Here is an important question for you. Have you ever quantified your data risk in terms of dollars of penalties and other costs if your systems and data were breached? You might be shocked how many organizations have no idea. But your data security really depends on it.
It’s important to ask yourself these types of questions. Knowing data risk in terms of dollars is the key to keeping your company safe.
We Don’t Know It’s Value
Do you know the value of your house? Your car? You boat? Chances are you do, and that you have an insurance policy that matches that the value.
But ask a CIO, CTO or CISO or anyone in upper management how much the data they have is worth and you will likely be met with a blank stare. They don’t know the answer! You have to live in a dark corner these days to not know that the cost of a data breach is extremely high, coming in on average between $4 million and $9 million. Many companies can’t and don’t survive such an event.
It is almost absurd to realize that one of the greatest threats to organizations today is data breach, yet the people running those companies don’t have a clue as to the real cost of arguable one of their most expensive assets. Without appraising the value of your data, how do you know your cyber policy is big enough? How do you know if you are spending enough or too much on protecting it?
Step 1: So You Gotta Put a Price on It!
Why should we expect our employees to care if we can’t put a value on the data?
If you put a price on the data — say $1,000s or $10,000s or $100,000s — no one questions that the data needs to be protected and cannot be shared with just anyone. The dollar value our software places on data is directly tied to the value of stolen data as reported in thousands of historical breaches. Assessing a value is the surest way to identify where an organization is most vulnerable and protect it.
Step 2: Set It and Forget It!
What you need is a set it and forget it solution, requiring little to no maintenance, and that can be up and running securing data, in just a few days; not weeks or months!
What is needed is a solution that for the people. What is required is a solution that doesn’t demand a perimeter to be effective. Furthermore, to have the level of user adoption that makes to safeguard effective, it needs to be efficient, that means that it operates seamlessly to the end-user without interrupting their workflow as it protects the data at its source. Encrypting and decrypting the data, dynamically, based on the value and risk to the company or data owner – YOU?
It needs to work all the time, everywhere: Tracking and checking on data risk of incoming and outgoing data in the perimeter-less organization in real-time. Monitoring that tells you how much data risk in $$ you have, where they are located, which file locations or files, which users, and whether it is coming in or going out!
Without special expertise in data security or compliance, without complex rule making anyone can protect your data with a simple click-of-the-mouse while making it accessible only to those who need it.
Step 3: Find ALL The Data AND Protect It.
It is necessary to locate ALL data and determine how it should be protected based on its value and sensitivity or risk.
Analyzing data risks and applying preemptive encryption that handles both external threats and insider carelessness, all in the world of no security perimeters. It needs to be transparent to users, so they aren’t required to take an action like providing a user/password to open files in different locations or remember to click the encrypt button when sending outside the organization. And it can’t depend on complex integrations to be effective across the company.
Stig Ravdal is the President & Founder of Ravdal, Inc., a leading cybersecurity strategy and solutions company. He is widely considered an expert in the field and is available for speaking engagements.