An Amazing Way to Deal with Understanding Your Company’s Sensitive Data Risks
At Ground Labs, we’re always stressing the importance of understanding who wants your data, and where it can be found on your systems.
As Sun Tzu is famously quoted, “know your enemy and know yourself, and you will find naught in fear for 100 battles”.
But if it were a simple task, we wouldn’t be reading about hackers making off with millions of cardholder data records every other week. While companies today are significantly more technologically advanced than they were 10 years ago, the data risks presented by new technologies has grown in tandem.
Cloud storage, the insurgence of Bring Your Own Data(BYOD), and even seemingly harmless functions like autosave can pose a huge threat to your company’s data security.
Would the average IT security expert think of looking in .bak and .sv$ files for sensitive data?
Assuming a person was that thorough, does he have the time to be?
The good news is, Ground Labs’ data discovery software find sensitive data on systems much more thoroughly and quickly than a human ever could.
However, understanding your data is so much more than just knowing where it is and securing it.
Using our products in conjunction with good security processes amplifies their effectiveness by leaps and bounds. Here are a couple of good places to get started:
Data Flow Diagrams
One good way to start understanding your data from ground zero is by creating a data flow diagram. What a data flow diagram does is provide a visual representation of the way information flows through a system, which makes it easy to comprehend just what in the blazes is going on in your network.
As it’s often said, sometimes it’s about the journey, and not the destination. And we guarantee that on your epic quest to discover how data flows through your network, you will discover countless bad practices that you can snuff out, like stopping that one guy who takes sensitive data out of the office on a thumb drive and connects to unsecure WiFi networks.
Speaking of oblivious employees, education also plays a big part in keeping your company secure.
From the CEO to the coffee-making intern, every member of the organisation should understand and carry out good security practices. Even the most secure and expensive of firewalls are rendered useless when an employee lets hackers in through a phishing attack.
Understanding your data is much simpler once there are no rogue agents moving data around outside of your IT security teams’ knowledge.
Rinse and Repeat
Running a business is big boy work, we get it. Things are always coming at you from all directions, and seemingly less important things fall into the to-do pile, and more often than not, end up not getting done.
This tends to happen especially often with data security. In a survey conducted by Verizon, 80% of companies that were found compliant with the Payment Card Industry Data Security Standard (PCI DSS) were found to have fallen out of compliance the very next year. They went through all that trouble of securing themselves, but back-slided and essentially wasted all their initial efforts.
Compliance is Not a Point in Time, But an Act of Continued Vigilance
Review your Data Flow Diagram every few months and make sure it’s still relevant and accurate. Make sure new employees receive the same training that their seniors have. Run scans periodically, so that any threats are detected immediately.
Ground Labs’ data discovery tool for large organizations, Enterprise Recon, makes it easy to keep a vigilant eye on your data. Schedule scans to run periodically, and receive detailed consolidated reports right in your email inbox.
Book a demo for our data discovery tool- Enterprise Recon on our website. See for yourself how easy our tools make it to not only understand but take control of your data.
Want to keep up with all our blog posts? Subscribe to our newsletter!Subscribe