By: Nate Latessa
New and emerging privacy laws have ratcheted up the pressure on organizations to protect customer and employee data better. With corporate data volumes increasing by 62% every year, it’s becoming more difficult and more expensive to protect sensitive information. Further compounding the problem, a recent survey by Gemalto found that only 54% of companies know where all their sensitive data is stored. In other words, there’s a good chance that the people tasked with protecting your sensitive data don’t know where to find it.
When we think of sensitive data, some expedite examples come to mind: personal health information, social security numbers, customer data, banking, and credit card information, all regulated under GDPR and CCPA.
It is important to consider the use of all sensitive data types, not just the obvious ones.
Recently, there was a recent data breach of a healthcare organization where over 300K patient records were compromised. In addition to obvious patient information, the hackers gained access to the organization’s internal security protocol documentation, including architecture topology designs of the network, data information flow and process diagrams, and firewall configuration details. The hackers had access to a library of sensitive data, making it easy for them to access everything inside the “secure” system. This just goes to show how important it is for healthcare companies to get proper medical IT support so they can ensure none of their patients’ data gets leaked. Breaches like this are extremely serious and should be avoided at all costs. It is important for all medical sectors to update their software consistently so they have the right safety protocols in place. To better their security they could take extra safety measures when they use their EMS charting software for peace of mind about their computer systems.
To best protect sensitive information, organizations need to understand what types of sensitive data they possess, where it’s stored, and who has access to it, also known as a data map. Proactively, data maps identify high-risk assets to ensure that they have adequate security controls for the type of data they’re storing. Reactively, data maps are used by cybersecurity incident responders to identify high-value assets to establish remediation priority, which can greatly reduce remediation time, cost and impact of a data breach. Many organizations tend to outsource their IT services, which at times include dealing with the threat of cyber-security. Understandably, the increased threats of ransomware, malware, and other viruses, could hurt the networking system of the firm and in turn, harm the company. If you are looking for computer support Indianapolis, you could head over to the website of IT service providers like Mirazon who could be of help in dealing with cyber threats.
Data maps can also be useful for other departments in your organization. Compliance teams can use data maps to verify compliance with privacy regulations. Information governance and records management teams can use this information to audit document retention policies. Even your legal team can benefit from a data map to help expedite data identification and collection when litigation arises. However, a better call might be to get in touch with a data governance consulting firm that can help businesses monitor sensitive data. Having an agency that creates a strategic roadmap to access the data state, monitor data anomalies, prove validation and suggest improvements can help reduce data breaches. Remember to check whether they are compiling CCPA, CDPA, GDPR, and other CCPA-like regulations in their strategy.
According to IBM, 77% of organizations lack a cybersecurity incident response plan. Let the team at Innovative Discovery help you take the first step in protecting your organization from cyber threats by creating a comprehensive data map.
Authored by Nate Latessa, VP of Corporate Services at ID:
Nate has more than 22 years of experience in the information technology field. For over 16 years, he served in executive and advisory leadership roles for multiple industry-leading litigations, eDiscovery consulting firms. Additionally, he worked in the information intelligence field, assisting large enterprise organizations in solving their governance, compliance, and regulatory needs.