Cybersecurity: Protecting Sensitive Data
Posted on 05.04.17
Not all data is created equally. The cat pictures your coworkers email around are not nearly as important as your customer data, accounting records, and intellectual property. Critical data should receive commensurate levels of protection.
Just as with your cyber-doors and cyber-windows, step one is to inventory your critical data and determine where it is located. Step two is to protect it. The type of protection needed is going to depend on the type of data and where it is located.
For example, if you use a web-based customer relationship management application to manage your customer data, your provider may deliver most of the protections you need. But if you are self-hosting, then you will want to ensure the database is backed up.
Personal information, such as social security numbers, might be saved in an encrypted file, so that even if the data was stolen, it would be useless to the thief and you have a much better story to tell your customers. If you store credit card data or health data, then there are specific requirements that you must follow, namely PCI and HIPAA, respectively.
- In policy, assign responsibility for maintaining an inventory of system access.
- At a minimum, require access to sensitive systems or sensitive transactions be approved, formally or informally, by an organizational leader.
- Periodically review the access lists to verify access is appropriate.
The content in this article covers just one aspect that small to mid-size businesses need to address for Cybersecurity. Download the entire whitepaper below to access additional Cybersecurity suggestions.