Data Protection Checklist

5 minute read

8 Simple steps towards full data protection

Data protection is one of those areas that everybody needs to engage with. In extreme cases, the consequences of not doing so can take down a business. It can feel like an onerous and complex task but it doesn’t have to be so. If you adopt the right approach, it can be simple and straightforward. To help ensure an admirably secure and flexible approach to data security, we’ve put together a best practice checklist that breaks down 8 simple steps you can take across three main areas.

Understanding the risk

It’s important to understand where the risk in your organization lies. For instance, you may have sensitive contract information that is shared by employees or exposed on the internet, or have an unprotected database containing customer information.

  1. Vulnerability Assessment & Penetration Testing

First up, periodically carry out vulnerability assessment and penetration testing. This baseline activity allows you to identify, quantify and rank security vulnerabilities your organization is exposed to. Vulnerability will unearth security vulnerabilities while penetration testing simulates a real cyber-attack to “stress-test” the strength of the company’s IT infrastructure.

  1. Data and User Risk Assessment

This should be followed by data and user risk assessment. This step provides real-time insights into your sensitive files so you can see whether data is properly encrypted and secured, and who is sharing what data with whom. For instance, it is particularly important to establish who is sharing files and whether are files being sent to user’s personal email addresses or shared outside of the organization. This allows your IT team to intervene and implement remediation plans.

Take action

Once sensitive data and potential vulnerabilities have been identified, simple, bite-sized, easy-to-manage actions are required to lock data down. This creates your data protection force field.

  1. Multi-factor authentication

Once you’ve identified the weak spots, you can take protective steps. One of the first is to implement two-factor authentication (2FA). This is a simple but extraordinarily effective layer of protection. 2FA works by adding an additional layer of security to your online accounts such as cloud-based apps and storage. Alongside entering a username and password, an additional login credential needs to be added. This additional credential is sent to a device used by the person accessing the online account. Nobody else can view it.

  1. User permissions restriction

User permissions also need to be restricted so only those who require access to specific data, apps and files have access to it. This is a fairly rudimentary practise for the IT people, but it needs to be refined and extended to documents that have been identified as sensitive.

  1. Sensitive data encryption

This should be followed by the use of advanced data protection tools that can identify behaviours that are critical for secure data operations. In short, it provides visible insights into the actions around sensitive data activities, so you get a sense of what sort of actions are being carried and also whether they are deviations from normal activities.

Educate and improve your organization's understanding of Data Protection

Once the above steps have been taken, your data protection is firmly in place, but that’s not it. Reviews need to be carried out periodically as new data comes into the organization, users need to be educated and software updates need to be rigorously applied.

  1. User’s education

Data protection isn’t static, it’s not something you do then forget about. It’s an ongoing activity that requires further action. That said, it doesn’t need Herculean effort; rather, it’s simply a case of housecleaning. For instance, employees need to be educated about the tell-tale signs of common social engineering attacks such as scareware, phishing and spear-phishing. This shouldn’t be overlooked since people are often the weakest link in the chain.

  1. Endpoint security updates

And it’s important to update endpoint security software and computers as soon as patches become available. Software can have myriad vulnerabilities and some hackers make a living from identifying and exploiting them. As such, this should be a priority and definitely not something that should go on the backburner.

  1. Always prepare for the worst …

To summarise the advice in these steps, we would say always expect for the worse and prepare for it. In the cyber world, the worst often does happen. If you peered into the dark web for instance, you’d likely be horrified at the feeding frenzies that place around stolen data.

Dathena can help you on this journey. Our multi-patented AI can effortlessly assess your risks at lightning speed while our advanced data protection is like a 24/7 watchdog always scanning and looking out for anomalies, data breaches and honest mistakes made by employees that could expose the organization to risk. Dathena can’t take the entire data protection journey for you, but we can be the perfect companion as you venture forth.


Related Posts

To read more of data security and governance stories, choose from similar blog posts below.

Don’t Let Infosec Eat Away at Employee Productivity

If you’ve ever gotten locked out of your email account or had to sit through a lengthy software update while you’re rushing to meet a deadline, you’ve probably got some... Read More

Is External File Sharing Putting Your Business At Risk?

The modern workplace is collaborative and interconnected, with employees sharing and distributing data of all kinds in many different ways as they go about their jobs. Often,... Read More

What Makes Dathena Different

Why do our customers think Dathena is different? It’s almost an instinctive reflex for tech companies to say the service and support they provide their customers is... Read More

Subscribe to email updates

Subscribe for the latest updates