How to Crisis-Proof Your Data Management in 8 Steps
Company shutdowns, mass layoffs, pandemics, wars—unfortunately, we're no strangers to these types of crises. Knowing how to maintain business operations and communications with stakeholders during turbulent times is an important skill—and data plays an important role therein.
This role is twofold. First, it is critical to have timely and accurate information to make informed decisions, coordinate response efforts, and assess the potential impact of the crisis on the business, its employees, and customers.
Second, it is equally important to know how to handle and protect business-critical data if a crisis does occur.
To do both effectively, proper data-management protocols must be in place.
A data-management strategy should encompass data access, storage, security, backup, retention, and disposal. Any company that collects and stores critical and sensitive data should have a clear data-management policy in place; this need is heightened in the face of a crisis.
Strong data management aids with decision making, resource allocation, and response. It also ensures that business-critical data is kept safe from leakage, loss, or theft when companies are at their most vulnerable. Data-management policies should be regularly reviewed and updated to ensure they reflect the current business environment and remain relevant.
Here are several steps companies should take to build a crisis-proof data-management strategy.
Continuously Identify and Classify All Data
With data spread across many files, databases, and clouds, it's important to have a holistic view. Without this view, business alignment is inefficient and crisis-response times may be slow.
Start by identifying any critical and sensitive data that needs to be preserved in the event of a crisis—including financial records, employee records, customer data, intellectual property, and any other data as required by law or regulation. Then, classify this data according to its sensitivity and criticality.
Taking this approach will help you to determine the appropriate level of security and access controls needed to protect various data in advance of a crisis. Identification and classification should not be done during a crisis; this should be an ongoing, proactive practice.
Keep Data Accessible but Secure
Easily accessing data is necessary to make informed decisions and respond readily during a crisis. But companies are often most vulnerable during times like these. Steps need to be taken to ensure data does not fall into the wrong hands.
It is best practice, therefore, to implement a just-in-time approach to data access that grants authorization based on employee roles, business context, and data-usage needs—and revokes authorization when access is no longer required.
Adding additional security layers on top of access controls—including encryption and backup-and-recovery procedures—will further protect data from unauthorized access, modification, or loss.
Consistently Validate Data Quality
To realize the full power of data, it needs to be accurate, complete, and up to date. But as the number and variety of data sources increase, there is a higher probability of errors, redundancies, and missing data.
Data validation and data cleansing can help maintain data quality and integrity at all times. This way, if a crisis occurs, you know the data you are using to inform your response is the best possible data.
- Removing duplicate or irrelevant data
- Standardizing data collection for dates, capitalizations, and the like
- Identifying and correcting inconsistent or inaccurate data
- Translating languages
- Validating data such as email addresses or phone numbers for proper formatting
- Addressing missing values are examples of important data cleansing and validation activities.
Have a Data-Recovery Plan in Place
It's important to have a data-recovery plan already in place in the event of a crisis or company shutdown. Start by establishing procedures to ensure lost data can be recovered. Detail how frequently different types of data should be backed up and what steps to take for recovery.
From there, make multiple backups of your most business-critical data and store them in secure locations.
Have a Communication Plan in Place
In the event of a crisis, you'll want to notify all stakeholders—including employees, customers, partners, and regulators—about it. As part of this, you'll want to be prepared to outline the steps being taken to preserve company data and provide clear instructions on how stakeholders can access their data and any other relevant information.
Consider How to Dispose of Data
In the dire event of a permanent company shutdown, develop a plan for disposing of non-critical data securely—including the destruction of physical storage devices and deletion of electronic data.
This includes identifying when data is no longer needed, how long it should be retained, and how it should be disposed of securely.
Regularly Audit to Ensure Regulatory Compliance
By regularly auditing your data-management practices, you can identify any persisting issues and ensure compliance with regulations regarding data access, sharing, security, preservation, and disposal.
Don't Forget Training and Awareness
Train staff on data-management procedures—especially data-access policies and security best practices. This ensures that, in the event of a crisis, everyone within an organization is aware of their responsibilities with regard to how data is handled.
Effective data management is critical in the event of a company crisis not only to help aid response and communication efforts, but also to ensure that critical data is preserved and secured. While these steps may sound overwhelming, modern tools and technologies can help automate and streamline the process. By taking these steps, organizations can effectively manage their data to protect it from unauthorized access, safeguard the interests of stakeholders, and ensure data accuracy and integrity.