What kind of data does your business handle?
Your data is critical to run your business and hence it is an important asset. Data can be classified as data at rest, that is stored in your company and data on the move.
This data could be your own intellectual property, created through years of effort and funds. Sales and financial data and transactions that are critical for operations. You are also the custodian of the data shared by your clients to you under contract. This could include Personal records, financial data and business critical information.
It is important to identify critical data and build your security framework around it.
How do you protect your data?
Each time your data is accessed, it becomes exposed to unique risks.
There are simple common-sense guidelines that can translated into technical controls. We want to know the right person can access the right data, that is done by managing Identity through passwords and access rights. We also take due care to protect our users on the company network through network appliances and their personal safety through end point security solutions.
The best way is to use a standard or an internationally accepted framework and integrate it with your company operations.
Who has access to your data and why?
Not everyone has, nor should they have, access to all company data. For example, your marketing team does not need to view employee payroll information.
A Zero trust approach to Data access should be the implemented. Providing identity-based access makes it easier for you to monitor any usage and prevent any unnecessary movement that exposes it to dangers. Prevention is always better than cure.
Do you have a person in charge to manage cyber security?
It’s always important to have someone in charge for Cyber Security who is qualified to understand risk and technology. The priority of security can be overlooked or assigned without responsibility.
The person in charge needs to understand Technical and operational risk and through internal or external audits, understand the gaps and mitigate them.