According to a report from Symantec, 500 million identities were stolen or exposed online in 2015. And, with the recent acceptance of the new EU General Data Protection Regulation (GDPR), all organisations have a responsibility to protect their IT infrastructure to ensure their data is secure. Alongside the hefty fines that can now be imposed for improper handling of customer data, the loss of said data can easily ruin a company’s reputation.
However, not all data is created equally and a fundamental part of effective security and crisis management is understanding the relative risk associated with the loss or theft of different types of data; within each organisation there’s typically a ‘hierarchy’ of data which means that, should a breach occur, a proportionate response can then be triggered. Calculating the relative ‘value’ of different data is key to implementing the right response. This can save valuable time in the aftermath of a breach and ensure priorities are set according to your sensitive data profile.
Aligning data value with the correct response
A recent report highlighted the low cost of cybercrime services available but it’s the relative worth of sensitive data that needs to be understood. Without this, it’s almost impossible to perform a risk assessment. There is no ‘one size fits all’ approach to security protection or incident response. The response to the loss of multiple customer records would be very different to the response following the loss of intellectual property such as the blueprint for a new product.
Here we outline the key steps that can be followed to ensure you assess the value of your data and can implement processes to protect it adequately.
Understanding the worth of your assets is an important step on the road to effective security protection and response strategies. It not only means that you can implement that right safeguards around your data, but also that the response fits the magnitude of the breach.
Nick Pollard is UK General Manager, Guidance Software