8 Steps Towards Safer and More Secure Data
Here are eight simple and concrete ways to help you reduce risk, secure data and avoid getting thumped by regulators (not to mention the media and market).
13 June 2014
It seems as if the media has a quota to report at least one major data breach a month. Clearly, there is no shortage of businesses out there with substandard security and data privacy practices. Hackers and phishers always seem able to tap into this vast reservoir and siphon out sensitive information and cash.
In fact, there were 330 data breaches in just the first half of 2014, says the Identity Theft Resource Center, in a recent report, resulting in the exposure of 8.7 million records. Hopefully, yours wasn’t among them.
A Market Black Eye
A data breach is one of the top three incidents that most affect a brand’s image, says a report from the Ponemon Institute, a security consultancy (It’s in good company: The two runners-up were poor customer service and environmental incidents). By now, you should realize that collecting, using or sharing any private information comes with hefty risk.
Those companies ignoring data privacy best practices may find they risk harsh consequences, including being stuck with a huge tab. You should put on your business analyst hat and closely scrutinize every process involved in gathering data – particularly personal information. To effectively reduce risk, evaluate each stage of the information lifecycle and get the right controls in place.
The Eight-step Data Security Program
Does this sound all a bit abstract? Well, here are eight simple and concrete ways to help you reduce risk — and help you avoid getting thumped by regulators (not to mention the news media and the marketplace). Our tips include the following:
- Educate your people. It doesn’t always take a hacker. Lots of info leaks out of the enterprise because of unintentional sharing by the employees themselves. Your employees may not realize how they’re exposing precious and sensitive data. Teach your employees about the importance of security, data privacy and compliance — and make them aware of the potential issues and risks that arise whenever they collect or touch information.
- Do a deep risk assessment dive. It’s impossible to forecast and mitigate data privacy risks without knowing all of the technologies your organization employs. Make sure your information technology and security teams know your technology inside and out, to predict and prevent risk.
- Keep track of your data. Organizations should keep detailed logs of all activity around their data. You should know when information is viewed, as well as when it’s shared — and among whom. You should be able to track the origin of the information, who sent it, who has access to it, who’s seen it, and what its destination will be if it exits your firewall.
- Know your obligations. To do this right, you must know the legal jurisdictions you operate within and what laws you must comply with. You should also learn the best practices in your industry and nation for collecting and handling whatever data types you encounter. Your apps provider should also be able to assist you in your quest for compliance. Needless to say (actually, we need to say it), your data storage and sharing systems provider must also understand and accept all of its lawful obligations.
- Evaluate your collaboration assets. Possibly, when it comes to content and data sharing tools, your employees are dining out because you’re not feeding them the proper technology diet at home. Make sure you currently offer employees the most suitable and secure (and easily adoptable) work apps. Then they won’t go roaming off the organization’s approved list.
Does your current vendor or homegrown system come up lacking? Keep reading.
Shopping for the right tools
- Pick your partner wisely: Out shopping for better collaboration apps? Working with responsible and knowledgeable vendors can ease your burden — a poor partner can make the load much heavier. Not every vendor is appropriate for every situation. Get the partner who is best for you.
- Get down to the document level. Any vendor worth its salt must provide centralized visibility and compliance monitoring capabilities — for the lifetime of every document you own. Before you sign a contract, learn about the available reporting capabilities — make sure the system can provide audit trails, demonstrate compliance and identify security gaps before a breach occurs.
- Identify risks and plan accordingly. Before you ever go live with a data management system, create a formal risk management plan to prepare you to handle data as safely as possible. Also, prepare a plan in case there is a data breach — hopefully, you’ll never have to use it. You can use Privacy Impact Assessments (PIAs) to analyze risks, create and manage data inventories, and apply sensitivity classifications to specific information types.
The Future is in Your Hands
There is a growing need to find new ways and opportunities to share data to increase the bottom line. Proper data privacy protection is also just good business — and should be a priority for every serious company. Knowing, acknowledging and following strong data privacy principles are important steps to build trust among customers, regulators, and employees.
Face it, collaboration technology and processes are going to keep evolving — probably forever. So be sure your enterprise data security program is as strong as it can be, with current controls and policies. That will reduce the chances you’ll be reading about how your company joined the Data-Breach-of-the Month Club.
Meagan Parrish is the Senior Manager of Social Media at Intralinks. She is responsible for social media strategy development and the communications for Intralinks' online communities. Meagan has been creating social media strategies for a variety of companies across verticals for the past several years. She holds Bachelor degrees in Marketing and Finance, with a minor in English Literature.