GDPR. HIPAA. PCI. CCPA. As a business owner, it is your responsibility to make sure that your organization is in compliance with the ever-changing regulatory environment around data protection. It can be hard to keep up especially as you are designing and deploying new technology.
Where to start?
1) Know Your Data
The foundation of a data governance program is a complete data mapping that documents the life cycle of your company data. What data is being collected? Where is it being stored? Is data storage secure? Who is it being shared with? Is it necessary? How long do you need to retain it?
2) Classify Your Data
Once you have established an accurate mapping of all of the data that is traversing your company systems, create a data classification system that works for your organization.
Common classifications are:
- Public
- Internal – Confidential
- Internal – Restricted
Of course, these classifications will vary depending on the nature of your business but this is a great place to start!
There are so many benefits of classifying your data, you can create policies and procedures around protected data, help employees to better understand the data that they are handling, utilize technology to help restrict accidental data leakage, and be better prepared in the event of a breach. The benefits are endless, ultimately data classification drives efficiency and reduces overall company risk.
3) Protect Your Data
Now that you are equipped with a data map of classified company data you are in a much better position to take on security vendors. The marketplace is full of technology reps selling the “best security technology”. As you navigate through the options you will be able to clearly communicate what your requirements are and not waste money on solutions that do not make sense.
ACSM can collaborate with you on these steps to building a strong data governance program. Our clients are always amazed at the data that we uncover once we start an assessment and grateful to be able to reduce unwanted risk.
In honor of Cyber Security Awareness Month, ACSM is offering all new clients that sign up in October a 10% discount on an initial assessment.
American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by seasoned experts.