What’s Your Critical Data?
This varies based on the company, but McMurtrey says the first step is to identify what data or systems would be most vulnerable if they were leaked, modified or deleted. This can be any sensitive information, such as credit card data, medical records or Social Security numbers. It can even include the key computer systems your company runs on.
Where is it Stored?
“Very often, companies are surprised that they have critical data stored in places they haven’t authorized,” McMurtrey says. Whether it is critical data hidden in a spreadsheet or mistakenly saved on an unauthorized public computer, this makes your information susceptible to leaks. McMurtrey recommends having vulnerable data stored in one centralized, secure location with encryption.
Who has Access?
Limiting who comes in contact with your critical data and systems is the final step McMurtrey recommends. He suggests forming cybersecurity task forces within your company. Their main purpose would be to review and answer questions on a regular basis, and limit who interacts with your vulnerable data. This helps you further protect and safeguard data against any potential leaks or attacks.