Cybersecurity Awareness Series: What and Where is My High-Risk Data?
Welcome to Cybersecurity Awareness Month! Throughout this month, we will explore a series of topics that revolve around essential questions to ask when reviewing your cybersecurity posture. Given the dynamic and complex nature of this field, we aim to initiate meaningful discussions within your organization. As the month continues, we hope these topics will spark valuable conversations and empower you to navigate this ever-expanding landscape effectively.
Question:
What and where is my most sensitive data?
While the question 'What is my data?' may appear straightforward, it can pose a significant challenge even to seasoned cybersecurity experts. Moreover, this fundamental yet complex question should always be among the first considerations when assessing your cybersecurity posture. Like a domino effect, gaining a more complete understanding of your data will naturally lead to insights on how best to safeguard it, ultimately providing an awareness of gaps in your risk profile.
At innerActiv, we frequently encounter the belief that organizations in specific industries may not possess data requiring protection or monitoring. While it is true that the quantity and nature of data can vary significantly across different industries, verticals, and company sizes, our assessments consistently uncover overlooked and consequently unprotected assets.
Some thoughts to consider:
Consider All Departments and Stakeholders
When discussing the significance, confidentiality, and overall value of data within an organization, it's crucial to take into account how each business unit uses data. Frequently, highly valuable or vulnerable data is overlooked during assessments of an organization's information assets because IT Security or other administrators are not aware that various departments handle such data. Additionally, it's common to discover that specific departments possess types or formats of data that others outside of the department are unaware of, potentially leaving certain variations of data or even data in other languages vulnerable. Unfortunately, even the best security tools on the market cannot protect unknown data.
For this reason, when assessing your high-value data, it’s vital to speak with leadership in each region and business unit and evaluate topics like
What is the typical workflow of the members of this department including files accessed, data storage, or applications in use?
How do employees move data between applications or sources?
Do the employees handle third-party data that could also pose a risk such as vendor financial information, specs developed for third parties, or passwords to third-party systems?
When employees access data known to be sensitive, what format is it in and how are those files identified?
Using software such as innerActiv can also help identify and discover these actions, file types, and methods to help define additional areas of risk that may otherwise be unknown.
Consider Various Data Types
Remain open-minded when it comes to high-risk data. A frequent misconception we encounter is that the only data that needs protection is PII, data covered by compliance, or data the organization could be fined for losing. While these are all categories of risk, there is often much more to consider. One of the biggest forgotten categories is data that could become valuable to competitors or news outlets. Unfortunately, one of the most common reasons for intentional data theft by internal employees is removing internal data, contact lists, or proprietary information to supply to a future employer.
In a recent case, a potential customer approached innerActiv following an alarming phone call from a nearby competitor. The competitor contacted the original company to report that a newly hired employee had arrived on his first day of work with a substantial file of proprietary data, including product designs belonging to the company. The employee offered this data as a 'bonus' to his new employer and proposed new projects based on this information.
Fortunately, in this case, the company’s secrets ended up in honest hands, but that is often not the case. The data had slipped out of the hands of the company due to the simple reason that their security products were not configured to watch those types of files. In addition, limited endpoint monitoring allowed the data to be gathered easily and removed without a glance.
When evaluating potentially sensitive data, consider:
Database exports and reports
Product designs or specifications in various phases of creation (CAD files, pdf, svg, etc)
Legal proceedings or legal documentation
HR and payroll records including PII, financial data, or disciplinary records
Internal or vendor financial records or payment card data
Accounting and accounts payable records and their reports
Sales quotes, RFPs, or contracts and the various areas they are held
Sales or product calculators or pricing data
Marketing plans or unreleased PR material including print, web, and video
Code and development resources and their repositories
Passwords and password “safes”
Still just not confident that your data is covered?
Despite the best efforts of security measures, it's not uncommon for files and data to slip under the radar. Sometimes, a single employee may begin using a new application with an unrecognized format. In other cases, new projects may involve unfamiliar data types or workflows that existing protocols don't fully cover. While it can be challenging to acknowledge, a single rogue employee or a misplaced file folder can easily lead to significant losses or legal troubles, as seen in our earlier employee scenario.
To effectively monitor and stay informed about the data being handled within your organization, including the applications, websites, and file formats used daily, as well as where data is stored or transmitted, endpoint user-focused monitoring becomes essential. Many of these file-level actions occur exclusively on endpoints and, increasingly, off-network. innerActiv is designed to assess the actions taken by your endpoint users, uncovering previously unknown gaps and vulnerabilities in data types, formats, and procedures. It empowers security analysts with real-time insights to keep your organization informed and secure.
Take time to consider and evaluate your organization’s data today to ensure your software can work at its peak effectiveness and assets of all types are protected against compliance and organizational threats.
n our next segment, we will delve into key questions and provide insights into understanding how your endpoints are utilized and how to address high-risk variables.
