Data Management Best Practices: Protecting Your Data in the New Year

As we start this new year, it’s the perfect time to take stock of your company’s data protection practices.

The average lifecycle of a breach is 277 days from identification to containment.

Source: IBM

Consider all the personal data that resides within your company infrastructure:

  • sensitive information about employees (social security numbers)
  • client information (such as credit cards on file)
  • your own company data

No one wants any information like that falling into the wrong hands. To ensure your data (and that of your employees and customers) stays safe, we recommend taking the following steps: Discover all your data , Evaluate & Update Policies, and implement Best Practices


Only 54% of companies know where their sensitive personal data is stored.

Source: Thales

Discovery

Begin with a “data discovery.”

Create an inventory of what sensitive data exists within your company. This could include customer files and credit information, employee data such as home address, salaries, Social Security numbers, and of course the financials for your company.

The data stored at companies varies widely by profession. The medical industry, for example, may have greater levels of data requiring protection. Similarly, a CPA firm or financial institution also may have significantly more sensitive information stored within its infrastructure than, for example, a solopreneur remodeling company.

The first step in securing data is having a complete knowledge of what data you have.

Here's a quick checklist to follow to discover all important data:

  • Map Storage Locations: Identify all data storage systems, including on-premises servers, cloud platforms, and individual devices.

  • Inventory Data Assets: Catalog all data files, databases, and applications containing relevant information.

  • Determine data types: Specify the types of data you'll log, such as events, transactions, user activities, system metrics, or application logs.

  • Assess Data Sensitivity: Classify data based on its confidentiality level and regulatory requirements.

  • Identify Data Redundancy: Locate duplicate or overlapping data sets for potential consolidation.

76% of consumers would not buy from an organization they didn’t trust with their data

Source: Enzuzo

Evaluate & Update Policies

Evaluate and strengthen your company policies regarding the storage of sensitive data.

Here are questions you should be asking yourself to better your data policies:

  1. Do we have a strong “chain of custody” as to whom within our organization has access to the sensitive data? This applies to electronic data of course, but don’t forget the “paper trail” that could also exist within your organization.

  2. What are our procedures regarding sensitive information stored on thumb drives or paperwork? Do they ever get left casually on the top of an employee’s desk, where anyone could have access to them? Sensitive data should be kept under lock and key.

  3. What happens to sensitive data we no longer need? Sensitive data that is no longer needed should be disposed of – safely and securely. With paper products, shredding is the best way to assure that the information cannot be compromised. Either use an in-office shredder or partner with a trusted firm that will destroy the paper products. The same holds true for flash or thumb drives.

    Be certain that, when you upgrade computers – desk units or laptops – that the hard drives for these units being retired are overwritten or shredded. A great deal of sensitive information can reside within the hard drive of every computer.

  4. Do we have updated standards for employees using their personal devices at work? Personal devices connected to your network is a security risk. Creating clear guidelines on if and when employees can use their devices is vital. Learn more about how to secure your network from personal devices

Around 40-60% of small businesses will never reopen after data loss.

Source: FEMA

Best Practices

  • If you do not have a security system with cameras in place, it is worth doing so. Physical security is just as important as cybersecurity.
  • When it comes to the transmission of electronic data, encrypting your email to secure sensitive data is a must. Learn how to encrypt your email
  • Follow the 3-2-1 data backup rule.
    3: Create one primary backup and two copies of your data.
    2: Save your backups to two different types of media.
    1: Keep at least one backup life offsite. 
  • Be careful, in your use of online services, not to “overshare.” Evaluate the platforms where materials are shared, and determine if they are secure. Sensitive information shouldn’t be shared on a platform where others can access it, such as Google Docs.
  • Be wary of public networks. It’s tempting, if you have an hour between meetings, to stop at some coffee shop advertising free wi-fi and log onto their network. Remember, though, public networks carry the risk that others can see your information. One measure to safeguard in those and other situations is to install a VPN, or Virtual Private Network, which provides a level of protection. There are a number of VPN options available and you can learn about them ideally through a trusted IT partner. Another alternative to public Wi-Fi is to use the “personal hotspot” option on your smartphone. See the advantages of a VPN
  • For both business and personal considerations, examine and review your account privacy settings on your social media accounts, such as LinkedIn, Twitter, Instagram, and Facebook. You have options in each of those platforms as to who can see what you post.
  • Assess your IT Systems regularly. We recommend regularly assessing your IT systems and networks to ensure your data is protected from cyberthreats. This applies to business of all sizes. In fact, 43% of all cyberattacks target small businesses. What should you include in your assessment?
  • Keep your email and phone number private. Or at the very least, create an alternate email, whether that’s a Gmail account, yahoo, or one of the others, that is not your main email address.
  • Most browsers keep a history of sites you have visited, and marketers will use the information to target you. There are software programs that can mask that history and spare you unwanted outreach.
  • Ensure you provide thorough cybersecurity training for employeesWhat should be included in training?
  • Learn more essential cybersecurity tips for businesses