Businesses deal with a huge volume of data. Since a major chunk of this information is gathered from external sources like customers, clients, partners, etc., and the rest is generated within for crucial business processes and analysis like records, reports, forecasts, etc., enterprises need to protect this data from loss and theft. Data is an asset for the organisation, and any breach in security can lead to serious repercussions.
- Market reputation could be adversely affected if customer data is leaked.
- Accidental loss of business database may lead the company into a soup.
- Non- compliance with data protection regulations may result in legal complications.
Organisational data is very valuable. It not only provides information about stakeholders and business processes, but also provides meaningful insights that could be beneficial for adversaries. Moreover, critical information from pharmaceutical, aerospace, security, infrastructure, healthcare, and technology companies can be misused to serve ulterior purposes if accessible by the wrong people.
Data compromise can happen at various scales and levels. More often than not, companies become aware of such breaches at a very later stage, when remedial measures, if taken, also cannot make up for the data lost. There have been instances where organisations had no cognizance of crucial business data being leaked and misused for years until hired counter-threat units ran a thorough clean- up.
So how can businesses deal with this problem?
In today’s digital age, every company needs a holistic data security program in place. Good data protection can do more than keep organisational data safe, it can ensure that businesses comply with all the relevant data protection rules and regulations. Thorough data security calls for overall risk management. It requires identifying threats and preparing for contingencies in the event of data loss through theft, system crash, malware infection. It also entails addressing the operational threats data is exposed to, like:
- Fire, power outage, etc.
- Human error like mistakes while processing, unintended data disposal etc.
- Exploits from corporate espionage.
- Other malicious activities.
Identifying the vulnerabilities and developing strategies to overcome the same is the first step towards devising a comprehensive data protection strategy. The various aspects that need to be considered while doing so include:
- Who can access the data
- Who accesses the internet and email systems and how.
- Who should be allowed/restricted from accessing business critical data.
- Should passwords be used? Who should maintain them and how.
- What kind of firewalls and/or anti-malware solutions should be used.
Once the initial framework on which to base the plan is ready, laying down rules becomes easy. Enterprises can then focus on establishing accountability, authentication and authorization procedures for issuing/revoking accounts. They must also specify the method for verification, password creation and audit trail maintenance. Data backup and business continuity planning are also crucial to data protection, as they ensure that data can be safely recovered even after a system failure.
Most importantly, whatever security measures are taken, they must be enforced. The staff must be trained, so they understand, appreciate and follow the rules. Also, companies must have a mechanism in place to detect unwanted activities.
Ranjit is a former Happiest Mind and this content was created and published during his tenure.
