Back to overview

Ensure Your IR Data Is Safe and Secure

Does working in the cloud pose a security risk for IR managers? We provide the answer and offer practical tips

by Viviane Joynes 3 min

    Working in the cloud has become the norm. This applies to our personal lives where we use IT services such as data storage and computing capacity (through providers such as Dropbox, iCloud, and Google Drive) and in the business environment too. According to Right Scale’s annual State of the Cloud Report for 2019, 91% of businesses used the public cloud and 72% used a private one. Our traditional office suites of tools, CRM applications and data storage are more often than not in the cloud.

    Ensuring that the cloud is secure is essential. Investor Relations involves the processing of particularly sensitive information so reassurances about how data is being stored and the standards and processes in place are very important.

    Today it’s cloud or nothing

    Business applications on the cloud are often developed as ‘secure by design’. Access restrictions, safeguarding against failure, backups and ISO certifications, to name a few features ensure that data is securely and safely stored. The alternative – where a company implements an on premises solution – is associated with high costs and potentially additional risk. Therefore most companies now opt for cloud-based solutions.

    Sensitive information is secure in the cloud

    41% of companies surveyed by the Cloud Monitor 2020 store sensitive business data in the cloud, with large corporations leading the way. The survey also revealed a large divide between the views of cloud users and those of non-cloud users with regard to security. Cloud users rate security in the cloud as particularly high.

    Even so, European cloud operators should adhere to certain requirements:

    1. Sensitive data is only processed within the EU. This is because standards here are particularly high, due to GDPR for example.
    2. The provider is regularly audited. ISO guideline 27001 is the current standard.
    3. Their high availability attributes are reviewed and documented. This includes, for example, precautions with regard to theft, fire and water damage, as well as measures they take to ensure a constant power supply.
    4. The hardware used is subjected to regular load and stress tests to ensure sufficient resilience, and disaster recovery tests should be performed regularly to ensure low downtime in the event of an emergency.
    5. Data is always encrypted during transmission. A 128-bit SSL channel is the typical standard.
    6. Critical data is only stored in encrypted form. Experts recommend the encryption standard AES-256.

    Ensure employees understand their responsibilities

    While ensuring that the cloud is secure is important, it doesn’t count for anything if there is poor data security hygiene within an organisation. Companies need to ensure that their employees understand their personal responsibilities when it comes to protecting data. A typical example: an employee sends a presentation containing financial data to their private email account so that they can review the document over the weekend. This data has left the secure cloud. Companies should therefore communicate to their employees that the cloud is a secure environment and sensitive data should never leave.

    The security of your data is important to us!

    How our cloud platform meets the highest security and data protection standards

    Read more
    Viviane Joynes
    Viviane Joynes

    Managing Director – EQS Group | Viviane is Managing Director of EQS Group’s UK Business. She has extensive experience of advising UK and European companies on their corporate governance, compliance and IR practices. Prior to joining EQS her roles included heading up the IR Services at Capita Asset Services (now Link Asset Services) and being Managing Partner of a corporate governance and communications consultancy.