Cyber experts like former Federal CISO Gregory Touhill feel that managing risk is paramount to, and more effective than, trying to defend everything, data-wise. He goes so far as to quote Frederick the Great, saying, “He who defends everything defends nothing.” That thought definitely applies to protecting sensitive data.
Defense of sensitive data is top of mind for anyone who’s seen ransomware take down systems, destroy businesses and sideswipe the lives of the people whose privacy is violated. A systematic approach to sensitive data identification and defense is needed.
Understand how to classify your data. Identify what data is sensitive and what data isn’t. What’s valuable, what isn’t. You can reduce cost and more effectively manage risk if you focus on protection of the most valuable, most sensitive data.
Know where your sensitive data lives. It’s not tangible and anchored to one place. Data can be in the cloud and on your desktop at the same time. Every place it touches places it at risk.
Have a practiced, tested, data contingency plan (aka cyber response or security incident response plan). When you have a data breach, know exactly what you need to do, where, with what and through whom.
Create a well-defined cyberstrategy that includes a cybersecurity and information management platform. Pull it all together into one system: documentation, plans, access protocols, assets, task assignments, security updates, and patches.
Educate your employees, above all. They need to know where the data lives, why access isn’t the same for everyone, and very clearly, what authorized and unauthorized access means.
[av_button label='Free eBook: Why and How to Secure Your Data ' link='page,11919' link_target='_blank' size='large' position='center' label_display='' icon_select='no' icon='ue800' font='entypo-fontello' color='theme-color' custom_bg='#444444' custom_font='#ffffff' av_uid='av-11q8j0d' admin_preview_bg='']
How are you identifying which data needs the highest level of protection? Remember, when you try to protect everything the same way, something slips between the cracks that shouldn’t. Instead, get strategic about identification, data breach risk management and overall data defense.
Not all data is equal - just like not all risk comes from a place of malice. It’s simply up to us to identify the data most attractive to hackers and make it the focus of defense efforts from the top down. We can take this as reassurance, that according to Touhill, “…as defenders, we're not as bad as we sometimes think we are.”
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.