Real data protection begins with a multi-step risk management process of which technology is an important part. Too often, people simply rely on technology and call it a day but this can turn out to be an expensive mistake.
AdoLisa Ezeagu advises readers to look beyond pure technological solutions for data protection in this article published in the digital magazine Hypepotamus:
Security technology is a solution that addresses specific risks to data. But what if a company has not identified all the risks? Or worse yet, what if the company doesn’t even know where all their sensitive data is? You cannot protect data you either do not know you have or do not know the location of.
First, companies need to identify which assets hold sensitive data, any and all threats to those assets, internal vulnerabilities, potential impacts to your business if those assets were indeed compromised, and possible controls (or solutions) to address the risks. If done right, the risk management process adopts a holistic approach covering the entire business — people, process, and technology.
Companies ignore this at their peril. Based on Ponemon Institute’s current average estimated cost of $258 per record to resolve a data breach, it makes much better business sense to proactively incorporate a holistic approach into the fabric of a company — before waiting for a blind spot to be breached.
Secondly, the technology-only approach may cause companies to unknowingly break the law and open their doors to government investigations, enforcement actions, or lawsuits. On a federal level, the U.S. historically has an industry-specific approach when it comes to laws regulating the safeguarding of Personal Identifying Information (PII) — HIPAA for healthcare and the GLBA for the financial industry, to name a few.However, due to the mounting risks to consumers, some states have taken up the mantle by enacting private-sector data security laws. The number of states who have passed cybersecurity laws have nearly doubled within the last three years. Some states (Alabama, Florida, Kansas, and Maryland for example), make it explicitly clear that these laws even apply to solo-preneurs. Violations could lead to prosecution or lawsuits.
