May 22, 2019

Internal Security Risk Assessment Guide

Whether your organisation is big or small, it still holds copious amounts of confidential information which may attract criminals such as data mongers and data thieves. Coincidentally, there were also recent reports that 34% of Singapore’s organisations were plagued by data loss over the last one year[1].

Many are surprised to find out that a large majority of data breaches are caused by internal sources, such as employees being negligent in day-to-day processes and complacency towards data security. Therefore, it is important for organisations to conduct regular risk assessments to identify any possible areas that may pose a problem.

Why is There a Need to Conduct Risk Assessments?

By conducting a risk assessment, organisations are able to identify risk areas and determine if the workplace is liable for a data breach. A risk assessment will also provide organisations with the opportunity to implement new data security practices and tips which can be used by every employee. Regular assessments also act as a form of prevention from data breaches, ensuring that organisations are compliant with the Personal Data Protection Commission (PDPC) and the General Data Protection Regulation (GDPR). In turn, this could potentially save companies from monetary and reputational loss.

How to Conduct a Risk Assessment

Made mandatory by the Personal Data Protection Act (PDPA), organisations in Singapore need to appoint a Data Protection Officer (DPO) to oversee the organisation’s data protection practices. As part of their responsibility, the DPO is required to review each operation and process which takes place within the organisation. The review should analyse how the organisation collects and stores confidential data and its disposal methods.

Following the review, improvements and more effective data security processes should be implemented. Organisations should also implement sound policies and thorough checks and balances to keep employees in-check whilst carrying out their daily operations. In addition to that, it is recommended that DPO introduce improved data security methods, such as a Shred-it All Policy and a Clean Desk Policy. It is also pertinent for organisations to conduct regular refresher sessions with employees on best data security practices to ensure that new employees are well-versed with the organisation’s data security protocols.

While DPOs act as an additional line of defense within an organisation, each employee plays an important role in ensuring data security. A secure environment at work not only keeps you compliant, but also provides you with a peace of mind.

Start Protecting Your Business
An organisation that integrates data protection into its business processes can help reduce the risk of a data breach. Learn more about how Shred-it can protect your documents and hard-drives by contacting us for a free quote and a security risk assessment.

[1]The Straits Times. 2019. Data loss cost S’pore companies $1.9m over 12 months: Report. [ONLINE] Available at: [Accessed 5 April 2019]