Data Security is Vital No Matter How Fast Your Company is Changing
The pandemic exacerbated data security issues – companies made fast business-driven changes, shifts to remote workforces — introducing new data insecurities and weaknesses. Now's the time to revisit data security best practices.
We’re all aware of recent high-profile data breaches in the U.S. The stories were splashed all over the news. The hacked companies lost billions and suffered irreparable damage in lost consumer trust. Think LinkedIn, Facebook, Yahoo, and Marriott International.
The impact of continuous change on a company’s data security posture keeps IT leaders up at night. A recent study by Ponemon Institute of more than 1000 U.S. IT and IT security professionals found that 79% do NOT have high confidence in their security controls, and 70% find it important to continually validate against new threats.
These IT leaders, as well as non-technical leaders overseeing key business initiatives, know there is an evolving data security threat landscape. They are doubling down on their cyber security efforts. The pandemic actually exacerbated the threat issue; companies made fast business-driven changes, most notably the shift to a remote workforce, which introduced new data insecurities and weaknesses.
79% do NOT have high confidence in their security controls, and 70% find it important to continually validate against new threats. - Ponemon Institute
Propeller partners with and advises companies to help strengthen the data vault. You could be a small to midsize company that needs to make sure all your data is secure, or a large company needing to lay out a new security strategy because the current strategy no longer works, or you’ve suffered a data breach. All companies are wise to continually assess their data threat security and perform a thorough audit to discover and shore up what’s not working well.
If you don’t have the internal resources to do the work, we recommend hiring a third-party data security expert to run and report consistent analyses and manage the required fixes.
All companies are wise to continually assess their threat security and perform a thorough audit to discover and shore up what’s not working well.
5 data security best practices to revisit and implement heading into 2022:
1. Manage the data life cycle - Data Lifecycle Management
Data Lifecycle Management (DLM) involves creating a plan for managing all your data from creation through to retirement. To do this, you’ll want to have solid documentation that tells you where all your data lives, how it gets there, and who owns it. Next, you’ll want to document a thorough set of policies for how data flows (or isn’t allowed to flow) through different applications, systems, databases, and storage systems. It is critical to ensure sure you have documented policies for how to keep the data secure for each stage of its life.
Related Content: Tech Delivery and Strategy
2. Create Identity Access Management (IAM) policies, processes, and tools
Within your employee population, it’s important to understand who should have access to different types of data, and who should not, so you can set up your controls. Role-based access will help you segment data access levels to different systems based on the employee’s job type. This restricts access to privileged systems and data ONLY to the people who really need it to get their work done. Finally, it’s important to have IT employee offboarding plans in place so you can efficiently remove accounts if an employee leaves the organization or moves to a different role or another department. Otherwise, lingering abandoned accounts and profiles can be easy targets for hackers and leave you vulnerable to a data breach.
3. Link your IT security and data analyst teams
There is a lot of security benefit that happens when these groups talk and collaborate with each other.
Data analysts can help flag the most important and highly sensitive company data and highlight security priorities. Your IT security team can then document risks and apply the needed measures to reduce vulnerabilities. Not all data holds the same level of importance and criticality. Prioritizing and securing it requires both teams helping each other. It is impossible to mitigate every single risk; as a company, there will be some risks you accept and some you don’t. Your IT security team should document and surface all data threat levels to leadership so they are aware and can accept or take the steps to mitigate.
4. Implement baseline security measures like simple behavioral or human changes
Some data security breaches can be low tech. Your teams need to be aware of social engineering tricks like phishing, smsishing (SMS texting), and shoulder surfing (cafés and remote spaces)! Your employees need to know that the Starbucks network is not a secure network to connect to if they’re working on customer data.
Related Content: Proactively Addressing Security Challenges
Consistently train your employees on proper data security; it’s not a one-time thing. Everyone should be enrolled in data security training when they’re first onboarded, in addition to regular reminders and retraining cadences. Your employees need to know the personal role they play in company data security. Be sure to include physical access to workspaces and work devices in your security policies and management plan. For example, Propeller requires all employees to take security training annually, a good practice with our distributed workforce changes and the constant emergence of novel data threat trends.
Your employees need to know that the Starbucks network is not a secure network to connect to if they’re working on customer data.
5. Stay up to date on evolving data security threats
Threat actors aren’t trying things once and calling it a day, and neither should you!
Data security is your new, ongoing, company-wide priority. Monitor security trends, new software, and new threats to stay in the know and adapt your data security strategy. And keep your software up to date! Remember that software updates don’t just address user experience; patches are critical to making sure your machine is protected against the most recently discovered security risks. Be aware that software considered end-of-life (EOL), can be a security risk. Because patches for vulnerabilities are no longer supported, these systems are easy targets for threat actors.
Related content: Yes, Your Company Data is Probably Vulnerable to Hacking
Today’s reality is that cyber threats are very real, can be seriously damaging, and require an initiative-taking level of threat mitigation. Those tasked with leading the charge to stay ahead of potential threats and breaches can rest assured that they have within their power the resources and proactive steps to create a customized wall of protection around the most critical areas of data weakness — and sleep better at night as a result.
Data Security Summary
Propeller’s Data & Analytics practice helps clients drive the delivery of insights needed to better run their businesses and understand their customers. We position our client teams for success as they evaluate data, build models, and identify trends to drive better predictions.
For more resources around effective cyber security practices and initiatives for your organization, check out our Data & Analytics Practice Page, and contact us to discuss your data security strategy.