How to Reduce Risk and Prepare for a Data Breach

How to Reduce Risk and Prepare for a Data Breach

In light of the recently revealed Equifax data breach, it might be a good time to highlight a best practice that can help manage your corporate risk. Gone are the days where the data security personnel would hide out in the dark basement of the enterprise they were monitoring. Today’s successful security professionals need to come out of the shadows and constantly liaise with records managers, line of business and legal to ensure data is properly mapped and governed. The fact that Equifax was hacked is no surprise. However, we may never know the true reason why the breach took months to be identified and revealed leading to accusations of “a slow and sloppy response”.

From past examples, we can surmise that several factors of an immature information governance program led to the delay:

  • A less than robust data inventory.
  • Little understanding of its data flows.
  • Over-retention of redundant and obsolete data.
  • No unified governance of disparate types of data.
  • Failure to implement strong access control policies for employees.
  • No ability to target encryption.

It’s a given that implementing a mature information governance program can be time-consuming and, at times, costly. But that effort and cost will be dwarfed by the post-incident harm to reputation and millions needed to get back to business as usual. For how to move your enterprise up the information governance maturity level, download the CGOC Process Maturity Model. To download, join our community, to access our members-only resources and tools to further your information governance practice. Already a member? Log-In.

 

 

 

Share With A Friend: