Cybersecurity: Protecting Sensitive Data

Posted on 05.04.17

Cybersecurity: Protecting Sensitive Data

Not all data is created equally.  The cat pictures your coworkers email around are not nearly as important as your customer data, accounting records, and intellectual property.  Critical data should receive commensurate levels of protection.

Just as with your cyber-doors and cyber-windows, step one is to inventory your critical data and determine where it is located.  Step two is to protect it.  The type of protection needed is going to depend on the type of data and where it is located.

For example, if you use a web-based customer relationship management application to manage your customer data, your provider may deliver most of the protections you need.  But if you are self-hosting, then you will want to ensure the database is backed up.

Personal information, such as social security numbers, might be saved in an encrypted file, so that even if the data was stolen, it would be useless to the thief and you have a much better story to tell your customers.  If you store credit card data or health data, then there are specific requirements that you must follow, namely PCI and HIPAA, respectively.

Actionable Steps

  • In policy, assign responsibility for maintaining an inventory of system access.
  • At a minimum, require access to sensitive systems or sensitive transactions be approved, formally or informally, by an organizational leader.
  • Periodically review the access lists to verify access is appropriate.

The content in this article covers just one aspect that small to mid-size businesses need to address for Cybersecurity. Download the entire whitepaper below to access additional Cybersecurity suggestions.

Download Whitepaper

 

…………………..

The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.

Posted by: Christopher Moschella, CPA, CISA

Chris is a Senior Manager in Keiter’s Risk Advisory Services. Chris has a strong combination of IT skills, which range from IT audit and internal control assessments, including general computer controls and application controls, to full stack web development. Most recently, Chris developed a Cybersecurity web application that assesses an organization’s resistance to social engineering attacks. Chris shares his cybersecurity insights on our blog