Tweet
Share
Send

In the face of cyber-risks, data protection becomes key to protecting your organization

As data theft and the associated costs soar, data protection is becoming a major issue for businesses and organizations.

An increase in data theft

Data theft has become increasingly common in recent years, with significant consequences for businesses and organizations. These thefts can cause significant financial damage, such as

In addition to loss of revenue and data recovery costs, data loss can damage reputation and customer confidence. In view of these growing risks, data protection has become a major issue for companies and organizations.

As illustrated by the Commission Nationale de l'Informatique et des Libertés (CNIL) in its report published in May 2022, with 5037 occurrences, an increase in data theft of 79% between 2020 and 2021. According to the Ponemon Institute, in 2022, the average total cost of a data breach was $4.35 million, and the average time to identify it was 207 days, plus a further 70 days to neutralize it.

Which data to protect?

Companies must implement security measures to protect the data they collect, store and use, and must also be transparent about how they manage data. When we look at data protection, we are often primarily concerned with personal data and the obligations placed on the data controller by the RGPD (General Data Protection Regulation). This approach is somewhat restrictive insofar as the data needed by an organization to accomplish its missions goes far beyond the personal data of its users, customers, employees or partners. In particular, the data to be protected may include research projects, accounting and financial elements, partnership contracts, manufacturing processes and so on.

Organizations therefore need to become aware of the existence, volume and value of all their data, in order to better protect it throughout its lifecycle. While it may seem relatively easy to quickly acquire correct visibility over structured data (data included in databases), the same cannot be said for unstructured data (data with no predefined format: Office documents, PDF files, etc.).

5 key points to protect against cyber risks

To protect themselves against cyber risks, companies and organizations need to implement appropriate security measures.

1. Classify your data

The first step in protecting an organization's data is to classify it according to its sensitivity, importance and intended use.

This is an essential step in determining the security measures to be put in place to protect data, and in ensuring that it is used appropriately. Data classification answers a relatively simple challenge: identify data and prioritize it according to its value and associated regulations.

To classify data, it is first necessary to define rules and levels of classification (e.g. public, internal, confidential, secret), before proceeding to mark documents and other data carriers as soon as they are created, or when the data is acquired. The implementation of these rules must be accompanied by a user awareness campaign. In addition, the use of a tool enabling the classification level to be indicated as a watermark and/or in the document's metadata could be judicious to facilitate the operational implementation of the defined rules.

2. Protecting data in transit

The objective is twofold: to define which media are suitable for data transfers according to their level of classification (instant messaging, e-mail, secure platform, etc.) and to implement the required security tools (encryption, Data Loss Prevention, etc.). A confidential document can only be sent by encrypted e-mail, whereas a public document can be shared via a videoconferencing tool without any restrictions.

3. Protect your data from unauthorized distribution

It is essential to protect stored data against unauthorized extraction and distribution.
 
The aim is then to define the locations and security measures adapted to data storage, according to their level of classification, and in such a way as to facilitate access and use. By extension, certain locations will be prohibited for the storage of the most critical data.
 
The question to be answered is relatively simple: what is the maximum acceptable level of classification for documents stored on a file server, in SharePoint or on the local hard drive of a laptop? Performing a data inventory, either manually or, more effectively, using a dedicated tool, will more often than not reveal the presence of data in storage spaces totally unsuited to their level of sensitivity.

4. Protect your data against corruption, theft and deletion

In order to guarantee the protection of data against corruption, theft or deletion, whether accidental or malicious, two elements must be determined:
  • periodicity, which must be adapted to the frequency of data updates
  • the retention period, which must ensure that data can be restored in the worst-case scenario.


The protection of stored data will not be complete without fine-tuned access management based on the principle of least privilege and a need-to-know policy. The higher the classification level, the more access will be restricted.

Access management will necessarily include close coordination with HR departments to grant access when an employee arrives, and to remove it immediately in the event of departure or change of position. It will also be necessary to implement a regular review process and, if the sensitivity of the data justifies it, to monitor data access (creation, deletion, moving, copying, etc.).

5. Archive and delete obsolete data

The final point to consider is the archiving and deletion of obsolete data. It is important to ensure that data is securely archived and/or deleted when it is no longer required, or when it is no longer authorized for use.

The challenge is therefore twofold: to comply with legal requirements (RGPD, tax and accounting standards, etc.) and to restrict the volume of data to be protected, and therefore reduce the difficulty of guaranteeing this protection by retaining only what is relevant.

It's important to note that data theft is often linked to cyber-risks, so it's important to implement adequate security measures to protect data from breaches and leaks, and also to keep abreast of the latest trends and methods used by cybercriminals.

The costs associated with a data breach can be considerable for businesses and organizations. These costs are directly proportional to the time required to detect and neutralize threats. Deploying a Zero Trust strategy, implementing XDR (eXtended Detection and Response) or SOAR (Security Orchestration, Automation and Response) can be decisive factors in reducing this detection and remediation time.

Christophe Levier : Director of Go Cloud & Security at Micropole

Generative AI: innovation continues, even in summer

Generative AI: innovation continues, even in summer

Innovation around generative AI hasn't taken a vacation, and even...
EPM vs Excel: which solution is best for companies?

EPM vs Excel: which is better?

In recent years, the economy has been in turmoil, between the health crisis, the...
Omnichannel is not behind us!

Omnichannel is not behind us!

Over the past decade, omnichannel commerce has revolutionized the world...
ACCELERATE WITH US
ARE YOU DATA FLUENT?

Contact us