New and emerging privacy laws have ratcheted up the pressure on organizations to protect customer and employee data better. With corporate data volumes increasing by 62% every year, it’s becoming more difficult and more expensive to protect sensitive information. Further compounding the problem, a recent survey by Gemalto found that only 54% of companies know where all their sensitive data is stored. In other words, there’s a good chance that the people tasked with protecting your sensitive data don’t know where to find it.
When we think of sensitive data, some expedite examples come to mind: personal health information, social security numbers, customer data, banking, and credit card information, all regulated under GDPR and CCPA.
It is important to consider the use of all sensitive data types, not just the obvious ones.
Recently, there was a recent data breach of a healthcare organization where over 300K patient records were compromised. In addition to obvious patient information, the hackers gained access to the organization’s internal security protocol documentation, including architecture topology designs of the network, data information flow and process diagrams, and firewall configuration details. The hackers had access to a library of sensitive data, making it easy for them to access everything inside the “secure” system.
To best protect sensitive information, organizations need to understand what types of sensitive data they possess, where it’s stored, and who has access to it, also known as a data map. Proactively, data maps identify high-risk assets to ensure that they have adequate security controls for the type of data they’re storing. Reactively, data maps are used by cybersecurity incident responders to identify high-value assets to establish remediation priority, which can greatly reduce remediation time, cost and impact of a data breach.
Data maps can also be useful for other departments in your organization. Compliance teams can use data maps to verify compliance with privacy regulations. Information governance and records management teams can use this information to audit document retention policies. Even your legal team can benefit from a data map to help expediate data identification and collection when litigation arises.
According to IBM, 77% of organizations lack a cybersecurity incident response plan. Let the team at Innovative Discovery help you take the first step in protecting your organization from cyber threats by creating a comprehensive data map.
Authored by Nate Latessa, VP of Corporate Services at ID:
Nate has more than 22 years of experience in the information technology field. For over 16 years, he served in executive and advisory leadership roles for multiple industry-leading litigations, eDiscovery consulting firms. Additionally, he worked in the information intelligence field, assisting large enterprise organizations in solving their governance, compliance, and regulatory needs.