Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

How to Understand and Protect the Data in Your Enterprise

By Bill Lederer
August 01, 2016

In a recent study conducted by Acaveo and Osterman Research it was revealed that of more than 100 responding enterprises with a median 20 TB of unstructured data stored, only 37% regularly audited the amount of data that employees or business units produce. See, “Survey: 50% of IT Teams Not Ready for Unstructured Data Growth.” Especially in a time where cybersecurity remains in the headlines on a regular basis, it's crucial to understand what data exists in order to protect it. Where's your data? What if you lost track of some of it? What if attackers copied it?

We don't use filing cabinets much these days to run our businesses, nor big ledger books to record our accounts. We now put all the information we need to run our businesses into databases and other computer-based filing systems.

However, with data so easily stored, more responsibility falls on an enterprise to know where and what it is. Since access to the data and maintaining its integrity is critical to the continuity of your business, ensuring that it is safe is essential. Understanding what's in the fort of information surrounding an enterprise is the first step towards that peace of mind, and there are tools that can help track the current and future state of a company's data.

Map Your Data

Even in a small company, the number of data repositories can be surprisingly large and stored in many different locations. They might live on computers, but can also be found in more low-tech places, including storage boxes, behind closed doors and memories.

The first step in protecting your data is to take inventory of it, in order to build a solid understanding of all the data sources used by your company. It is likely that you have enough data such that you may need to interview key teammates in the company to find all of these data repositories. Use it as an opportunity to share the importance of strong security ' by explaining the simplicity of knowing where data is, you can begin to create a culture that values security. You might even have existing tools that can make the process easier, such as placing a legal hold on potential stakeholders who can identify these data repositories.

For example, identify all of the places you are storing financial information. Some of it may be in Quickbooks, financial projections in spreadsheets, or long-term financial data in warehouses. Once you've collected the location of the data and categorized it by type, you can visualize it with a data map, identifying where sensitive data is stored and how it moves throughout the enterprise.

Reveal the Right Data to the Right People

The next step is to decide who should have access to this data ' clearly, not everyone needs access to financial data. However, data security isn't only important once the information is identified. Limiting stakeholders is also key in the creation of data. You should be very disciplined about who can read, change, or create customer-specific data, so you can easily add it to your data map without needing to repeat the inventory process.

I'd recommend dedicating a singular team to securing the company ' including physical, network, and data security ' that is independent of other departments in order to have an auditory view of activities across the enterprise. By promoting best standards in coding and security awareness, the entire company will understand the importance of having strong security practices. The media often points to the “human factor” as having a negative impact on cybersecurity, but by cultivating an internal culture of security, the human factor turns into a benefit.

Appoint a Data Steward

Once you have identified all your repositories, identify or “volunteer” a data steward for each of these repositories or sets of repositories. The data steward needs to be someone who understands the business need for the data, who has a good relationship with the users of the data, and has authority to make decisions about data access ' reviewing the lists on a regular basis for appropriateness.

Do the people who need access have it? Does the steward have the power to revoke access if necessary? Are there any new team members that need to be added periodically? All of these are questions that should be asked frequently, and reported to a compliance officer if applicable.

Monitor over Time

The final piece of the puzzle is monitoring. Even if you have done a full and detailed inventory, realize that this is just a snapshot in time. New people are hired in the company, some leave for other opportunities, and new data repositories are added. Your appointed data steward needs to be aware of these changes, and should add reviewing the changes to their daily task list. Building strong cybersecurity practices is not a one-time event ' its effectiveness is completely dependent on its prioritization. However, that does not mean it is a massive undertaking, and can be accomplished with a straightforward plan leveraged by a dedicated stakeholder.

Conclusion

A data breach to an organization can be a very severe event. If your data is affected in a breach, you will be many steps ahead if you already know what data exists, how important it is to your organization, and who has access to it. This jump-start to your breach response will be valuable in the long run, and by knowing the data inside and out there is always a buffer of preparation ' and you will sleep better at night, knowing where your data lies.


Bill Lederer joined kCura in 2015, leading a team dedicated to maintaining secure virtual environments for customers and employees. He previously worked at Matasano as a security consultant and ran his own independent consultancy.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers Image

In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

CoStar Wins Injunction for Breach-of-Contract Damages In CRE Database Access Lawsuit Image

Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.

Fresh Filings Image

Notable recent court filings in entertainment law.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.