Is it time to refresh your data protection program?

The growth of cloud environments and artificial intelligence has vastly increased the collection and storage of data. Consider these eight strategies to minimize external and internal data-security threats.

 

3 minute read

Key Takeaways

  • Effective data protection depends on full visibility into what data your organization relies on, where it is stored and who can access it.
  • Plan to manage the risks associated with insider threats, whether they involve employees lacking cyber-awareness or those who intentionally misuse or steal company data.
  • Consistent enforcement of data monitoring protocols, employee training and regular review can help your company deal with evolving data threats.

The sheer volume of intellectual property data, customer personally identifiable information (PII), employee PII and other data categories can make it difficult for companies to control who has access to data and where they store it.

 

As more operations move to cloud environments and incorporate artificial intelligence (AI) and machine-learning (ML) functionality, data is traveling over many new pathways and being used in many new tools and to train ML models. Each new pathway and use case represents a potential data breach. 

 

$4.88 million

 

Average global cost of a data breach, February 2024.1

While most companies have implemented data protection programs, another study found that 73% of cybersecurity leaders believe these programs’ guidelines are insufficient, and most believe their companies are not fully compliant with data protection laws.2

“Fundamentals of a data protection program” Padlock superimposed on a field of circuit boards and digital connection points.
“Complete data discovery and inventory” A man and a woman reviewing a graph on a digital wall display.

 

Many organizations lack complete visibility into the types of data they possess and where they store it. Data discovery helps companies classify data types and segment out data that requires robust protection.

“Create and review data usage policies” A digital grid above an urban landscape at sunset.

 

Cloud deployments have contributed to decentralized data storage, which can elevate data breach risk and lead to more expensive breach response.3 Consider whether centralized data storage is feasible for your business practices and create policies that enforce your chosen storage approach.

“Track shadow data” Data servers in front of a blue sky with white clouds.

 

Shadow data is involved in one-third of recorded breaches and can also result in regulatory compliance violations.4 Consider cloud data security solutions and inform employees about the risk of handling and storing data outside of established company policies.

“Enable and enforce identity and access management” A man’s hand holding a cell phone in front of a laptop computer.

 

Many data breaches begin when bad actors capture employee credentials and use them to access critical data and systems. Identity and access management supported by multifactor authentication, passkeys and other protections can mitigate this cyber-based threat.

“Invest in AI and ML-enabled security” A man and woman reviewing code on a vertical computer monitor.

 

Automated security and AI-driven analysis can help address the ongoing lack of security talent and contribute to lower data breach costs and shorter remediation times.5

“Encrypt all important data” Blocks of binary computer code intersected by red lines.

 

Your company should encrypt all proprietary and high-value data, or any data that could lead to regulatory, financial or reputational damage if it is stolen or lost. 

“Create a response plan for data breaches” Two women and a man looking at computer laptops in a conference room.

 

Every company is at risk of data breaches, so the best approach is to anticipate a data theft or loss event and create an actionable plan to detect the breach and minimize its effects. Identify key stakeholders, assign response tasks and update the plan regularly.

“Invest in employee training” A classroom with students and an instructor pointing at a whiteboard.

 

Educating your workforce about the threat of phishing, credential theft and data theft is among the most effective means to reduce the overall costs of data breaches.6 Emphasize the importance of cybersecurity and data protection across your organization.

The combination of elevated risk and dynamic data creation and use means that data protection programs must continue to evolve. Your organization should regularly evaluate what data is essential, who uses it, how it is protected and how the organization will respond in the event of a data breach.

 

While every organization’s approach will have unique features, the considerations above can help you create, review and maintain a data protection program that supports security and benefits your business operations.

1 IBM, Cost of a Data Breach Report 2024.

2 Palo Alto Networks, Code 42 Annual Data Exposure Report, 2024.

3 IBM, Cost of Data Breach Report 2024.

4 Ibid.

5 Ibid.

6 Ibid.

 

Fraud & Cybersecurity

Insights to protect your business from cyber threats

Explore more

How to manage third-party cyber-risk across your organization

Businesses increasingly rely on external suppliers and partner organizations to operate. With cyberthreats increasing, here’s how your organization can prepare and stay resilient.

3 min read

Adaptability is the key to an effective cyber security culture

As business needs and outcomes change, your company’s security mindset and tactics must evolve to stay in sync.

8 minute read

How organizations combat business email compromise

This type of cybercrime remains one of the most common and potentially damaging. Here’s why your people are key to a frontline defense.

4 minute read