Security professionals of today are inundated with headlines about the potential consequences of a data breach. Take, for example, Target, which suffered a massive data breach at the end of 2013, exposing the personal information of 70 million shoppers. Worse yet, the breach occurred at the height of the holiday shopping season, rocking consumer confidence.
This case and many others underscore the fact that protecting data is getting more complex as security professionals work to manage vast amounts of data throughout various physical and virtual locations. So how can you best safeguard your data?
Catalog Assets: Know What Data You're Storing
The first step in protecting critical data is understanding the full extent of what you're storing. All data is important, but it's especially critical to identify and catalog sensitive information. For example, this may include:
- Transaction and account records.
- Customer lists and contracts.
- Personally identifiable information (e.g., Social Security numbers, credit card numbers).
- Proprietary corporate details that are, such as financial documents, marketing plans and trade secrets.
- Employee records.
This list, of course, is endless and unique for every business type. Taking inventory of the types of information that you are storing and identifying which are the most sensitive will assist in implementing the best safeguards.
Identify Where Data Is Stored
The percentage of workers operating remotely has skyrocketed from 9 percent in 1995 to 37 percent now, according to Gallup. This trend presents additional complexity for security professionals, especially when you add other trends -- such as BYOD -- into the equation. In fact, in a recent survey by Tech Pro Research, 74 percent of companies said that they are already using or planning to adopt BYOD. After identifying the types of digital information stored and which are highly sensitive, you must also inventory where that data resides to effectively keep it safe. For example, locations may include:
- Portable drives
- Network drives
- The Cloud
- Mobile devices
After identifying all the locations -- physical and virtual -- security professionals are faced with the important question "OK, now how do we protect this data?"
Protecting data involves safeguarding the exchange of information between all systems, employees, customers and trading partners. For example, an effective security solution should:
- Encrypt important information at rest and in transit.
- Enforce strong password policies.
- Allow you to limit access.
- Include accountability, showing who has accessed data, when, and from what location and device.
- Have multi-factor authentication.
- Leverage safeguards that ensure you are alerted if important data is leaking or stolen.
- Ensure that regular data backups are in place to safeguard data in case of an unexpected event.
Security threats won't be slowing down anytime soon, but advanced security solutions allow organizations to more effectively safeguard business data. As a result, organizations are able to mitigate business risk, reduce liability and provide customers with greater confidence.