Oct 17, 2018
Whether its customer payment information, employee data or strategic business intelligence, all organisations handle some form of sensitive information. In order to protect that information, and ensure that it never enters the public domain, it’s essential to take steps to secure your company's sensitive data.
1) Create a Policy for Identifying and Handling Sensitive Data
If an organisation is unable to correctly differentiate between sensitive and non-sensitive information, securing critical data becomes impossible. A codified data policy will outline which types of data are considered sensitive, and define strict processes for identifying, handling and securing different types of data. A three-tiered data classification system can be helpful for differentiating between sensitive and non-sensitive information; with different employee privileges and security measures enacted for each tier of data:
- Restricted: highly sensitive data that could cause severe damage if compromised, requiring the highest level of security and access allowed on a need-to-know basis.
- Private: moderately sensitive data that poses a relatively low risk, requiring fewer security controls and internal access rights.
- Public: Non-sensitive data that poses no risk to an organisation, and requires minimal security and little to no restriction of access
2) Use Encryption to Protect Moving Data
Many organisations understand the importance of securing data within the company network, and implement security measures to protect the perimeter of their IT system and prevent unauthorised access. Whilst this type of Data in Rest security is essential, it needs to be complemented by similarly thorough Data in Motion security measures. Sensitive data is always on the move; being accessed and interacted with by all manner of people and applications. Protecting information as it moves through and between systems requires your organisation to encrypt its data, and protect the information itself, as well as securing its environment.
3) Choose Secure Software For Your Organisation
There’s a huge amount of variance in the security standards used by software developers. Your first-choice piece of software may not follow suitably stringent security procedures, and could increase the likelihood of attackers accessing your sensitive information. This can be a serious problem, especially when handling and storing customer payment information through accounting or CRM software. Thankfully, there are a few basic steps your organisation can take to identify secure software.
4) Improve Password Security
Most sensitive data breaches are caused by a handful of basic information security mistakes. The use of weak passwords is a particularly common problem, and one that can be significantly improved by security training and organisation-wide rollout of a password management application.
5) Don’t Ignore BYOD
BYOD (Bring Your Own Device) is a growing part of working life – and whilst it brings benefits to productivity and cost-effectiveness, it can also expose sensitive data. It’s good practice to create a BYOD policy, and take steps to prevent sensitive data from being accessed and stored on personal devices.
6) Enforce Organisation-Wide Security Adoption
Many attackers choose to target members of the C-suite, due to the likelihood of directors having access to high-value assets and data. These same directors are often granted greater autonomy and freedom of movement through sensitive systems, and may not adhere to the same security practices as their employees. To prevent attackers from gaining easy-access to sensitive information through this channel, it’s essential that security practices are understood and adhered to throughout an organisation’s infrastructure.
7) Develop a Culture of Security Awareness and Education
Your own employees are your most valuable security asset. Creating a culture of security awareness will help employees identify potential data issues, and help them to feel comfortable disclosing mistakes and potential security threats. Developers are particularly crucial to have on-board, as their own software development practices can have a major impact on security. In these instances, security eLearning courses can educate software developers in an engaging, relevant and effective way.
8) Create a Plan for Surviving a Data Breach
Wherever there exists sensitive data, there exists motivation for a malicious third-party to try and steal it. Even with comprehensive security measures and widespread awareness, there’s no such thing as an infallible security system. Protecting your organisation in the event of sensitive data loss requires you to be proactive, and develop a plan for surviving an information security breach.