Information technology risk, IT risk, IT-related risk, or Cyber Risk is any risk related to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization’s business processes or mission, ranging from inconsequential to catastrophic in scale.
- General IT threats
General threats to IT systems and data include:
- hardware and software failure – such as power loss or data corruption
- malware – malicious software designed to disrupt computer operation
- viruses – computer code that can copy itself and spread from one computer to another, often disrupting computer operationsspam, scams and phishing
- unsolicited email that seeks to fool people into revealing personal details or buying fraudulent goods
- human error – incorrect data processing, careless data disposal, or accidental opening of infected email attachments.
2. Criminal IT threats
Specific or targeted criminal threats to IT systems and data include:
- hackers – people who illegally break into computer systems
- fraud – using a computer to alter data for illegal benefit
- passwords theft – often a target for malicious hackers
- denial-of-service – online attacks that prevent website access for authorised users
- security breaches – includes physical break-ins as well as online intrusion
- staff dishonesty – theft of data or sensitive information, such as customer details.
3. Natural disasters and IT systems
Natural disasters such as fire, cyclone and floods also present risks to IT systems, data and infrastructure. Damage to buildings and computer hardware can result in loss or corruption of customer records/transactions.
Reducing information technology risks
Threats and risks to information technology (IT) systems and data are an everyday reality for most modern businesses. You should put in place measures to protect your systems and data against theft and hackers
1. Practical steps to improve IT security
To help protect your IT systems and data you should:
- secure computers, servers and wireless networks
- use anti-virus and anti-spyware protection, and firewalls
- regularly update software to the latest versions
- use data backups that include off-site or remote storage
- secure your passwords
- train staff in IT policies and procedures
- understand legal obligations for online business.
2. Create a secure online presence
If your business has an online presence, you should assess the security of your website, email accounts, online banking accounts and social media profiles.
For example, secure socket layer (SSL) technology is used to encrypt transaction data and to send customer and card details to the acquiring bank for authorisation. You should ensure any web hosting solution you consider is capable of supporting the SSL protocol.
3. Induction and IT training for staff
Training new and existing staff in your IT policies, procedures and codes of conduct is an important component of IT risk management strategies. Training can cover key business processes and policies, such as:
- safe handling of infected email
- protecting the privacy of customer details
- priority actions in the event of an online security breach.
As an employer you have legal obligations when training staff. Providing support and training for new employees is a critical aspect of staff training. Read more about staff inductions and staff training.
4. Business insurance
It is impossible for a business to prevent or avoid all IT risks and threats. This makes business insurance an essential part of IT risk management and recovery planning. You should regularly review and update your insurance, especially in light of new or emerging IT risks, such as the increasing use of personal mobile devices for workplace activities.