Cybersecurity Checklist Part 4 – Identifying and Classifying Data, Encryption Strategy, Backup and Disaster Recovery
Now that you have set up a management system, a process for tracking changes, and developed your endpoint security, it’s time to take a closer look at the data you have so you can best secure it.
Identifying and Classifying Data – You can’t protect your data if you don’t know what type of data you have and where that data lives. Consider the following:
- What types of data do you have? Email? Web? Files?
- Where is the data stored? Public drives? Private drives? Email servers? External drives?
- What does your data contain? Sensitive information? Trade secrets? Client data?
- Is the data you keep private or public?
Once you have determined what type of data you have and where the data is, you can begin to classify and then consolidate it. Minimize the number of locations you have data located in.
For example, consider blocking public drive sites, such as Google or DropBox. You may have employees using these drives to send out customer or company information. What if the employee leaves? You’ve now lost control of that data and are liable if something happens to that client or company information. If you can’t control the data that is leaving, you can’t secure it. Consolidating your data will make it easier to protect when it’s in fewer places.
Encryption Strategy – Now that you have classified your data, it’s important to encrypt it. Encrypting your email is not enough. You should also encrypt the devices and platforms (routers, access points, cloud, etc.) that access the data and the files as well. An end-to-end encryption strategy maximizes data protection no matter where it lives.
Backup, Disaster Recovery, and Archiving – If you were a victim of a data breach, would you be able to recover any of your files? Having a good backup solution is one way to ensure you can quickly recover and is crucial to your Disaster Recovery plan. It’s important to remember that a backup solution is not the same as an archive solution. Archiving solutions retain older or inactive data for an extended period of time, which is useful for your audit and compliance initiatives.
Every business should have a Disaster Recovery plan in place. This plan details how your organization will handle unforeseen events such as gas leaks, storms, and fires. The plan should include several key elements and should be tested and validated on a regular basis.
Classifying and securing your data is an important part of your security strategy. If you’re still not sure where your data lives or if it’s truly secure, consider a Security Risk Assessment to explore the vulnerabilities that may exist in your network. Developing a backup strategy and a Disaster Recovery plan are even bigger pieces of the strategy. Contact us today for help with building your backup strategy or Disaster Recovery plan.