Cybersecurity took a number of hits in 2017. Companies like Deloitte and Equifax suffered data losses, and the City of Atlanta suffered a debilitating ransomware attack. The need for companies of all sizes to establish strategies for preventing data loss is more important than ever. In addition, it’s an opportunity to transform your IT challenges into business strengths.
Research conducted by Ponemon Institute indicates that 1,579 data leaks were reported in the United States in 2017. That real number is undoubtedly higher since it’s likely that some leaks go unreported. The scope of the issue is clear when Cybersecurity Ventures estimates that the global cost for implementing cybersecurity will reach $1 trillion by 2021.
Preventing data loss is a critical task for organizations of all sizes. Following these tips will give your organization a head start for the future.
1. Define Strategic Objectives
It may seem obvious, but this is an easy step to overlook. Many organizations are focusing on securing access to computers and networks, but in today’s environment, the objectives need to center on data protection. While attacks from external forces are a big issue, you also need to protect against the often-unintentional threats from your own employees. You also need protection from outsiders who look like insiders.
Decide if your data loss prevention needs to focus on complying with regulations, protecting your intellectual property, or meeting compliance requirements from your business partners who demand security to facilitate communication throughout the supply chain.
2. Identify and Locate Relevant Data
Defining strategic objectives will give you the parameters you need to meet. Then, identify the data that you need to protect and determine where it is located.
Typically, the most sensitive data you collect will be individuals’ personal information, but you may also have intellectual property that is sensitive for your organization.
3. Define How Data Moves
It’s important to identify all the ways in which data moves within and outside your organization. Typically, protecting data doesn’t mean simply protecting the databases where the information resides. Find out how people are using that data.
The data may be communicated outside of protected channels, or you may find that the same data is stored in multiple places within the organization due to organizational silos. If that’s the case, it’s a good time to review whether you’ve structured your IT systems to meet your corporate objectives.
4. Define Your Data Loss Prevention Policy
Make sure the policy you define starts with a strategic review of the information you’ve gathered. For example, the GDPR contains hundreds of mandates to cover a variety of data security situations. However, you may find seven core requirements that you need to meet in order to comply, depending on how your organization collects and uses data.
You’ll also need to decide what system changes you need to make to implement the policy. You may stay with the infrastructure that is currently in place. On the other hand, you may need to move to a software-based data center or send more applications to the cloud.
5. Educate the Organization
You’ll need buy-in from any employee who handles protected data. Define employee roles in maintaining a data loss prevention plan. Then, involve those employees in implementing the plan. Explain the serious consequences that result from data leaks and the role each employee plays in keeping the company’s data secure.
Data leaks and intrusions are becoming more and more commonplace. Worse still, there are now more entry points for malicious actors to choose from. That includes network-connected endpoints and improperly secured cloud connections.
There are also other concerns to keep in mind, such as data leaks and breaches through mobile devices, which prompts the need for security-focused BYOD policies. Regardless of the size of your organization, security should be a top priority now more than ever.