Secure Data Protection
June 06, 2022
Contributed by James Miller, Associate Penetration Tester, DOT Security.
What is data security? In modern business, it is about securing critical information from getting into the wrong hands and ensuring all your company, employee, and customer data. Data breaches can have a devastating impact on businesses, especially those that handle sensitive information every day.
Read on to learn more about data security for businesses and why having a strong cybersecurity strategy is important in protecting that information.
Data security is defined as “the process of maintaining the confidentiality, integrity, and availability of an organization’s data in a manner consistent with the organization’s risk strategy,” by the National Cybersecurity Center of Excellence (NCCoE) brand of the Nation Institute of Standards and Technology (NIST).
This can happen in 3 stages: before, during, and after an incident takes place.
Before the incident: confirm that the security architecture and response plan are in place
During the incident: ensure the organization detects and responds appropriately
After the incident: verify that a plan is in place with the ability to recover effectively and efficiently
The method by which this data was stored has changed over the years as well. From the humble beginnings of handwritten documents stored inside a file cabinet to data files on hard drives to the current cloud storage such as Microsoft’s OneDrive and Google’s Google Drive.
As technology has evolved, the policies and procedures were forced to keep up with cybercriminals attempting to steal sensitive data. This is now known as Data Loss Prevention.
When data was stored in paper documents, the security process started with locked file cabinets. Later, obsolete documents were shredded (and then upgraded to cross shredding) to prevent documents from being stolen from the company garbage. At times, even the data disposal location was secured.
As technology advanced to storing data on hard drives, new ideas were needed. One of the first ideas implemented was file permissions, which allows only authorized people to view files. File encryption emerged next, which made data unintelligible without a cipher to decrypt it.
As mobile technology surfaced, the adoption of biometrics, using physiological data to open or access files, increased. Most recently, cloud technology allows data to be stored at a data center via a third-party provider.
Understanding how data security works and its importance is vital for businesses in today's digital environment, regardless of size and scale.
About 52% of breaches are from a malicious attack, which had a combined direct and indirect average cost of $4.27 million.
Besides the obvious pitfalls associated with losing critical business data, a data breach can result in many other costs, including:
Loss of production
Company trust erosion
Systems locked down with attackers demanding payment to remedy it (ransomware)
Stolen proprietary data like a blueprint or schematic that is in development or production
Possible fines for HIPPA violations to companies in the healthcare industry
Stolen company, customer, or employee data resulting in fraud or identity theft using stolen Personally Identifiable Information (PII)
Managed security services providers (MSSPs) like DOT Security offer a solution to help in all 3 stages: before, during, and after.
It begins with a Risk Audit to check a company’s current security situation. In addition to the risk audit, a Gap Analysis is often performed by compliance experts to determine if a company is still compliant with the necessary government regulations.
When both are done, cybersecurity specialists review the findings to determine the best course of action, including the protocols, software, best practices, and training necessary for your business to stay secure and protect its most valuable data, such as:
Access management to control who can access certain information
Encryption to secure who can view data and protect it during transfers and storage
Endpoint security to secure devices accessing the business network
Awareness training to help your staff understand cyberattacks and how to spot them
With the increase of attacks and data breaches occurring, it is important that company, customer, and employee data all be protected. To do this, businesses need to establish a strong cybersecurity posture that includes cybersecurity best practices, software, and employee education on the importance of data protection.