Published On: April 10th, 2017

The good news is the majority of companies have made cybersecurity a higher priority and are more proactively securing their data and systems. The bad news is most remain unnecessarily vulnerable by making a cybersecurity mistake and neglecting an important first step — understanding what data needs to be protected and to what degree.

It is nearly impossible to effectively secure information that is poorly managed.

Organizations need to inventory their important data if they stand any chance of protecting it. This means determining what data is sensitive and then identifying where it is, how it moves around, who touches it, and how long to keep it. These are tasks that commonly don’t receive much attention, and it’s the #1 reason companies develop a false sense of security and think they’re ok. It’s like declaring your home safe without knowing how many doors and windows are in the house or where they’re all located.

Getting your data more organized doesn’t have to be overly complicated or expensive. And it can be done in phases, on a timeline that aligns with your resource availability. Taking the following first steps will put you in a much better position to then determine how specific information should be protected:

  • Identify every department where sensitive data is generated, collected or stored.
  • Categorize each set of data set in some manner – highly confidential, sensitive, internal use only, etc.
  • Document how each data set is currently being managed. For instance:
    • Who has access to it?
    • What devices is it stored on?
    • How does it move around?
    • How long is it archived and why for that long?
    • Does it make business sense to manage it this way?
  • Identify the broken or inefficient business processes involved with data collection, transmission, reporting, storage, etc.

This last bullet is especially pertinent because, in addition to understanding what data should be protected and how, this exercise will shine a light on workflows and businesses processes that are manually intensive, error-prone and inefficient. Fixing the worst of these problems will usually result in cost reductions and productivity gains that will more than fund any needed cybersecurity investments.

A final suggestion: Do not make this an IT-led initiative. This is a risk management and process improvement initiative. Wait until after this first phase is completed to get the IT people more involved.

Share This Post!

About The Author: Jason Bittner

jason bittner

CEO and founder of Triple Helix Corporation, since 2004. For over two decades, Jason has worked closely within the Aerospace/Defense/Manufacturing industries. He excels at solving technical challenges by integrating data and information technologies with best business practices. Jason takes an avid interest in educating his readers with the latest news in information management, as well as providing keen insights into the most efficient methodologies for the best operating companies today and into the future.