisations.”

Finding out more

If you’re interested in Infoboss, please contact Mark on 01905 679 820 to request a demo or visit the Clearview website.

If you’re interested in finding out how ISO 9001 and ISO 27001 has helped Clearview, you can read our case study.