- December 10, 2020
- Catagory Data Protection
The trick to protecting sensitive data is understanding not all business information must be protected.
Even organizations that understand the need for robust information security spend heavily on software and hardware without measuring its return on investment (ROI), only to still fail at safeguarding the most sensitive information that’s the lifeblood of their business because they failed to define what it is before apply security controls.
If you want to adequately protect your most valuable data, you must understand which business information is most critical to your bottom line.
Not all data is equal
It’s seems counter-intuitive, but the reason information security often fails to protect sensitive data is the mistaken belief that all information must be protected equally. Even before the pandemic and remote work became the norm, distributed workers, branch offices, mobile devices, and the evolving Internet of Things (IoT) meant organizations have had to become smarter about how they secure sensitive data. Now it’s more important than ever to make the business case for information security.
The business case isn’t a request for a bigger information security or more technology. Rather, it’s about identifying sensitive data, understanding its value, and being clear about what’s necessary to protect it. You need to operationalize a change in mindset that delivers ROI and protects the sensitive data that powers your business. However, it can be difficult for organizations to step back and understand what data is the most valuable when it’s growing exponentially.
One thing is for certain, however: Trying to protect every single bit of data equally isn’t cost effective.
Sensitive data must be defined to be protected
If organizations are to marshal their information security resources effectively, they must narrow their scope and define what constitutes sensitive information. While the definition can be guided by compliance and regulator obligations, it’s just as important to figure what data constitutes as a critical asset to the business.
Just as a fleet of trucks are critical assets for a transportation company, every business today has stored information that is critical to daily operations—that’s the sensitive data that must be protected. Otherwise, there are financial repercussions in the form of lost competitive advantage and fines for non-compliance, both of which lead to lost revenue, as do settlements from litigation and damaged reputations.
While compliance obligations and privacy legislation do dictate that some information be prioritized by information security strategies, they’re just the beginning. A healthcare organization that may have all their patient data effectively secured but not have all their research data protected—it’s just as valuable as it may support patent application or attract grant money, and has the potential to generate revenue. Personally Identifiable Information (PII) is always an obvious candidate for protection because compliance and regulatory frameworks deem it as sensitive, but intellectual property or data that’s essential to running your business is just as critical.
Treat sensitive data like a business asset
If you want get ROI from your information security spending, you need to think differently. You must understand your data on a deeper level so you can assign a value to it. There’s plenty of information residing in your organization that won’t cripple your organization if it’s lost. But your sensitive data must be assigned appropriate valuations that will be the of a business case for information security spending.
Getting an ROI on your information security spending is about anticipating incidents that haven’t happened yet, much like an insurance company considers the likelihood of natural disasters. To determine sensitive data and its value, you must weigh the cost of the protections you put in place with the financial impact of any breach and its likely frequency.
The simplest approach its to categorize data in three ways: data can be shared freely; sensitive data that can be shared with certain audiences in specific ways, and data that must remain confidential to the organization and never shared. The process of segmented and prioritizing data enables to apply the appropriate information security controls, so you understand the complete lifecycle of all data and adequately protect it based on the repercussions of losing it.
Treating sensitive data like a business asset enables you to make the case for information security so ROI can be effectively measured so can protect these valuable assets as you would any other important investment.
- May 9, 2019
When technology fails, businesses go under. And if you’re like most organizations today, your business continuity is dependent on communications and networking infrastructure that carries the lifeblood of your business—data.
Your employees can’t serve your customers without it, nor can your mission critical applications continue to run. And for many businesses, a few days of downtime can meet shutting the doors. It’s essential to ensure maximum uptime so even if you do encounter a disruption, your customers never notice.
For small and medium-sized businesses, putting the checks and balances in place to guarantee business continuity can be overwhelming, and partnering with a managed services provider can ease the burden. Regardless of whether you outsource or scale up your IT team internally, there are four key ingredients you will need.
It doesn’t matter whether it’s through malicious intent or natural disaster—losing mission-critical data means a business can grind to a halt. You need a protection plan that encompasses all applications, files and databases to protect data in the event of human error, systems failure or corruption. This should include offsite data backup and recovery with comprehensive business continuity planning.
Safeguarding data not only means protecting where it’s used and stored, but also while it’s in transit. Even if you don’t take advantage of a managed service provider’s expertise, you likely have data moving in and out of your primary location to cloud-based services, field offices or remote users. Securing these connections safeguards mission-critical data and applications, maintains service and performance targets, and protects against malicious threats.
Maintaining all devices and equipment, including Wi-Fi endpoints, can be a daunting task and can monopolize the time of your IT staff. Outsourcing to a managed services provider who employs a predicative care model means you don’t have to worry about asset tracking, paying for onsite labour for repairs and replacement, or tangling with multiple vendors to get things reconfigured or fixed.
24 X 7 Support and Monitoring
Predicative care for devices can be complemented with comprehensive support and monitoring by a managed service provider, enabling you to tap a team of skilled support people across multiple shifts to cover your business users and their applications. Proactive monitoring keeps a watchful eye on your environment to prevent any potential issues that could lead a disruption.
Ensuring business continuity requires a lot of proactive planning and IT resources, but it’s better to invest the time and energy into preventative measures than paying the high cost of not doing it. A managed IT services provider can help you keep your business running smoothly by avoiding common errors and providing around-the-clock coverage with properly skilled staff.
If you haven’t begun to think about disaster recovery planning or feel your plan needs an update, check out our Disaster Recovery Primer.