Data Protection – What Should You Know?
During our last family get together someone asked me about data protection. Thinking back, I might have said too much. I had proceeded to explain how text messages are not safe, your Facebook data isn’t private, and your SSN is out there for the world to see. I think that was when everyone migrated away from me during the party and started talking to others.
The truth is security isn’t easy anymore. Text messages, just like emails, should not be considered a safe way to send sensitive information. Anything you post online should be expected to be seen by everyone. While this lack of privacy might seem normal to people who work in security, for many people this is unexpected. While it might be logical to believe that the things you post to friends or to your group on a message board are only seen by that group. That is only accurate if two things are true; one, the company that is running that service isn’t selling your data, or two, the service hasn’t been hacked. In both cases it is very hard for you to know if either of those has happened.
While I generally support and encourage people to go to the cloud infrastructure, I believe it is important to know who owns your data and what data you have in the cloud. For example, what data do you have in Salesforce? Did someone inadvertently put PII data up there? What about data protected by GDPR? If that data got leaked, would it harm your company? Taking a look at where your data is and if that data can harm your company is critical information you will need when you or your cloud vendor gets hacked. If you prepare for the fact that some cloud services will be hacked, you can write policies to make sure only specific data is put into the cloud. That way when there is a data breach or an incident, you know the type of data that has been lost and you can act accordingly. Knowledge of the type of data that got stolen, when it inevitably does, will make the containment process much easier.
If you’re wondering how to further protect your company’s data or to ensure you have a recovery plan in place, contact Thrive today.