Think information governance and cyber security don’t go hand in hand? Think again! Good cyber security is built upon good information governance.
And, of course, cloud computing, ever-increasing compliance mandates, more and more data to secure (not to mention, more sophisticated security threats) have taken securing data to a whole new level. An organization’s information governance and cyber security should be in a constant state of review, with policies and protocol updated and implemented to secure all data to protect against intrusion.
Information governance is an organization’s technologies, policies, processes, controls, and strategies employed to optimize information in order to meet its business needs, as well as legal and industry regulations, while minimizing risks.
The foundation of information governance is to know your data. In other words, know the data you possess, what form the data is in, why you have the data, where the data resides, how and by whom the data is used, and when and how the data will be destroyed. Robust information governance is the solid platform that cyber security is built upon.
Subscribe to the blog
Cyber security is the technologies, processes, and practices devised to protect data, programs, networks, and devices from unauthorized access and attack. With cyber attacks becoming progressively more sophisticated, cyber security must be continuously evolving to mitigate these threats.
Security Breaches—Not If, But When!
Make no mistake—all organizations are susceptible to cyber attacks, from small organizations to large global organizations.
What is the state of your cyber security? Is it ready to detect and effectively react to security breaches, intrusions, phishing, or malware attacks that may come from inside or outside your network?
Data breaches all follow the same general sequence of events:
- Safeguards that are in place are circumvented, sometimes all too easily.
- The intruder steals the data or changes the data or destroys the data.
- Then the race begins to see how fast you can recover from the attack by identifying which records were jeopardized and which customers have been affected.
Know Your Data
It is crucial that organizations understand what data they are protecting. Without this understanding and focus, there is no cyber security for the organization. As they say, knowledge is power.
For instance, let’s compare your organization’s data to things you have stored in your home that you probably haven’t thought about in years. We have items, papers, records, maybe even legal documents that we keep in our home. Some are in paper form stored in files and boxes, while others may be on CDs, DVDs, and thumb drives, all stored in forgotten drawers, closets, basements, and attics.
In the same manner, organizations have data stored on long-forgotten network devices, CDs, flash drives, backup tapes, hard drives, archived server space, and so on.
So much data!
Many organizations have no idea just how much data they possess in its many forms. Who wants to wade through all the old data and review and archive properly or dispose of it in the appropriate manner?
In reality, when a data breach hits your organization, it doesn’t matter if it is old, forgotten data or more recent data. It is vitally important to know what data your organization possesses, particularly sensitive information data, what form it is stored in, and where it is stored. The more exposure of sensitive data, the data breach worsens exponentially.
Information Governance and Cyber Security Go Hand in Hand
Proper information governance includes creating and revising policies and protocol relating to the handling of all data throughout its life cycle. This includes documenting with network diagrams, data flows and data maps, the responsibilities and roles of each user group, data retention and destruction policy, and incident response plan.
Information governance requires a combined team of high-level management, business, legal, and IT resources to review the organization’s need for the information, who should have access, retention/deletion policies, and—of significant importance—accountability. New data types like collaboration applications can make information governance particularly tricky. Make sure you have a playbook for information governance and ediscovery.
Cyber security is inherently more manageable, and thus much more effective, when information governance includes a clear understanding of your organization’s data storage, data backup, and data flow. Cyber security isn’t just about technology—it is also about the people having access to the data and the process involved.
Restricting access of specific data to appropriate individuals enables targeted data encryption. For instance, data being held for document retention or litigation purposes will be protected differently from data for operational purposes. It can identify obsolete data that may be a cyber security liability.
When a breach occurs, time is of the essence! It is a race to determine what data has been compromised and who is affected. Clients and regulatory agencies have absolutely no tolerance for delays in reporting data breaches. The more quickly that threats are detected and identified, the less damage incurred by the intrusion, which means a reduction in time and cost of recovery, not to mention less damage to the organization’s reputation.
Schedule a time to discuss this Directly