Data breaches are ever increasing. During the period of 1 April 2018 to 31 March 2019, 1,132 notifications were made to the Office of the Australian Information Commissioner (OAIC) affecting over a million people. And no doubt, countless other breaches were unreported.
Most of these breaches resulted from cyber-attacks, with phishing and spear-phishing common methods. Others came from insider-threats, whether those were deliberate, or accidental, in nature.
Some of the breaches disclosed people’s sensitive data, which is a direct threat to their privacy. Therefore, proper data management and protection is crucial in protecting sensitive customer data.
Data protection is therefore a high priority and needs to follow certain guidelines to ensure safety from cyber-attacks and leaking of sensitive data.
1. Assess Personal and Sensitive Data
Data protection and management starts with determining:
1. Which data is personal or sensitive in nature?
2. Where and how it is being stored?
3. Who has and who should have access to it?
Assessing this information lays the foundation for data security and helps the data management team to understand the controls needed to ensure it is adequately protected.
This step also makes it easier to limit access to personal and sensitive data and only allow it to be used for clearly defined and agreed purposes. After all, the less people that have access to data, the less exposed it is to potential risks. Once personal and sensitive data has been assessed, specific methods and controls need to be implemented for data protection.
2. Encrypt Files & Folders
Encrypting personal and/or sensitive data increases the control of who can access it and therefore helps to reduce the risk that your data is compromised.
Data sharing can be performed in many ways to ensure its security, including encrypted emails or encrypted external disks with decryption keys being provided to concerned users via separate means.
Highly complex passwords should always be used, to reduce the risk of cyber-attackers cracking them.
This will help in data sharing with others without compromising data security.
3. Ransomware Safety – Backup & Data Protection
In ransomware attacks, cyber-attackers encrypt files in your system and ask for a ransom to be paid, usually in the form of Bitcoins. After paying the ransom, files may be unlocked automatically, sometimes via an ‘unlock key’ or in the worst-case scenarios, the ransom is paid but cyber-criminal does not provide the decryption key(s) at all.
The best way to increase your level of protection from ransomware is to regularly back-up your important or sensitive data. This will ensure data resilience even after a ransomware attack.
Digital Transformation (DX) has taken more and more business operations online. This has made data protection a very serious issue for all businesses.
In today’s era of information, personal and sensitive data is vulnerable to cyber-attacks which makes data resilience and data management important considerations for every organisation.
For better data management, businesses turn to experts handling data governance properly following relevant data legislation.