A Cybersecurity Mistake Companies Can’t Afford To Keep Making

Home/Insights & Impact/A Cybersecurity Mistake Companies Can’t Afford To Keep Making

A Cybersecurity Mistake Companies Can’t Afford To Keep Making

The good news is the majority of companies have made cybersecurity a higher priority and are more proactively securing their data and systems. The bad news is most remain unnecessarily vulnerable by neglecting an important first step — understanding what data needs to be protected and to what degree.

It is nearly impossible to effectively secure information that is poorly managed.

Organizations need to inventory their important data if they stand any chance of protecting it. This means determining what data is sensitive and then identifying where it is, how it moves around, who touches it, and how long to keep it. These are tasks that commonly don’t receive much attention, and it’s the #1 reason companies develop a false sense of security and think they’re ok. It’s like declaring your home safe without knowing how many doors and windows are in the house or where they’re all located.

Getting your data more organized doesn’t have to be overly complicated or expensive. And it can be done in phases, on a timeline that aligns with your resource availability. Taking the following first steps will put you in a much better position to then determine how specific information should be protected:

  • Identify every department where sensitive data is generated, collected or stored.
  • Categorize each set of data set in some manner – highly confidential, sensitive, internal use only, etc.
  • Document how each data set is currently being managed. For instance:
    • Who has access to it?
    • What devices is it stored on?
    • How does it move around?
    • How long is it archived and why for that long?
    • Does it make business sense to manage it this way?
  • Identify the broken or inefficient business processes involved with data collection, transmission, reporting, storage, etc.

This last bullet is especially pertinent because, in addition to understanding what data should be protected and how, this exercise will shine a light on workflows and businesses processes that are manually intensive, error-prone and inefficient. Fixing the worst of these problems will usually result in cost reductions and productivity gains that will more than fund any needed cybersecurity investments.

A final suggestion: Do not make this an IT-led initiative. This is a risk management and process improvement initiative. Wait until after this first phase is completed to get the IT people more involved.

By | 2017-06-07T14:24:02+00:00 April 10th, 2017|Insights & Impact|0 Comments

About the Author:

Joe McGrattan oversees strategy and business development for Triple Helix. For nearly three decades, he has been helping companies leverage technology and their data to conduct business more effectively in a digital economy. This includes building strategic-level alliances with non-tech professional services firms whose clients are demanding more information management and technology-related guidance from them. Joe’s blog contributions focus on business-oriented advice to companies on how to take advantage of their data to run smarter, faster, leaner and more securely. He can be reached at joe.mcgrattan@3xcorp.com or found on LinkedIn.