Protect your data! Use these five key steps
By: David Nelms
Regardless of company size or industry, public or privately held, highly regulated or not, your company’s data is one of your most critical assets. Unfortunately, data can be lost in many ways, ranging from malicious breaches to accidental deletion. All organizations need to be prepared for numerous situations, especially with many employees working from home. Data loss or misuse can not only impact ongoing operations; it can also result in legal, financial, and reputational issues.
To help your organization mitigate risks and protect your data, we recommend the following five steps:
1. Classify Information
Classifying your information according to its type, sensitivity, and value to the organization is critical. This step helps ensure that you have processes and controls to manage each type of information appropriately. It will also help with any required compliance for industry-specific regulatory mandates. Examples of common categories organizations use are: (1) Protected (e.g., Personal information), (2) Confidential, (3) Sensitive, and (4) Public.
Identify the information you have and make sure you know where it is located; consider electronic and hard copies when necessary. This measure will protect you from misplacing any critical information, which often happens when there isn’t control over the data.
2. Assess Risks
Identify how you could potentially lose data and ways it could be misused, the likelihood of each scenario happening, and the potential business impact associated with each issue. When assessing risks, consider both internal and external vulnerabilities. Potential vulnerabilities may include:
- Environmental issues – Severe weather or water damage
- Technical issues- System crashes, unpatched software with security vulnerabilities, and weak passwords
- Human error- Hackers or employees falling for fishing scams
Train employees regularly, especially whenever significant changes are made.
3. Establish Policies
Create appropriate policies that define how you will protect your data and set expectations for how employees, contractors, or vendors treat, handle, and protect your Information. Ensure these policies consider who can access your data, where they can access it, and where they can keep it. At a minimum, review your policies annually.
4. Create & Test Controls
Implement security controls to prevent, reduce or detect security risks. These layers of protection can be manual or systematic. Systematically enforced controls are generally better, and multiple or multilayer safeguards typically provide the best protection.
Organizations need to evaluate all their basic controls. Here are three examples: firewalls, strong passwords, and well-structured data backups. Multi-factor authentication, data encryption, and data masking are additional examples of ways to protect confidential information. Ensure your controls protect against both expected and unexpected events.
Periodically test the strength of your controls and revise them as necessary to adapt to evolving risks. Please don’t assume that your methods to protect your data are working without verifying.
5. Provide Education
Accidental loss of data is one of the biggest threats to most organizations. Continually educate your employees about the prevalence of malware, ransomware, and other threats to your data! Make sure you regularly train all team members to make sure they understand risks and follow your policies. Don’t let complacency result in business disruption.
//
Data security should be a top priority for all business leaders. While no company can fully protect against all risks, all businesses must implement a reasonable level of policies and controls to protect their most vital Information.
**
If you have any questions or seek further clarification on how to best protect your data, please call David Nelms at 804-513-6581. The professionals at Warren Whitney are grateful for the opportunity to support you and your business. Our fractional assistance and project work can help you think through decisions and execute the strategies. In addition to providing technology consulting services, we can put together cash flow projections, manage HR issues, and devise a strategic plan.
MAKING POTENTIAL HAPPEN
Data Directions Inc.