Data Security - Part 6 - Fill It - Shut It - Forget It! - Secure Sensitive & Confidential Data

TECHNOLOGY

August, 2018,Posted by: V

Data Security - Fill It - Shut It - Forget It!

This is the sixth of a series of articles on data security. This time we will discuss why securing sensitive data cannot be a one time process. It's an ongoing one as long as you have data to protect!

FILL IT - SHUT IT - FORGET IT!

These were the catchy words in an advertisement for a bike which offered very high mileage. Most businesses and organizations consider data security the same way. Most businesses consider this as one-time deal, that if they have some security in place they do not have to look back and can continue with their business as usual.
Unfortunately, this is far from the truth. No matter how good and strong security systems and policies are in place, they need to be constantly visited, reviewed and overhauled.
Data security requirements are constantly changing with the ever-varying method of attacks, breaches, vulnerabilities, etc.
I used to always say that a computer is the dumbest machine ever built. It just does exactly what it is told to do. It’s still quite true. No doubt with the advent of hardware technology and advances computer programming these devices perform billions of complex tasks in nanoseconds a giant leap for mankind. Computers run businesses, process millions of bits of data in seconds, allow global financial transactions, control power distribution to almost anything and everything under and over the sun.
Do not depend on and 100% trust a computer system totally. Always personally make double sure that proper manual alternate system is in place and does what it is supposed to do. Being prepared for and planning for a major data breach or ransomware attacks can make or break a business or an organization. Proper planning and processes in place can mean between total chaos and bankruptcy to a long term successful running of an organization or a business.

PROCESS & DOCUMENTATION

Yes, yes this is boring and nobody likes to do it. However, it is crucial for any organization’s survival to have absolutely detailed process and comprehensive documentation.
Highly detailed process on access, controls, changes etc. should be clearly documented. Everything should be mandated to go through change control, even in the smallest of businesses. Unless all crucial security and access changes are documented and controlled, tiny leakages grow into a large burst and then it will be too late.
Of course, it is understood that these processes and documents should itself be guarded and secure!
Best is to use specialized tools and software to manage the processes and change controls. This helps to easily track, audit and go back in time to analyze which helps a great deal when that one major problem occurs. It is not necessary to use high-tech complex tools, even simpler ones will work, as long as they are used properly and correctly.
Consider all this as an insurance policy. Hope that you never need it, but if you do, you will be glad you had the coverage.
Talking about insurance, do consult a few experts and obtain proper insurance cover that protects you and your business not only from data loss but also from liability claims. At the same time, do not go overboard in obtaining excessive coverage which will never be required and is a complete waste of premiums paid.