Data Security - Introduction to Secure Sensitive & Confidential Data

TECHNOLOGY

July, 2018,Posted by: V

Data Security - An introduction and a start

"Easier said than done" is probably one of the most used and most apprehensive sayings ever. In the case of data security, it is neither easy nor ever done! In this age of computers and electronic data storage, the security of confidential and sensitive data has become extremely challenging. Even with the best strategies and processes, data breaches are almost a daily thing these days. This is true for a corporation holding millions of pieces of information, small and medium sized businesses managing thousands of clients as well as for individuals with one computer and one smartphone.
When most people think about data breaches or ransomware attacks, they almost always consider large corporations and businesses. This notion is absolutely nowhere close to the truth. Every business, company, organization and individual computers are prone to hacking, data breaches. Ransomware attacks. Every company, business, entity, organization, individual needs to work towards safeguarding and securing their data on a regular basis.
The two best ways to secure computer or electronic data are:
1. Not to store any data on individual computers, laptops or servers, whether local or on the cloud.
2. Pull all the plugs and connectors from the servers and lock them up in a closet.
Though all this may sound far fetching or impractical, there is nothing further from truth. In most cases, it is not if, but when the systems will be breached and compromised resulting in theft of precious and sensitive data.
However, in this fast-paced high-tech world, there is little choice, if any, to keep confidential & sensitive data anywhere but on computers.
Let us look at some options that will help prevent a major disaster and possibly loss of data, reputation and costs.
There are numerous considerations for data security and safeguarding from cyber-crimes. To keep the article and blog "readable" it has been broken down into multiple parts.

IDENTIFY

First and foremost, identify what digital or electronic data needs to be safeguarded. A business or organization may have millions of pieces of data that can be safely published to the whole world without any potential issues. The important factor is to clearly identify and document exactly which data is highly sensitive or confidential, like data sets containing identifying information, pieces that can cause grave harm to the business or their customers if stolen or leaked, intellectual property [IP] etc.
Once the data to be safeguarded has been identified the business or an organization should convey this critical information with full clarity to their employees and vendors. The very first battle against data theft is already won.
This helps the company not only to prevent wastage of resources on over securing and managing non-essential or "public" data but also help save considerable amount of costs securing only the sensitive data.
A quick couple of identifiers here will be savings on highly encrypted drives and crucial CPU resources to encrypt and decrypt accessed data. Add to this encrypted and secure backups and offsite locations.

WHERE TO START?

Next and immediate action item is for the business or the organization to start laying down policies to secure the sensitive data. Policies and Standard Operating Procedures (SOPs) go a very long way to establish a robust system to secure sensitive digital data. Proper planning helps easier implementation.
Any digital data or a subset of the same, if vulnerable, can potentially bring the entire organization to its heels.
These policies need to be reviewed, updated regularly and sanitized as often as practically possible.
Policies & SOPs that mandate securing and encrypting all sensitive digital data at rest, being stored or that which is moved across networks, ensure minimal possibilities of compromising. Even data that is moved within internal network needs to be encrypted. More about this later.
A properly evaluated and invested risk assessment process can be the foundation of a successful business.