The barbarians inside the gate
Why you need to take a second look at digital risk
“Computers have enabled people to make more mistakes faster than almost any invention in history, with the possible exception of tequila and handguns.”
Digital risk. As we approach the 25th anniversary of the Web’s birth, this term has emerged as the new monster under the bed for CIOs and corporate digerati everywhere—and not without good reason. As Gartner reported in 2014,
“By 2020, 60 percent of digital businesses will suffer major service failures due to the inability of the IT security team to manage digital risk in new technology and use cases. IT, operational technology (OT), the Internet of Things (IoT) and physical security technologies will have interdependencies that require a risk-based approach to governance and management.”
Overall, cyber attacks against major corporate and government entities, which rose by 40 percent globally in 2014, show no sign of letting up, as indicated by the massive records hack of the US Government’s Office Of Personnel Management earlier this month. Scary stuff indeed! In response, IT departments everywhere are doing what IT departments traditionally do - mounting as many guns on the wall as possible to prevent outside malicious assaults on their company’s digital assets. Taking this step, they believe, is the best means of mitigating digital risk. But they’re wrong.
OK, let’s just say they’re half-wrong. External cyber attacks are of course a huge driver of digital risk. But, that’s just half of the problem. Digital risk is not just generated by the barbarians at the gate of your digital castle. The same threat can exist inside your walls, and launched when you least expect it by your own trusted employees. How? Let’s take a deep breath and a step back first.
From my experience of working with organizations of all sizes and levels of sophistication over the past 20 years, I have learned a simple truth. One of the biggest risks to your company is human behavior. That behavior is almost never malicious in its intent; indeed, a lack of knowledge or the “oops factor” is more often than not the cause of any resulting damage. However, in today’s digital business world, any mistake can be immediately amplified a thousand fold. With the absence of any clear internal oversight of ad-hoc digital activities within your company, it’s just a matter of time before these activities compromise online quality. The potential fallout then can range from public embarrassment to a regulatory violation, both of which can cost you dearly.
So, what to do? The best way to manage internal digital risk is by implementing a digital governance framework that establishes accountability, formal roles, and decision-making authority for your organization’s digital presence—your websites, mobile apps, social channels, or any other Web-enabled products or services. By adopting such a framework, risky digital behavior within your walls can be anticipated and managed. By extension, the application of digital governance to your organization can open the door to greater value by promoting a low-risk and a high-value environment.
How can you begin down this path to mitigating internal digital risk while building greater value for your organization? Here are a few tips to get you started.
To mitigate internal digital risk:
The first step is to get organized! Start by clearly understanding the structure and scope of your digital presence as well as that of of your digital team:
- Where are your digital assets? How many websites do you have? Where are they hosted? How many social channels do you have? How many mobile apps are running?
- Next, who’s touching or managing those assets? Do they have the authority to do so? Where are these employees located in your organization?
Take a mature approach to your digital policies and standards:
- Understand which policies your organization must adopt and enforce, and maintain an informed position toward them.
- Develop a unique digital DNA for your organization through a logical system of standards that informs your online identity. Such standards will allow you to scale your digital presence with consistency and quality.
To build greater value:
Ensure that you have a digital strategy in place that includes:
- Guiding principles that give your employees a clear picture of your company’s digital business goals and values.
- Performance objectives that are tied directly to your company’s definition of digital success.
Put the right resources in place to inform that strategy:
- The right team of people who have the analytic insight, vision, and authority to develop your strategy.
- The right tools and platforms to monitor your operations and provide the metrics you need to inform strategy and guide decision-making.
My point is this: Digital risk is porous in that it can impact your organization from without and within. Unfortunately, no matter how many cybersecurity measures your IT department put into place, it cannot protect your organization from internal risky behavior. However, digital governance can.
Lisa is the leading advocate for digital governance and author of the popular new book, Managing Chaos: Digital Governance by Design.