Data, Data, Data—must be phenomenal or something precious because there’s no end to conversations about how to get, analyze, or protect it. We’re witnessing a strong and growing appetite for enterprise data all over the world, and according to some estimates, the increased proliferation of IT assets will see the data we create every year hit 44 trillion gigabytes by 2020. Sadly, the digital universe is not 100% safe, and the information it holds continues to face every kind of cyber threat imaginable today!
But before discussing cybersecurity, just how vital or invaluable is your enterprise data? It all depends on two main things: what you’re getting from exploiting it, and how much it’d cost were you to lose it! If you’re like many enterprises harvesting data from numerous structured and unstructured sources, you’re certainly looking to extract invaluable business insights with the ultimate objective of driving sales. Today, data analytics can help your company grow its revenue in ways such as:
- Optimizing pricing
- Increasing customer conversions and responsiveness
- Perfecting go-to-market strategies
- Refining search engine optimization (SEO), mobile, and email marketing tactics
- Driving customer value
- Enhancing customer relationships
- Improving data security
On the other hand, losing your data can have far-reaching financial and legal ramifications. A 2017 study by Ponemon Institute found the average cost of a stolen or destroyed record to be $141. Now, multiply that figure by the thousands, tens of thousands, or even hundreds of thousands of customer records in your database! If somebody were to access your entire database illegally, the potential financial loss would be mind-boggling. Keep in mind that your staff information, critical business insights, and trade secrets are also worth good money in the black market, making them highly vulnerable to data breach.
Even if you were to recover all the data you lost in a typical breach, you’d still have to confront some potentially costly legal realities related to data compliance. For example, the US Federal Trade Commission (FTC) slapped VTech with a $650,000 fine over poor data security practices. Today, under the General Data Protection Regulation (GDPR), the EU may fine any company up to 4% of annual worldwide revenue for violating personal data security rules.
Quite clearly, it’s in your best financial and legal interests to lock all your company and customer data in a secure “vault” that only authorized persons can access. Here are the top practices for guarding against enterprise data loss and inadvertent disclosure:
1. Know Where Your Data Is
So, what’s the origin of all your exponentially-growing data? Is it social media, your business website, email, collaboration systems, heterogeneous databases, or cloud-hosted file-sharing platforms? The answers to these questions should form the foundation of your data security practices. Through discovery processes, track your structured and unstructured data sources, and determine what’s in there. To do that, you’ll need to use data discovery tools capable of scanning your entire digital footprint and endpoints.
2. Know What Type Your Data Is
After tracking your data, classify it. Classification is the processes of figuring out data types, such as Social Security numbers (SSNs). Who else values your data and, therefore, may want to steal it? How might inadvertent disclosure affect the victim? Answers to these questions will help you establish how sensitive each data type is.
If you’re also categorizing semi-structured data, techniques like fuzzy logic or syntactic analysis may help. Likewise, some classification algorithms may identify sensitive data based on certain predetermined trends, behaviors, or traditions associated with customers.
In a nutshell, data discovery and classification helps:
- Implement context-sensitive safeguards, including user authentication and authorization controls
- Put in place context-sensitive disaster recovery measures
- Carry out context-sensitive user-tracking and security audits
3. Execute an IT Security Risk Assessment
After determining where your data is, it’s time to figure out how secure it is. The practice involves evaluating, identifying, and changing your company’s general data security posture to fix existing vulnerabilities and address data compliance concerns. A thorough IT security assessment must cover:
- Physical IT infrastructure, including mobile devices, data centers, and IP-based business communication systems
- Platforms available to the public, such as business websites
- Operating systems
- Data repositories and servers
- Local Area Networks (LANs)
- All software (both on-premise and cloud-based solutions)
To identify specific data security threats in your organization, evaluate the security systems and solutions currently in use. These may include:
- Anti-spam protocols
- User authentication and authorization mechanisms
- Encryption technology
- Network monitoring tools
- Anti-hacking measures
It’s also imperative to analyze workflows and IT processes within your organization. Don’t forget to assess your level of compliance with government laws and regulations regarding personal data security.
Equally important, assess the current level of security awareness among your employees. Are they fully committed to the cause? What’s the likelihood of an inadvertent breach of confidentially occurring, such as after an employee accesses your office network from their unprotected personal device? What are the security protocols in place to ensure that customers and vendors interacting with your system do not pose a significant threat to your data?
4. Engage the Pros
Any small or medium-sized enterprise may stretch its resources quickly trying to secure the sheer volume of data flowing in at unprecedented speed. Tracking different potentially disjointed repositories while complying with personal data security regulations may also overwhelm many in-house data controllers. This is where data loss prevention experts usually come in. At Kraft Technology Group, we offer a range of cost-effective cybersecurity solutions to enterprises across diverse industries. You can count on us when you need help tracking, identifying, and securing your data, no matter its source or size. We’re conversant with the latest industry regulations for data protection, including HIPAA, GDPR, and GLBA, and we can help you comply. Contact us right away regarding your cybersecurity needs!
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.