top of page
Abstract Background_edited_edited.jpg
ProactiveDiscovery

Data Protection - Why is it important?

Today’s post is about “Data Protection.” All too often, we see the “everyone gets access to everything” approach in organizations. This approach seems to be commonplace in boutique and small organizations. While done with good intentions, this approach can have devastating consequences in the event of a cyber incident or an insider threat scenario. Would you give every employee access to your banking or HR records? How about full access by every employee to your email? Why would the marketing team need access to technical and possibly highly sensitive engineering data?

Good data asset protection considers a “least privilege” approach. Such an approach uses technical controls to maintain, monitor, categorize, classify, and securely handle data.


Here are some considerations:

  1. Ask your IT team or vendor how data access can be controlled, managed, and audited.

  2. Cloud-based file collaboration services (i.e., SharePoint, Dropbox, Box, Google Drive, etc.) have the ability to manage access. Ask your IT team/vendor to assist you.

  3. Enable audit/logging on successful and failed data access events and maintain such logs for 90 days or more

  4. Review access permissions periodically

Benefit: If done correctly, your organization can now measure and audit if data was exposed to or accessed by unauthorized 3rd parties. Often a crucial question to answer if a cyber incident is detected.

Have questions? Schedule a 20 minute call https://tiny.proactivediscovery.com/book-cyber-call

4 views

RESOLUTE is a fully-managed cyber risk mitigation service that helps boutique and SMB (small to medium-size business) organizations protect, mitigate, and prepare against constantly evolving cyber threats.

bottom of page